KR20110055921A - System of protection for electronic privacy information in on-line and method of protection for the electronic privacy information using the system - Google Patents

Abstract

PURPOSE: A personal information protection system and personal information protection method are provided to protect personal information by a secret sharing method so that collected personal information is stored in a distributed server. CONSTITUTION: A monitoring unit(110) checks the policy of filtered information through filtering collected information. A collecting unit(120) collects exposed personal information. A control program is loaded in a control unit(130). The control program is set up by management grade. If the personal information is exposed in an abnormal process, the control unit transfers an exposure condition by the control program.

Description

System of protection for electronic privacy information in on-line and Method of protection for the electronic privacy information using the system}

The present invention relates to a system for protecting various information online and a method for protecting various personal information using the system.

In other words, such as server, web site, bulletin board, document, database, database, e-mail, or FTP Protects personal information, such as name, personal information, financial information, credit information, legal information, or medical information, from being leaked due to online activities without permission, and checks the related information to the owners and agents of the information. And a system for providing statistical information and a method for providing a privacy compliance status and a degree of privacy of a website by protecting / managing information using the system.

As the number of activities using open online such as the Internet and communication based on the sharing and disclosure of information is increasing rapidly, the incidence of infringement that takes advantage of it is rapidly increasing. This results in the leakage of information that you do not want to disclose, increasing the intangible losses of individuals, companies and institutions, including economic losses, loss of corporate or institutional image, overwhelming distrust and anxiety, and time and money investments to recover from. have.

It is a long time ago, and the prevention of misuse and misuse of this information has become a national and corporate and personal best problem.

In order to prevent such infringement incidents, various security programs or solutions such as anti-virus, anti-phishing, filtering, or monitoring are generally used to prevent each infringement. It is used.

However, conventional security programs or solutions that are designed to respond to one type of infringement are not continuously monitored, and there is a lack of traceability and also one object. It is not enough to cope with various kinds of infringement of personal information that are changing differently, and it is increasingly difficult to cope with the leakage or misuse of information.

The present invention enables to achieve safe management of information and improvement of countermeasures through continuous inspection and monitoring of the information protection level, and the security manager and personal information party or its agent for the history management and analysis / detection information of the generated information check. The conventional security program by providing a full range of information protection solutions to notify the client, verify that the Platform for Privacy Preference Project (P3P) standards and privacy laws and rules are properly observed, and to be able to interoperate with the existing solutions. Or provide information on risk assessment and trend statistics of personal information protection from the perspective of privacy to provide information security compliance status and level of information protection for websites mainly used by individuals and companies / institutions. To provide online privacy systems and methods Be a challenge.

In addition, the present invention is to modify and store sensitive personal information to be divided and stored, and to use, and if a breach occurs in a distributed storage server, so as not to extract or infer sensitive personal information from the leaked data and by a legitimate user It is an object of the present invention to provide an online privacy protection system and method for facilitating restoration.

In addition, an object of the present invention is to provide an online personal information protection system and method for protecting personal information by applying a secret sharing technique when distributed storage and use of collected personal information.

That is, the present invention, even if sensitive personal information stored in the distributed storage server in the form of a plain text file is misused and stolen used or partially exposed, it is converted into sensitive personal information such as credit information or medical information through inference attack and serious privacy. In order to prevent the possibility of infringement in advance, the sensitive information is modified and stored using the distributed structure of distributed file / DB system to protect the relevant information.

One embodiment of the present invention for achieving the above object, the user stores the personal information entered to receive any service on-line in any storage means to manage the personal information, and protects from being exposed A monitoring system comprising: monitoring means for collecting information transmitted / received online, determining and filtering whether predetermined information is included in the collected information, and checking a policy (frame) for the filtered information ; Collecting means for collecting the personal information exposed through the online and transmitting to the monitoring means; And a control program set to different levels for each management level, wherein the control means notifies the exposure state by the control program when personal information is exposed by an abnormal procedure by the monitoring means. do.

The personal information monitoring and protection system may further include personal information distributing means for distributing the information collected by the collecting means by using a secret sharing technique and storing the distributed information in any storage means. It features.

The personal information monitoring and protection system further includes personal information restoration means for collecting and restoring a part of personal information distributed and stored by the personal information distribution means.

The monitoring means performs filtering on information supplied through at least one information providing means of a website, a server, a bulletin board, and an information posting server, and sets a privacy level of the filtered information. Check the privacy laws and rules frame, create and manage policies that comply with privacy policies, privacy laws and rules, check the exposure and risk of personal information, and It is characterized in that it comprises an integrated DB and storage means for calculating the trend statistics value, determine whether the policy violations for the information providing means, classify and store the collected data.

The collecting means may include: a real interval agent unit configured to collect information provided online, search for information patterns of the collected information, and classify and store the retrieved information patterns; A frame agent unit for extracting information policy data provided online and analyzing the extracted information policy data; And a link agent unit for receiving information-related data from a web scanner and an integrated security management system (ESM).

The collection means may include: a website evaluation page unit for providing a survey web page to a terminal of a website user, and evaluating the corresponding website using the survey information input through the survey web page; And an image conversion unit for searching the imaged character information, converting the imaged character information into character data, and classifying the imaged character information.

The control means, the dashboard for providing a monitoring result of personal information to the user terminal; A user interface unit providing a web service and a client server; A checker that selects a website, checks the selected website, checks the information exposure page in real time, and provides a P3P information protection policy template for each industry; And a reporting unit which provides statistical information on personal information exposure through the dashboard and provides personal information exposure maps and violations through the dashboard.

The retrieval agent of the collecting means automatically checks the exposure of the information of the target web site in real time, automatically checks the exposure of the information stored in the specific D / B in real time, detects the exposure to the file type, and pattern of the information. And updating the function.

The file type is preferably a file having one of html, pdf, excel (xls, xml, csv), word (doc, xml, mht, dot, rtf, txt), ppt, hwp, and zip. Do.

The frame agent of the collection means, the P3P of the W3C checks the domestic legal notices, characterized in that the validity of the registration request P3P policy and verify whether the relevant laws and regulations are satisfied.

The link agent unit of the collecting means receives the site abnormality information through the inspection tool of the web site, receives the inspection result information of the web scanner, and receives a security event from an integrated security management system (ESM). .

The web page evaluation page unit is characterized in that the service allows the user of the website to directly evaluate the score or items on the web page stability, risk, adult site.

The image converting unit converts the documented image information into text so as to be read as a character.

The control means may report summary information of monitoring result information and legal monitoring results related to P3P, automatically update detection and confirmation of multiple information in one page, and store and manage information exposure pages. It records and analyzes statistical analysis function, inspection and result history by type, makes it possible to display, outputs in a certain form of report, outputs monitoring management page in report form, and reports statistical analysis result and log record information. Characterized in that it further comprises an output means for output in the form.

The personal information monitoring and protection system may further include an extension adapter that serves to expand an external device capable of monitoring personal information exposure.

The extension adapter may provide additional functions provided by the legacy system, provide a control service by interworking with a personal comprehensive management service solution, support data transmission / reception and asynchronous communication in the form of XML (Extensible Markup Language), Characterized in that it comprises a means for supporting other models of D / B.

Information collected by the collection means, personal property information, education or training information, income information, real estate information, military service information, personal information information, family information, revenue information, credit information, employment information, legal information, medical information, habits Or hobby information, and the information security frame check includes: adequacy of the operation of the P3P framework, compliance with the obligations to notify the privacy policy of the Information and Communications Network Act, whether the inspection or reflection of the privacy policy is appropriate, and policies Checks for adequacy of references and violations of legal privacy obligations. Vulnerability exposure checks for vulnerabilities on web servers, websites, or tampering with web pages. Evaluate the degree and impact of value, value of personal information handling system, value of personal information handling service, information management status and risk Characterized in that the evaluation and provided the means for individuals and institutions or organizations judged the degree of information security compliance status, and level of use of the website.

The personal information distributing means stores the distributed personal information in N data node servers, and the information divided in the N data node servers is encrypted and stored and managed in the form of metadata in the name node server. .

The personal information distributing means is a distributed file consisting of physically separated servers that store and recover (use) partitioned and modified personal information one by one in the data node server when the number of data nodes is large. It has a / DB system structure. That is, the divided personal information is made up of several random values which are transformed through the secret sharing technique and distributed and stored / restored one by one for each server included in a subgroup which is a subset of the entire data node server. The remaining divided personal information is also distributed and stored in the same way.

The personal information distributing means may include: a physically separated server configured to distribute and store / restore several differently divided personal information in one data node server when the number of data nodes is small, and to support such correlation. It has a distributed file / DB system structure logically connected. In other words, the divided personal information is composed of several random values that are transformed through a secret sharing technique and distributed and stored / restored one by one for each server included among subgroups that are a subset of the entire data node server. The remaining divided personal information is also distributed and stored in the same way.

The personal information distributing means collects personal information included in the text after parsing the collected text online, specifies a binary area including personal information in a binary file, and searches for the inclusion of personal information. For comparison, binary files collected using fuzzing technique are compared, and binary files including personal information are collected from binary files compared by fuzzing technique.

The monitoring means checks whether information indicating an identity among specific personal information is included in personal information collected at a plurality of arbitrary sites, and provides the user terminal by profiling matching information. It is done.

In addition, another embodiment of the present invention is a method for protecting information by using the system of the present invention, the collecting means is a web board, website, web server, database, security system (legacy system), email (E- a first step of collecting data or documents from a mail or FTP server; The message, data or document collected in the first step may be classified in the monitoring means to check whether the monitoring, filtering and P3P information protection policy and the laws and regulations related to privacy are complied with. A second step of performing a check and analysis on the data and generating a separate database for the collected data and documents and the analyzed messages, data and documents; And a third step of reporting the data checked and analyzed in the second step to the user terminal or the manager terminal through the dashboard in real time or periodically.

In the second step, it is characterized in that the step of blocking the communication in case of danger or information leakage.

.

In the third step, when the emergency occurs, it is characterized in that the step of notifying the situation by SMS or email.

In the third step, the type of real-time or periodic report shows the integrated risk on the x-axis and the vulnerability exposure on the y-axis as variables, and green, yellow, and magenta (magenta) depending on the degree of risk exposure. ) Is a exposure risk graph indicating the degree of risk by marking the exposure degree divided into red and red (red).

The present invention is an integrated privacy risk (Rk) and vulnerability exposure (V (Ep)) of the x-axis can be obtained from the following equation online personal information protection method.

는 통합가중치이고,

는 단위위험도이고,here

Is the integration weight,

Is the unit risk,

는

사이트에 대한 취약점 항목이고,

Is

Vulnerability entries for your site,

는

사이트에 대한 취약점

항목의 가중치이다.

Is

Vulnerability to Site

The weight of the item.

The present invention configured as described above is well suited to the existing solution without load on the server to be inspected, the function can be easily expanded even when expanding other functions, and can smoothly and flexibly respond to various infringement types. In addition, it is possible to continuously monitor and trace the history, so that comprehensive analysis and detection of infringement is possible, and information leakage and misuse can be prevented in advance, thereby effectively preventing tangible and economic loss, Or institutions can maintain a good image and have a remarkable effect that can silence the distrust and anxiety of information leakage.

In addition, the present invention is to modify and store sensitive personal information to be divided and stored, and to use, and if a breach occurs in a distributed storage server, so that sensitive personal information can not be extracted or inferred from the leaked data and only legitimate users are restored. There is an effect to facilitate this.

In addition, the present invention has the effect of protecting the personal information by applying a secret sharing technique when distributed storage and use of the collected personal information.

That is, the present invention, even if sensitive personal information stored in the distributed storage server in the form of a plain text file is misused and stolen used or partially exposed, it is converted into sensitive personal information such as credit information or medical information through inference attack and serious privacy. Make sure that there is no possibility of infringement.

The present invention has the effect of using the structural features of the distributed file / DB system to secure storage and use from various threats that occur when some or all sensitive personal information is leaked.

The present invention has an effect of checking a distributed file / DB system structure having an optimal efficiency from the correlation between the number of Datanode servers and the distributed storage / recovery of personal information.

According to the present invention, when the number of data nodes is N, when n> m is selected for the number of subsets n and the number of physical and logical servers constituting the subset, the storage space can be saved more than the existing model. It is effective to minimize the number of distributed storage / modification.

Hereinafter, with reference to the accompanying drawings, the specific content for the practice of the invention will be described in detail.

As shown in FIG. 1, the information protection system 100 of the present invention is connected online, such as the Internet or an intranet 10, and the information protection system 100 is a main system that allows a user to access any service online. Personal information stored in order to be provided is stored in any storage means for management, and protects against illegal exposure.

As shown in FIG. 1, the information protection system 100 collects information transmitted and received through online, determines and filters whether predetermined information is included in the collected information, and filters the filtered information. The monitoring means 110 for checking a policy (frame), the collecting means 120 for collecting the personal information exposed through the online and transmitting to the monitoring means 110 and the management level is set to different grades The control program is mounted, and if the personal information is exposed by an abnormal procedure by the monitoring means 110, the control means 130 for notifying the exposure state by the control program, and the external to monitor the exposure of personal information The extension adapter 140, which serves to expand the device, and secret sharing techniques for the information collected by the collecting means 120. Personal information distributing means for distributing and distributing the distributed information, and storing the distributed information in an arbitrary storage means, and personal information restoring means for collecting and restoring a part of the personal information distributed and stored by the personal information distributing means. .

At this time, the information protection system 100 such as F / W, IPS, etc. performs communication using Internet communication protocols such as HTTP, SSL, TELNET, FTP, etc. through an interworking function of extension adapters.

Herein, the monitoring means 110 is a composer, the collecting means 120 is a probe, the control means 130 is a control box, and in the following text, a specific name composer, probe and control It will be called a box.

The composer 110 performs filtering according to a preset condition on information supplied through at least one information providing means of a website, a server, a bulletin board, and an information posting server, and a privacy level of the filtered information. To check the privacy laws and rules frame, create and manage privacy policies, policies that comply with privacy laws and rules, and check the exposure and risk of personal information. In addition, it is provided with an integrated DB and storage means for calculating the risk trend statistics, determining whether the information is violating the policy, and classifies and stores the collected data.

That is, the composer 110 stores the standard policy of the P3P privacy standard of the W3C in the database, requests the P3P policy of the web server using the web protocol, and receives the requested policy from the frame agent part of the probe. Pattern matching of P3P privacy data stored in the database and P3P policy data schema of the web server, and the location of the web server privacy policy file is stored in the frame agent part of the probe when the web server is first connected. Import the policy reference file and save the policy reference file in the database. In addition, by using the personal information protection template for each industry to create a personal information protection policy in accordance with domestic privacy laws and rules to store in the integrated DB.

The frame agent part pattern-matches the data schema of the privacy policy provided by the web server and the standard policy data schema of the W3C's P3P privacy standard stored in the database, and the domestic legal obligation notice registered in the database by the administrator. Pattern matching between the data schema of the privacy policy and the registration request P3P policy including the data is generated in the integrated DB in the integrated DB as a table, and set by the administrator using the comparison result table. Validate that the number of data schema elements matches and the total number of legal data schema elements are included.

The probe 120 collects the information provided through the online, retrieves the information pattern of the collected information, and classifies by the retrieved information pattern to be stored in the retrieval agent unit, and information policy data provided through the online And a frame agent unit for extracting the information and analyzing the extracted information policy data, and a link agent unit for receiving information related data from a web scanner and an integrated security management system (ESM).

The link agent unit filters only personal information, and if there is found personal information, stores the corresponding web site information and found personal information in an integrated DB.

Here, the retrieval agent unit, as shown in Figure 18 and 19, automatically checks the information exposure of the target web site in real time, and automatically checks the exposure of the information stored in a specific D / B in real time, Detect exposure to various file types such as html, pdf, excel, word, ppt, hwp or zip.

The probe 120 provides a web page for a questionnaire to a terminal (410 ~ 41N) of a website user, and evaluates a website using a questionnaire information input through the questionnaire webpage. And an image conversion unit for retrieving the imaged character information, converting the imaged character information into character data, and classifying the image data. That is, the probe 120 periodically sends a confirmation signal to the composer 110 to check whether there is an update to the information pattern and function, and if there is the update, the composer 110 queries the corresponding probe ( The update information pattern and the function are transmitted to the 120, and the probe 120 receiving the update information updates the corresponding information pattern and the function.

The control box 130 selects a dashboard for providing monitoring results of personal information to the user terminals 410 to 41N, a user interface unit for providing a web service and a client server, a website, and selects a selected website. Checks the information exposure page in real time, provides a P3P information protection policy template for each industry, provides statistical information on personal information exposure through the dashboard, and reminds the user of personal information disclosure and violations. It consists of the reporting unit provided through the dashboard.

The retrieval agent of the probe automatically checks the exposure of the information of the target web site in real time, automatically checks the exposure of the information stored in a specific D / B in real time, detects the exposure to the file type, and detects the pattern of information and Update the feature. In this case, the file type is a file having one of html, pdf, excel (xls, xml, csv), word (doc, xml, mht, dot, rtf, txt), ppt, hwp, and zip. desirable.

The frame agent of the probe 120 checks the P3P of the W3C, checks the domestic legal obligation notices, and verifies the validity of the registration request P3P policy and whether the related laws are satisfied.

The link agent of the probe 120 receives site abnormality information through an inspection tool of a web site, receives inspection result information of a web scanner, and receives a security event from an integrated security management system (ESM).

The web page evaluation page unit allows a web site user to directly select and evaluate scores or items regarding web page stability, risk, and adult site.

The image conversion unit converts the documented image information into text so that the image information can be read as text.

The control box 130 includes an output means, reports summary information of monitoring result information and legal monitoring results related to P3P through the output means, automatically updates the detection and confirmation of multiple information in one page, and exposes information. You can manage the page by snap-shot, record the type of statistical analysis function, inspection and result history, search it, output it in the form of a report, and report the monitoring management page. The report outputs statistical analysis results and log record information in report form. That is, the control box 130 monitors the privacy frame check items shown in FIGS. 16 and 17, 20, and 21.

The extension adapter 140 provides additional functions provided by the existing legacy system, can provide a control service in conjunction with a personal comprehensive management service solution, and supports data transmission and reception and asynchronous communication in the form of XML (Extensible Markup Language). It supports other models of D / B.

The information collected by the probe 120 may include personal property information, education or training information, income information, real estate information, military service information, personal information information, family information, revenue information, credit information, employment information, legal information, medical information, Habit or hobby information.

At this time, the information security frame inspection process performed in the composer 110 is appropriate for the operation of the P3P framework, compliance with the obligations to notify the privacy policy of the Information Communication Network Act, and inspection or reflection of the personal information security policy. Checks the adequacy of the policy, the adequacy of the policy reference, and the violation of legal privacy obligations, and the vulnerability exposure inspection process not only checks the vulnerabilities on the web server, website, or tampering with web pages, but also , Evaluate the degree and impact of the value of personal information, the value of the personal information handling system, the value of the personal information handling service, evaluate the management status and risk of the information, and Determine the status and level of information security compliance.

The personal information distributing means stores the distributed personal information in N data node servers, and the information divided in the N data node servers is encrypted and stored and managed in the form of metadata in the name node server.

The personal information distributing means is a distributed file consisting of physically separated servers that store and recover (use) partitioned and modified personal information one by one in the data node server when the number of data nodes is large. It has a / DB system structure. In other words, the divided personal information is composed of several random values that are transformed through a secret sharing technique and distributed and stored / recovered one by one for each server included in a subgroup which is a subset of the entire data node server. The remaining divided personal information is also distributed and stored in the same way.

The personal information distributing means may include: a physically separated server configured to distribute and store / restore several differently divided personal information in one data node server when the number of data nodes is small, and to support such correlation. It has a distributed file / DB system structure logically connected. In other words, the divided personal information is composed of several random values that are transformed through a secret sharing technique and distributed and stored / restored one by one for each server included among subgroups that are a subset of the entire data node server. The remaining divided personal information is also distributed and stored in the same way.

The personal information distributing means collects personal information included in the text after parsing the text collected online, specifies a binary area including personal information in a binary file, and searches for the inclusion of personal information. Binary files collected using the fuzzing method are compared. If a binary area containing personal information is included in the binary file compared by the fuzzing method, the corresponding binary file is collected.

The composer 110 checks whether the information indicating the identity among the specific personal information is included in the personal information collected at a plurality of arbitrary sites, and profiles the matching information to profile the user terminal. 40N).

(Privacy Monitoring and Protection Routines)

As shown in FIG. 2, the method of protecting information using the system of the present invention as described above includes a web board, a website, a web server, a database, and a conventional security system (legacy system) in the probe 120. Data, text or documents (html, doc, xls, ppt, pdf, zip, etc.) that require information security check or analysis from the inspection target 200, such as e-mail or FTP server. Collecting the first step (S100);

The message or data collected in the first step above is classified in the composer 100 to check whether the P3P information protection policy and the privacy related laws and rules are observed (S200),

A second step of performing checks on information protection and calculation of risks, statistics, and analysis in the control box 130 (S300), and generating a separate database for the collected data and the analyzed data (S400); And

The user can inspect the data checked and analyzed in the above step 2 through the dashboard in the control box in real time, and in case of an emergency, informs the situation by SMS or e-mail, A third step (S500) of regularly reporting risks and vulnerabilities of items for each user through an exposure risk graph (map);

.

In this case, the target items to be checked are as shown in the following table, and the following tables are items for checking personal information exposure. The items to be checked here are later used as exposure criteria or as reference data for classification and filtering.

division Contents Primary division 2nd division Garden Information finance Owned homes, savings status, cash cards, stocks, bonds, securities, collectibles, expensive arts, jewelry education School / Institute Education, Grades, Certificates, Licenses, School Attendance, Completion of Education and Training, Circle Activities, Rewards, Personality Training Information Online education institution Income Information General Business, Communication Salary, salary, career, bonuses, fees, other sources of income, interest income, business income Real Estate Information public House, Land, Car, Store, Building Military Information group Army number, rank, type of discharge, specialty, duty General Information basic Name, Social Security Number, Address, Phone Number, Date of Birth, Driver's License, Place of Birth, Place of Origin, Gender, Nationality, Passport Number Family Information basic Family member's name, occupation, address, place of birth, date of birth, social security number Revenue Information General company (Health, Life) Insurance Status, Beneficiaries, Company Cars, Panelists, Investment Program, Retirement Program, Vacation, Sick Leave Credit Information finance Loans (balances, payments), mortgages, credit cards, deferred payments and unpaid payment records Employment Information General company Employer, company address, employee name, job performance evaluation record, training record, attendance record, punishment record, personality test result, job attitude Legal information method Criminal records, automobile traffic violation records, bankruptcy and pledges, imprisonment records, divorce records, tax records Medical information hospital Medical history, medical records, mental illness records, physical disorders, blood types Organization information General company Join a union, join a religious group, join a political party, join a club Habit / Hobbies Information basic Smoking, Drinking, Preferred Sports, Entertainment, Leisure, Video Rental, Gambling

If there is a risk of leakage or information leakage in the second step, a step (S310) of blocking communication may be added to prevent infringement accidents in advance.

3 to 6, the step S100 starts collecting data at the probe 120 (S110), determines whether the data is to be inspected (S120), and if it is determined to be inspected, the web board Information security check or analysis (S130) from inspection targets such as websites, web servers, databases, conventional security systems (legacy systems), e-mails, FTP servers, evaluation pages and images. Collect necessary data, text (text) or documents (html, doc, xls, ppt, pdf, zip, etc.) (S140).

The step S200 starts the composer 100 (S210), classifies the data (S220), monitors (S230), filters (S232), and confirms compliance with P3P information protection policies and privacy related laws and rules. (S234).

The step S300 starts the control box 130 (S310) and checks for information protection (S320) and performs calculation, statistics and analysis of risk (S330). That is, the control box 130 classifies the situation (real time, regular, emergency) by comparing with the manager-defined value (threshold value) for the comprehensive risk Rk calculated by Equation 1 below.

In step S400, a separate database is generated for the collected data S410 and the analyzed data S420 (S420).

The step S500 is to check and analyze the data (S510) in the control box (S520) in the situation classification (S530) to report regularly using the graph (S540), the user or the reported data as described above The manager can directly check in real time through the dashboard (S542), and in case of an emergency, short-term transmission (SMS) (S544) or e-mail informs the situation (S546).

In the above, it may be an existing interface protocol such as SNMP Trap, OPSEC, Syslog, File, or ASEN for interface with an external solution, or another interface protocol to be developed in the future. As shown in FIG. 8, the exposure risk graph is integrated on the x-axis. Vulnerability exposure is represented as a variable on the composite risk and y-axis, and divided into green (green), yellow (yellow), magenta (magenta), and red (red) according to the risk exposure. Indicate the degree of exposure to indicate the degree of danger.

In FIG. 8, the x-axis represents the integrated comprehensive risk (Rk), the y-axis represents the vulnerability exposure (V (Ep)) of the site, and the integrated comprehensive risk (Rk) and the vulnerability exposure (V (Ep)) are shown below. It can be obtained from the equation.

는 통합가중치이고,

는 단위위험도이다.From above

Is the integration weight,

Is the unit risk.

는 개인이 이용하는 전체사이트에 대한 취약점 수준이며,remind

Is the level of vulnerability for the entire site used by an individual.

는

사이트에 대한 취약점 항목이고,

Is

Vulnerability entries for your site,

는

사이트에 대한 취약점

항목의 가중치이다.

Is

Vulnerability to Site

The weight of the item.

는 수학식 3에서 구할 수 있다.Meanwhile

Can be obtained from Equation 3.

는 개인이 사용하는 사이트를 지칭한다.From above

Refers to a site used by an individual.

And the statistical value of risk for the individual items of the present invention can be obtained by the following table.

In addition, the composer 110 to support the P3P standards of the W3C, to create a P3P policy suitable for domestic privacy laws and rules, and to create a policy reference file.

In addition, the retrieval agent of the probe 120 automatically checks the information exposure of the target web site in real time, and automatically checks the exposure of the information stored in a specific D / B in real time, html, pdf, excel (xls, xml , csv), word (doc, xml, mht, dot, rtf, txt), ppt, hwp, or zip to detect exposures to various file types, update patterns and functions of information, and the Frame Agent section of the W3C's P3P Check the domestic legal obligations, verify the validity of the registration request P3P policy and compliance with the law, the link agent unit receives the site abnormality through the web site inspection tool, and the web scanner Receives a check result of the vulnerability of the server, receives a security event from the Enterprise Security Management (ESM), and the website's evaluation page section is provided by the website user directly. The score or item can be selected for the degree, risk, adult site, etc., and the image-text transformer can be used to evaluate the imaged document such as an OCR (Otical Character Reader). The function allows you to read the imaged characters.

In addition, the control box 130 reports the summary information of the inspection information and the P3P inspection result, automatically updates the detection and confirmation of multiple information in one page, and stores the information exposure page (snap-shot). It can be managed, and it is equipped with statistical analysis function by type, inspection and result history record and search function, various forms of report output function, inspection management page report output function and statistical analysis result, and log record report output function.

In addition, the extension adapter 140 provides additional functions provided by the existing legacy system, and can provide a control service by interworking with a personal comprehensive management service solution, and transmit and receive data in the form of XML (Extensible Markup Language) and Async (asynchronous). ) It supports communication and supports other models of D / B.

In addition, the information collected by the probe 120 may include personal property information, education or training information, income information, real estate information, military service information, personal information information, family information, revenue information, credit information, employment information, legal information, medical information, Habit or hobby information.

In addition, whether the information security frame inspection process performed in the composer 110 is appropriate for the operation of the P3P framework, compliance with the obligations to notify the privacy policy of related laws, and whether the inspection or reflection of the personal information security policy is appropriate. Checks for adequacy, adequacy of policy references, and violation of legal privacy obligations.

The vulnerability exposure checking process performed in the composer 110 checks whether a vulnerability of a web page or a web page has been tampered with. The value of personal information, the value of a personal information handling system, and the value of a personal information handling service are evaluated for asset values. And assess the impact and assess the status and risk of information management.

(Distributed Save and Restore Routine)

FIG. 9 is a diagram for explaining a method of distributing and restoring personal information in a distributed file / DB system to which Shamir's secret sharing method is applied, and basically dividing and storing personal information to be protected in a structure of the distributed file / DB system. Collect and restore some of the saved information, and use the restored personal information.

In addition, information divided into N datanode servers is encrypted and stored in a namenode server in the form of metadata and then managed.

More specifically, the routine for distributing and storing personal information will be described. First, the personal information distributing means converts personal information, which is text, to binary, selects a random number from the Namenode server, and randomly selects different personal information. When the namenode server generates a random polynomial using the personal information converted to binary as a constant term, the namenode server calculates a piece of personal information and stores the calculated piece of personal information in each datanode server.

That is, as shown in FIGS. 10 and 11, when the number of data nodes is large, the personal information distributing means interworks with the composer 110 and divides the personal information into one data node server one by one. The distributed and personal information restoring means is composed of physically separated servers (subgroups) having optimum efficiency from correlations when restoring and using the fragments of personal information modified in the subgroup while interworking with the composer 110. Distributed file / DB system structure, and if the number of Datanodes is small, the personal information distributing means distributes and stores several differently divided personal information in one Datanode server, Personal information restoration means physically has optimal efficiency from the correlation when recovering and using personal information stored in servers in several subgroups. Implemented to have a distributed file / DB system structure logically connected to a separate server (subgroup).

On the other hand, the routine for restoring and retrieving personal information will be described in more detail. First, the personal information restoration means collects the modified and stored minimum personal information pieces from the data node server and uses the polynomial stored in the name node server. By using the following formula, the binary personal information is restored and converted into text.

When the data node server stops working when the private information restoration means does not divide the personal information and divides it, the number of servers can be restored up to t-1, and when the personal information is divided and stored secretly The number of servers stopped has gains that can be partially restored from t-1 to t-1 + n.

12 is a graph of restoration availability comparison, when the total number of Datanodes is 30, the polynomial is configured to restore even 60% of the secret distribution of personal information divided by m = 5 and n = 6. If the information is secretly distributed, it is impossible to restore the whole when 13 or more servers are stopped. If the information is secretly distributed, the information may be partially restored when 13 to 17 servers are stopped.

Fuzzy Search Routine Applied to Personal Information Binary Search

First, as shown in FIG. 13, the probe 120 directly collects text through http / https and parses it directly, collects personal information included in the text after parsing, and, in the case of binary files, to improve collection speed. Binary areas containing personal information are specified, and binary files collected using a fuzzing technique are compared to search for the inclusion of personal information. If a binary area containing personal information is included in the binary file compared by the fuzzing technique, the binary file is collected.

). 그리고, 대상 파일과 식별 가능한 정보를 퍼지 집합으로 규정하고(

,

), 각 집합에 대한 해밍 거리 계산하면 하기와 같다.That is, information identifiable in each personal information (for example, X1, X2, ..., XN) is selected, and basic information is set to 1 (

). Then, the target file and identifiable information are defined as fuzzy sets (

,

), The Hamming distance for each set is as follows.

<Hamming distance calculation>

In this case, the larger the distance, the more meaningless the file is determined by identifying the reference value to collect only files for a small value.

Looking at the above-mentioned collection criteria in terms of information theory, the Hamming distance is the number of different characters at the same position in two strings having the same length. That is, how many characters need to be changed in order to replace one string with another. Richard Hamming suggested. It is one of the methods to measure how many characters occurred during the transmission of character string in computer communication.

For example, the Hamming distance between '1011101' and '1001001' is 2, the Hamming distance between '2143896' and '2233796' is 3, and the Hamming distance between 'toned' and 'roses' is 3.

(Personal information reasoning attack possibility check and notification routine)

As shown in Fig. 14, the specific personal information {X | X1, X2,... , XL} of {X1, X2} representing IDENTITY is the site S = {S1, S2,... It checks whether it is included in the personal information collected by Sn} and cleans up all the matches.

And, as shown in FIG. 15, the composer 110 collects personal information through personal information profiling (Vk = Si ∪ Sj), and compares the collected site information and the exposed personal information with respect to the collected personal information. It provides the possibility of inference attack in the form of table and provides the change of personal information.

Although the preferred embodiments of the present invention have been described above, the present invention is not limited to the above-described embodiments, and when the technical means or configurations that can be applied or substituted by those skilled in the art by description of the claims are implemented, It should be said that it belongs to the scope of rights.

1 is a schematic diagram showing the configuration of the present invention system.

2 is a flow diagram illustrating a method of the present invention.

3-7 are flow charts detailing each step of the method of FIG.

8 is a diagram illustrating an example of an exposure risk graph of the present invention.

9 is a view for explaining sharing, distributed storage and restoration of personal information.

10 and 11 are distributed file / DB system structures according to data nodes.

12 is a graph for comparing the restoration of personal information availability.

13 is a flowchart for explaining a fuzzy search routine applied to a personal information binary search.

14 is a flow chart of personal information inference attack check and notification.

15 is a table illustrating personal information profiling.

16 and 17 are tables showing the privacy frame check items.

18 is a diagram for explaining means for detecting exposure of personal information.

19 is a conceptual diagram of pattern and function update of information.

20 is a table showing privacy vulnerability exposure check items.

21 is a table showing the functional items provided by the personal information protection system.

※ Explanation of code about main part of drawing ※

10: Online network of internet or intranet

100: information protection system 110: composer

120: probe 130: control box

140: extension adapter 200: inspection target

Claims (27)

In the personal information monitoring system that stores and manages the personal information entered by the user to receive any service online in any storage means, and protects it from being exposed, Monitoring means for collecting information transmitted and received online, determining and filtering whether predetermined information is included in the collected information, and checking a policy (frame) for the filtered information; Collecting means for collecting the personal information exposed through the online and transmitting to the monitoring means; And A control program having a control program set to different levels for each management level so as to notify the exposure state by the control program when personal information is exposed by an abnormal procedure by the monitoring means; Online privacy system, characterized in that consisting of. According to claim 1, The personal information monitoring and protection system, Personal information distributing means for distributing the information collected by the collecting means by using a secret sharing technique, and storing the distributed information in any storage means; Online privacy system further comprising a. According to claim 2, The personal information monitoring and protection system, Personal information restoring means for collecting and restoring a part of the personal information distributed and stored by the personal information distributing means; Online privacy system further comprising a. The method of claim 1, wherein the monitoring means, Filter information provided through at least one information providing means of a website, a server, a bulletin board, or an information posting server according to a preset condition, and set a privacy level for the filtered information. Examine the information protection laws and rules frame, create and manage policies that comply with privacy policies and privacy laws and rules, check the exposure and risk of the personal information, and calculate risk trend statistics And an integrated DB and storage means for determining whether or not to violate the information providing means, and classifying and storing the collected data. The method of claim 1, wherein the collecting means, A retrieval agent unit for collecting information provided through the online, retrieving information patterns of the collected information, and classifying and storing the retrieved information patterns; A frame agent unit for extracting information policy data provided online and analyzing the extracted information policy data; And A link agent unit for receiving information-related data from a web scanner and an integrated security management system (ESM); Online privacy system, characterized in that consisting of. The method of claim 5, wherein the collecting means, A website evaluation page unit for providing a survey web page to a terminal of a website user and evaluating the corresponding website using the survey information input through the survey web page; And An image conversion unit for retrieving the imaged character information, converting the imaged character information into character data, and classifying the image data; Online privacy system further comprising a. The method of claim 1, wherein the control means, Dashboard that provides the monitoring results of personal information to the user terminal, A user interface unit providing a web service and a client server; A checker that selects a website, checks the selected website, checks the information exposure page in real time, and provides a P3P information protection policy template for each industry; And A reporting unit providing statistical information on personal information exposure through the dashboard and providing personal information exposure maps and violations through the dashboard; Online privacy system, characterized in that consisting of. According to claim 3, wherein the retrieval agent of the collecting means To automatically check the exposure of the information on the target website in real time, to automatically check the exposure of the information stored in a specific D / B, to detect the exposure to the file type, and to update the pattern and function of the information. Privacy system online. The method of claim 8, The file type is a file having any one of html, pdf, excel (xls, xml, csv), word (doc, xml, mht, dot, rtf, txt), ppt, hwp, and zip. Online privacy system. The method of claim 5, wherein the frame agent of the collecting means Online privacy protection system characterized by checking the P3P of the W3C, reviewing domestic legal notices, and verifying the validity of the registration request P3P policy and compliance with relevant laws and regulations. The method of claim 5, wherein the link agent of the collecting means An on-line personal information protection system which receives information on a site abnormality through a website inspection tool, receives inspection result information of a web scanner, and receives a security event from an integrated security management system (ESM). The method of claim 6, wherein the web page evaluation page unit Online personal information protection system, characterized in that the service allows the user of the website to directly select the score or items for the web page stability, risk, adult site status. The method of claim 6, wherein the image conversion unit An online personal information protection system characterized by converting imaged document information into text so that it can be read as a character. The method of claim 1, wherein the control means, Report summary information of monitoring result information and legal monitoring result related to P3P, automatically update detection and confirmation of multiple information in one page, and manage by exposing page of information exposure (snap-shot), statistical analysis by type Records the function, inspection and result history, enables to search, outputs in a certain form of report, outputs the monitoring management page in report form, and outputs statistical analysis results and log record information in report form. Privacy system on-line, characterized in that it further comprises means. According to claim 1, The personal information monitoring and protection system, An online privacy system further comprising an extension adapter that services the external device to monitor personal information exposure. The device of claim 15, wherein the extension adapter is It can provide additional functions provided by existing legacy system, provide control service in connection with personal comprehensive management service solution, support XML (Extensible Markup Language) data transmission and reception, asynchronous communication, and other types of D / Privacy system on-line, characterized in that it has a means for supporting B. The method of claim 1, Information collected by the collection means may include personal property information, education or training information, income information, real estate information, military service information, personal information information, family information, revenue information, credit information, employment information, legal information, medical information, habits, or Hobby information Checking the information security frame includes whether the operation of the P3P framework is appropriate, whether the information communication network law complies with the Notice of Privacy Policy, whether the inspection or reflection of the privacy policy is appropriate, whether the policy reference is appropriate, Checks for violation of legal privacy obligations, Vulnerability exposure checks check for vulnerabilities on web servers, websites, or tampering with web pages. For asset value, the degree and impact of the value of personal information, the value of the personal information handling system, and the value of the personal information handling service are evaluated. An online personal information protection system comprising a means for evaluating information management status and risk, and for determining the status and level of information security compliance of a website used by an individual, an institution or a company. The method of claim 1, The personal information distributing means stores the divided personal information in N data node servers, and distributed information in the N data node servers is encrypted and stored and managed in a metadata form in the name node server. Privacy system online. The method of claim 18, The personal information distributing means is a distributed file consisting of physically separated servers that store and recover (use) partitioned and modified personal information one by one in the data node server when the number of data nodes is large. / DB online privacy system, characterized in that it has a system structure. The method of claim 18, The personal information distributing means may include: a physically separated server configured to distribute and store / restore several differently divided personal information in one data node server when the number of data nodes is small, and to support such correlation. Online privacy system, characterized in that it has a logically connected distributed file / DB system structure. The method of claim 18, The personal information distributing means collects personal information included in the text after parsing the text collected online, For binary files, binary areas containing personal information are designated, and binary files collected using fuzzing techniques are searched to find out whether personal information is included, and personal information is included in binary files compared by fuzzing techniques. Online privacy system, characterized in that the binary file is collected if the binary area is included. The method of claim 1, wherein the monitoring means, On-line characterized in that the information indicating the identity of the specific personal information (identity) is included in the personal information collected from a number of arbitrary sites, and the matching information is profiled and provided to the user terminal Privacy System. 23. A method of protecting information using the system of any one of claims 1 to 22 The collecting means may include a first step of collecting data or documents from a web board, a website, a web server, a database, a security system (legacy system), an e-mail or an FTP server; The message, data or document collected in the first step may be classified in the monitoring means to check whether the monitoring, filtering and P3P information protection policy and the laws and regulations related to privacy are complied with. A second step of performing a check and analysis on the data and generating a separate database for the collected data and documents and the analyzed messages, data and documents; And A third step of reporting the data checked and analyzed in the second step to the user terminal or the manager terminal through the dashboard in real time or periodically; Online privacy method, characterized in that consisting of. The method of claim 23, wherein in the second step Online privacy protection method comprising the step of blocking the communication in case of danger or information leakage. 15. The method of claim 14, wherein in the third step In the event of an emergency, online privacy protection, characterized in that the addition of a step to inform the situation by SMS (SMS) or email. The method of claim 25, wherein in the third step The type of real-time or periodic reporting is integrated on the x-axis and the vulnerability exposure on the y-axis as variables, and green, yellow, magenta and red (red) depending on the exposure On-line personal information protection method characterized in that the exposure risk graph indicating the degree of risk by indicating the degree of exposure. The method of claim 26, The integrated comprehensive risk (Rk) and vulnerability exposure (V (Ep)) of the x-axis can be obtained from the following equation.

here

Is the integration weight,

Is the unit risk,

Is

Vulnerability entries for your site,

Is

Vulnerability to Site

The weight of the item.

Images