KR20140007303A - Pairing digital system for smart security and providing method thereof - Google Patents

Abstract

Disclosed are a pairing digital system for smart security and a method for providing the same. The pairing digital system includes a storing unit in which one or more security data are stored; a communication unit communicating with a pair system preset to be paired with the digital system; and a control unit enabling a user to access the security data stored in the storing unit when the communication unit and the pair system are being paired or tagged at least once. [Reference numerals] (200) Pair system

Description

Pairing digital system for smart security and providing method

The present invention relates to a pairing digital system and a method of providing the same. More particularly, when the pairing digital system has identification information of a right holder, the owner of the party can easily change or delete the holder identification information. To make it difficult for unauthorized owners to change or delete rights holder identification information, or to perform pairing or tagging with a paired system that is preset to pair with the digital system in order to perform a specific function or specific operation of the digital system. This not only enhances the security functions for the main functions and operations of the digital system, but also prevents unauthorized owners from using at least some of the functions or operations of the digital system in the event of unauthorized possession, loss or theft of the digital system. To a system and method that provides for locking.

In addition, the present invention relates to a system and a method of providing the same, which prevents access to certain secure data stored in the digital system unless the pair system is owned.

Many digital systems (e.g., PCs, tablets, navigation, music players, cameras, automotive digital systems, etc.) have been widely used due to the development of information and communication technologies. In particular, as IT technology advances, digital systems are becoming smaller and convergent. For example, a mobile communication terminal (e.g., a mobile phone, a tablet PC, etc.) performs various functions such as a camera, an information storage device, a banking (payment, transfer) function as well as an original communication function. At the same time, the devices are miniaturized to a size sufficient for users to carry through such as integration of devices.

With the convergence of various functions, digital systems not only provide convenience to users but also become an important means of influencing users' lives. In addition, due to the miniaturization of digital systems, portability is becoming higher and more expensive, the damage caused by the loss or theft of the digital system is serious, and the burden of lost or stolen is increasing. For example, in the case where a digital system having a payment function or storing personal information is lost or stolen, it is necessary to re-purchase an expensive digital system and cause serious damage to the user in connection with personal information and credit can do. In a case where the portable digital system does not carry the portable digital system by storing important information such as a phone number, memo, and schedule of a person in a portable digital system (e.g., a mobile phone, a portable PC, etc.) Are frequently occurring.

For this reason, the importance or dependency of the digital system is increasing, but there is no proper countermeasure against security, unauthorized occupation, loss or theft of the digital system information.

The technical idea for solving some of these problems is a Korean registered patent "Digital system and its providing method ", filed by the applicant of the present invention (2 in the same title, Registration No. 10-1125708, 10-1130676) (Application No. 10-2012-0058302, "Digital System in which Rightsholder Identification Information is Recorded and Method of Providing It ", " Previous Application "). The above-mentioned patents and inventions save technical information about the owner of the digital system and prevent the illegal user from arbitrarily deleting or changing the information about the owner of the party, to provide. The present specification contains references and technical ideas disclosed in the above-mentioned patents and the claimed invention as references.

However, the digital system may be a system in which a large number of transactions are carried out in the middle, or a system which is easy to transfer to another person. In such a case, the technical ideas of the inventions and the inventions which are invented so as to have a great effort and expense to delete or change the information on the legitimate owner may have practical limitations.

Accordingly, it is an object of the present invention to reduce the residual value and the utilization value of the digital system by making it difficult for an unauthorized user to delete or change the information about the owner of the digital system, which is a technical idea of the present invention, (Such as changing or deleting information of a party owner, or writing information of a new owner) of the digital system while maintaining the effect of the digital system.

On the other hand, as digital systems become a part of life, security of software, such as contents stored and applications used, is becoming more important. The prior art has been a method of authenticating by accessing a password or pattern recognition for accessing security information or operating software. This conventional technology has a problem that security is not achieved when information such as password or pattern recognition is leaked. In addition, even if information such as passwords and pattern recognition has not been leaked, security problems may occur because the digital system has the information therein. In other words, it is recognized that it is not too difficult for a person having a certain level of knowledge of a digital system to illegally acquire a digital system and extract or decrypt authentication information therein. Therefore, security needs for not only digital system devices but also information stored in the digital system and software used are increasing, but the conventional technology for the security is very insufficient.

As such, in addition to writing, deleting, or changing information about the owner, as well as performing other specific functions or operations that the digital system can perform, unauthorized users use the digital system to perform specific functions or operations. The technical idea of preventing the user from performing a specific function or operation can be easily performed.

In addition, data that requires security among data stored in the digital system, that is, security data (for example, executable application or personal information, etc.) can be accessed (for example, execution, confirmation of information, etc.) only if the pair system is possessed. In order to control the access to the secured data, even if an unauthorized user acquires control of the digital system, a technical idea is required.

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to provide a system and method for a digital system, which enables a party owner to feel familiarity with the digital system, And to provide a digital system which enables a fraudulent occupant to have a psychological sense of pressure when occupying or using the digital system in case of ownership dispute, loss or theft. In addition, the present invention provides a system and a method for allowing a party user to easily delete and / or change information on the owner while controlling the information on the owner to be difficult to delete or change.

In addition, a legitimate user can easily perform a specific function or operation of the digital system, while authentication information such as password or pattern recognition of the digital system is leaked, or a password or the like is obtained by a person having a certain level of expertise. Even if the authentication information is extracted or decrypted, a fraudulent user or an occupant is to provide a system and method for preventing a specific function or operation of the digital system from performing.

In addition, the present invention provides a system and method for preventing a loss or theft of a digital system in advance through a pair system paired with a digital system.

In addition, data that requires security among the data stored in the digital system, that is, secure data (for example, executable application or personal information, etc.) can be accessed (for example, execution, confirmation of information, etc.) only when the pair system is possessed. The present invention provides a system and method for controlling access to the secure data even when a fraudulent user acquires control of the digital system.

In addition, the data or folder can be set as secure data for each data or for a predetermined folder, and the data or folder can be accessed only when paired with a predetermined pair system or tagged at least once. The present invention provides a system and a method capable of providing a virtual space having sex. In addition, the present invention provides a system and a method capable of providing a secure virtual secret space, which can be controlled to prevent retrieval from the digital system when the secure data is in a paired state or not tagged at least once.

Another object of the present invention is to provide a system and a method capable of providing a plurality of virtual (secret) spaces having security according to the number of pair systems by differently setting pair systems corresponding to security data.

The digital system for achieving the technical problem is a storage unit for storing at least one secure data, a communication unit for performing communication with a pair system that is set in advance to pair with the digital system, and the communication unit and the pair system And a control unit for controlling access to the secure data stored in the storage unit in a pairing state or at least once.

The storage unit may further store predetermined security management software, and the controller may control to access the at least one security data through the security management software.

The controller may execute the security management software only when the communication unit and the pair system are paired or tagged at least once.

The control unit displays information on the at least one security data through the security management software when the communication unit and the pair system are paired or tagged at least once, and specific security data among the displayed at least one security data is It may be characterized in that it is controlled to be paired with another pair system or to be accessed at least once.

The control unit may automatically execute the security management software when the pair system is in a pairing state with the communication unit or tagged at least once.

The control unit stores the security management software and the security data in a predetermined security area included in the storage unit, and the security area controls the pair system to be accessible only when paired with the communication unit or tagged at least once. It may be characterized by.

The controller may store the security data in a predetermined security folder, and the security folder may control the paired system to be accessible only when paired with the communication unit or at least once tagged.

The pair system is a master pair system and the control unit controls to access all the secure data stored in the storage unit through the security management software when the master pair system and the communication unit are paired or tagged at least once. can do.

The control unit controls to access only the security data corresponding to the first pair system when the first pair system and the communication unit are paired or tagged at least once, and the second pair when the first pair system and the communication unit are tagged. It may be characterized in that the control so that only secure data corresponding to the pair system is accessible.

The controller may receive a security data setting request for predetermined data, and receive identification information of a pair system corresponding to the data in response to the reception, and store the identification information of the pair system.

The controller may differently determine accessible security data among the at least one security data according to how many times the pair system and the communication unit are tagged within a predetermined time.

The digital system for achieving the technical problem is a communication unit for performing communication with a pair system that is set in advance to pair with the digital system, the security management software and at least one security data corresponding to the stored storage is stored And information related to the at least one security data corresponding to the pair system through the security management software to execute the security management software when the communication unit and the pair system are paired or tagged at least once. And a controller configured to control access to the at least one security data when an access request is input through the displayed information.

The digital system for achieving the technical problem is a communication unit for performing communication with a pair system that is set in advance to pair with the digital system, the security management software and at least one security data corresponding to the stored storage is stored And the communication unit and the pair system must be tagged at least once to execute the security management software and to display security data to be displayed through the security management software among the at least one security data according to how many times the tag is tagged within a predetermined time. And determining, and if the information corresponding to the security data determined through the security management software is displayed, the controller controls the access request to the access security data only if the access request is input through the displayed information.

A method of providing a digital system for achieving the technical problem includes the steps of storing the at least one secure data by the digital system, pairing the pair system and the digital system which is preset so that the digital system is paired with the digital system Determining whether the digital system has been paired with the pair system or tagged at least once, and controlling access to the secure data stored in the digital system.

The method of providing a pairing digital system for smart security may further include storing a predetermined security management software by the digital system, and controlling the access to the security data stored in the digital system may include: The security management software may be executed to control the access to the security data through the security management software.

Controlling access to the secure data stored in the digital system includes automatically executing the security management software or accessing the secure data when the pair system is paired with the communication unit or tagged at least once. can do.

Controlling access to the secure data stored in the digital system may include displaying information about the at least one secure data through the security management software when the digital system is in a paired state or tagged at least once. And controlling a specific security data of the at least one security data displayed by the digital system to be paired with another pair system or to be accessed at least once.

The pair system is a master pair system and the controlling of access to the secure data stored in the digital system may include: when the master pair system and the digital system are paired or tagged at least once, the digital system stores the storage unit. And controlling access to all secure data stored in the server.

Controlling access to the secure data stored in the digital system may only access secure data corresponding to the first pair system when the digital system is paired or tagged at least once with a predetermined first pair system. The digital system may be controlled so that only the security data corresponding to the second pair system is accessible when the digital system is tagged with the predetermined second pair system.

The method of providing a pairing digital system for smart security may further include determining differently accessible security data among the at least one security data according to how many times the digital system is tagged with the pair system within a predetermined time. The controlling of access to the security data stored in the digital system may be controlled to access the determined security data.

In accordance with an aspect of the present invention, there is provided a method for providing a digital system, wherein the digital system stores at least one security data corresponding to a security management software and a predetermined pair system, and the digital system is in a paired state or at least one of the paired systems. If it is determined that the tag has been tagged, the digital system executes the security management software, and displays the information corresponding to the at least one security data corresponding to the pair system through the security management software executed and the displayed And controlling the digital system to access the at least one secure data when an access request is input through the information.

A method of providing a digital system for achieving the technical problem includes the steps of storing, by the digital system, security management software and at least one security data corresponding to the pair system, and determining that the digital system has been tagged with the pair system at least once. Executing the security management software, displaying information about the security data determined according to how many times the digital system is tagged within a predetermined time period of the at least one security data through the security management software; and And controlling access so that access to the secured data that has been accessed must be input through the information.

The digital system providing method may be stored in a computer readable recording medium recording a program.

In the normal mode, the digital system according to the present invention is configured such that every time a specific operation (e.g., power-on, etc.) is performed, voice information for the owner (e.g., "I am OOO's cell phone," ) Or displaying the information related to the party owner, it is possible to have an affinity for the digital system when the owner owns it, and there is an effect of easily solving the dispute of ownership, There is an effect that a fraudulent user has a psychological pressure feeling against unfair use of the digital system.

In addition, a party user can easily delete or change information about the party's proprietary owner of the digital system by simply having a pair system or easily accomplishing this through a simple tagging action, or any external system capable of authenticating the party owner On the other hand, the fraudulent user makes it very difficult to delete or change the information about the party owner of the digital system, thereby reducing the residual value or utilization value due to fraudulent occupation or use of the digital system, And has a proactive preventive effect against loss or theft.

Further, when the digital system and the pair system are separated from each other by a predetermined distance or more, the digital system and / or the pair system performs an alarm function, thereby preventing the digital system and / or the pair system from being lost or stolen have.

In addition, the control of a particular function or operation of the digital system using a pair system that is paired with the digital system does not necessarily have to be limited to the control of deletion or alteration of information about the owner. For example, if the technical idea of the present invention is applied to a predetermined function (e.g., financial transaction function, e-mail or personal information browsing function) or a specific operation (for example, connection to a specific network) It is possible that a certain party user can easily perform the specific function / operation, while a fraudulent user who does not have the pair system can not perform the specific function / operation.

In addition, even if lost or stolen, it is possible to reduce the motivation for unauthorized use by not performing a specific function / operation of the digital system unless the pair system is retained, and even if it is not lost or stolen. The use environment (such as a function or operation that can be performed for each user) of the same digital system can be provided differently for each user (a user who has a pair system and a user who does not).

In addition, data that requires security among the data stored in the digital system, that is, secure data (for example, executable application or personal information, etc.) can be accessed (for example, execution, confirmation of information, etc.) only when the pair system is possessed. In order to control the security data, even if an unauthorized user acquires the control right of the digital system, access to the security data can not be performed.

In addition, the data or folder can be set as secure data for each data or for a predetermined folder, and the data or folder can be accessed only when paired with a predetermined pair system or tagged at least once. There is an effect that can provide a virtual space with a castle or a virtual system environment. In addition, if the secure data is in a paired state or not tagged at least once, the digital system can be controlled to prevent retrieval, thereby providing an effective virtual secret space or secret system environment.

In addition, by setting the pair system corresponding to the security data differently, there is an effect that can provide a plurality of virtual (secret) space or system environment with security according to the number of pair systems.

BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
Figure 1 shows schematic systems for implementing a method of providing a pairing digital system according to an embodiment of the present invention.
2 is a diagram showing a schematic configuration of a pairing digital system according to an embodiment of the present invention.
3 is a diagram illustrating an example of a method of forming a pair by a pairing digital system and a pair system according to an embodiment of the present invention.
4 is a diagram illustrating an example of a manner in which a pairing digital system protects information about the owner in accordance with an embodiment of the present invention.
5 is a diagram illustrating a method by which a pairing digital system can delete or change information about an owner in accordance with an embodiment of the present invention.
6 is a diagram for explaining a concept that execution of a specific application is controlled according to a method of providing a pairing digital system according to an embodiment of the present invention.
7 is a diagram for explaining a method of controlling execution of a specific application according to an embodiment of the present invention.
8 is a diagram showing a schematic configuration of a pair system according to an embodiment of the present invention.
9 is a diagram illustrating a concept of outputting an alarm signal by a secure digital system or a pair system according to an embodiment of the present invention.
10 is a diagram for describing security data whose execution is controlled according to an embodiment of the present invention.
11 is a view for explaining the security management software according to an embodiment of the present invention.
12 illustrates an example of a screen displayed when the security management software is executed according to an embodiment of the present invention.

In order to fully understand the present invention, operational advantages of the present invention, and objects achieved by the practice of the present invention, reference should be made to the accompanying drawings and the accompanying drawings which illustrate preferred embodiments of the present invention.

Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component. Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the preferred embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.

Figure 1 shows schematic systems for implementing a method of providing a pairing digital system according to an embodiment of the present invention.

Referring to FIG. 1, a pairing digital system 100 and a pair system 200 may be provided to implement a pairing digital system according to an embodiment of the present invention. Depending on the implementation, a predetermined external system 300 may be further provided. The external system 300 can perform a specific function (e.g., identification of the owner) in accordance with the technical idea of the present invention even when the pairing digital system 100 and the pair system 200 are not in a pairing state or at least once tagged (E.g., modification of the first information), execution control of the specific software, and / or activation control of the specific hardware included in the pairing digital system 100.

The pairing digital system 100 includes all types of data processing devices capable of communicating with the pair system 200 using a predetermined communication protocol and having date processing capability capable of performing the functions defined herein Can be defined as meaning. For example, although the pairing digital system 100 is shown only in the form of a mobile phone in FIG. 1, it may be implemented in a computer, a notebook, a tablet, an IPTV, a smart TV, a set top box, a remote control, a music player, a home automation device, Examples can vary.

Depending on the embodiment, the pairing digital system 100 and / or the pair system 200 may be connected to a predetermined communication device for realizing the technical idea of the present invention through a predetermined interface (for example, a USB interface) have. For example, when the pairing digital system 100 is a desktop PC, a predetermined communication device for implementing the technical idea of the present invention may be connected to the desktop, and the communication device connected to the desktop may be connected to the technical idea of the present invention May perform the function of the communication unit.

According to an example, the pairing digital system 100 may store first information including information about the owner. The first information can be output in various manners every predetermined predetermined operation or at regular intervals. For example, the pairing digital system 100 may output the first information as corresponding voice information or may output predetermined display information. The information on the owner may be various information such as a name, an alias, a sign, a contact, etc., which can identify the owner. The first information may be information on the owner itself, or information on the owner.

For example, if the first information is the owner's name, the voice information (or display information) output by the digital system 100 may be voice information (or display information) corresponding to the owner's name. Or information including the name of the owner. For example, when the first information is 'Mike', the voice information (or display information) may be simply voice information (or display information) corresponding to 'Mike', voice corresponding to 'This is Mike's phone' Information (or display information).

When the first information is output as display information, the pairing digital system 100 may display the first information on a display device provided in the pairing digital system 100 at regular intervals or at all times.

As used herein, the term " owner " means a person who has the authority to legitimately use the pairing digital system 100, and includes a person who owns the property or a person who is legally allowed to use the property by the owner Can be used.

According to an embodiment, the pairing digital system 100 may operate in a plurality of modes, and may output audio information or display information corresponding to the first information only in at least one of the modes.

According to one embodiment, the pairing digital system 100 may output voice information or display information corresponding to the first information in a normal mode. Herein, the normal mode may mean a mode of a general use environment other than a mode classified as a special mode such as lost or stolen. The change from the normal mode to the special mode may be based on the user's control signal or automatically based on the determination result by automatically determining whether the pairing digital system 100 is in a predetermined condition. Such an example has been described in detail in the above-mentioned Korean patents, and a detailed description thereof will be omitted.

In addition, the pairing digital system 100 may be a system operating without any discrimination such as a normal mode or a special mode, and at this time, the pairing digital system 100 may also output voice information and / or display information corresponding to the first information Can be output.

For example, the pairing digital system 100 may output first information set as preset audio information each time it performs a specific operation. Alternatively, the voice information may be output every time a specific time is reached. For example, the particular operation may be an operation to power on the digital system 100, or an operation to execute a particular application or function. Alternatively, the voice information may be output at a predetermined time, such as a preset rising time, a working time, and the like. For example, the digital system 100 can be implemented so that, when a predetermined application can be installed, each time the application is executed, the digital system 100 outputs first audio information corresponding to the first information. Alternatively, voice information including the first information may be output whenever a specific function (e.g., a payment function, a play function, etc.) is to be executed. For example, "OOO's power is on.", "◇◇◇'s wake time.", "□□□ 's application will run." And the like can be output.

The first information may be stored in the pairing digital system 100. The owner may input the first information as character information through the character input method provided by the pairing digital system 100. [ Alternatively, if the pairing digital system 100 provides a predetermined voice recording function, the first information may be input through voice recording. The first information may be input in various ways. According to an example, the first information may not be input by the owner of the pairing digital system 100, but the first information may be input in advance by another person. For example, the manufacturer or the distributor of the pairing digital system 100 may input the first information.

The pairing digital system 100 outputs predetermined first information (for example, information on the owner) as audio information (or display information) every time a predetermined specific operation is performed (or at regular or predetermined intervals) So that other users other than the owner can feel burdened in using or using the digital system 100. [ That is, according to the technical idea of the present invention, the desire for fraudulent use of other users can be prevented. In addition, even when the owner himself or herself uses the first information, the first information is repeatedly output or displayed on the screen, so that the user can feel attachment and friendliness to the digital system 100.

On the other hand, in the case of an unauthorized user, it may have a desire to delete the output of the first information or arbitrarily change the first information. It is desirable that the technical structure of the present invention is made so that it is not easy to delete or change the first information because the technical purpose and the effect of the present invention can be achieved only by making it unlikely that unjust needs of such a fraudulent user is made difficult. On the other hand, if the deletion or modification of the first information is implemented so as not to be easy for all users, it may be inconvenient if the owner of the pairing digital system 100 is changed due to legitimate transaction or transfer of rights There may be adverse effects.

Therefore, the unauthorized user can not access or modify the first information, while the party user can easily access or modify (e.g., delete, change, record new information, etc.) the first information .

For this purpose, according to the technical idea of the present invention, the pairing digital system 100 is configured to pair with the pair system 200, which is predefined to pair with the pairing digital system 100, It is possible to control access or modification of the first information only when it is performed.

Alternatively, only when a predetermined permission signal is received from the external system 300, the pairing digital system 100 may be controlled so that the first information can be accessed or modified. The permission signal is a signal that is output from the external system 300 to the pairing digital system 100 when the authentication is successful after the pairing digital system 100 has undergone a predetermined authentication procedure through the external system 300 .

Therefore, the user can access the first information or modify the first information only when both the pairing digital system 100 and the pair system 200 are occupied. Even if the pairing digital system 100 and the pair system 200 are not paired or tagged at least once, the authenticated user through the external system 300 may be allowed to access or modify the first information have.

For example, the pairing digital system 100 may request permission to perform certain functions, such as accessing or modifying the first information, to the external system 300. Then, the external system 300 may request predetermined authentication information from the pairing digital system 100. The authentication information may be information previously stored in the external system 300. The authentication information may be, for example, a password registered by the user, a secret pattern, or predetermined information (e.g., address, resident registration number, etc.)

The authentication information may be different from the predetermined authentication information stored in the pairing digital system 100. In any case, since separate authentication information capable of authenticating the user of the party is stored in the external system 300, the authentication of the authentication stored in the pairing digital system 100 in response to an unauthorized attack by the pairing digital system 100 Even if information is exposed, there is an effect that access or modification of the first information may not be allowed.

For example, when the pairing digital system 100 is a mobile communication terminal, the external system 300 may be a mobile communication company system. However, the external system 300 may be any external system capable of performing authentication of a user, Or may be the external system 300. If the authentication is successful, the external system 300 may transmit a predetermined permission signal to the pairing digital system 100.

The control unit 110 may receive a grant signal from the external system 300 and may be configured to access or modify the first information as described above when the grant signal is received, to execute a particular software, and / Can be activated.

The pairing state may be a state in which the pairing digital system 100 and the pair system 200 are in a communicable state or a case where communication is possible and a certain criterion is met (for example, have. Tagging is performed means that the pairing digital system 100 and the pair system 200 are close to each other within a certain distance (for example, 10 cm) capable of performing non-contact RF communication such as NFC (Near Field Communication) Or a state or activity. Wherein the pairing digital system 100 and the pair system 200 are in a pairing state when the user of the pairing digital system 100 is currently in possession of the pair system 200. [ ) And the pair system 200 can be implemented. Alternatively, the user of the pairing digital system 100 may also have the pair system 200 to perform tagging.

As described above, according to the technical idea of the present invention, the pairing digital system 100 can only store the first information in the area where the first information is stored, if it is estimated that the user of the pairing digital system 100 also has the pair system 200 To modify or change the first information. Of course, when the permission signal through the external system 300 is received as described above, the modification or change of the first information can be performed.

In the case of a pairing state or at least once through tagging or when the grant signal is received, the modification or access of the first information as well as the execution of the specific software may be controlled, or the activation of the specific hardware may be controlled.

In the meantime, when a pairing state or a case where tagging is performed at least once is mainly described, it can be assumed that the party user has the pair system 200. Thus, the party user can modify the first information only if he / she has the pair system 200 (or performs only a simple tagging action), so that the first information can be easily modified. On the other hand, if the unauthorized user does not have both the pairing digital system 100 and the pair system 200, the first information can not be modified. The pairing digital system 100 and the pair system 200 may be generally stored or held by a user so that the probability of simultaneously losing or stolen the pairing digital system 100 and the pair system 200 is And the technical idea of the present invention can be easily implemented.

As described later, according to the technical idea of the present invention, when the pairing digital system 100 and the pair system 200 are separated by a predetermined distance or more, the pairing digital system 100 and / or the pair system 200 may output a notification signal informing the user thereof. Therefore, the risk of losing or theft of either the pairing digital system 100 or the pair system 200 can be prevented altogether.

The pair system 200 may be a system or device capable of communicating with the digital system 100. For example, it may be implemented as an IC card (or a smart card) 201 that does not have its own power source but can store predetermined information and perform simple calculations. For example, the pair system 200 has a unique computing capability and storage capability, and a system in which a predetermined RF communication device for technical idea of the present invention is added to an IC card or a smart card, Lt; / RTI >

Alternatively, the pair system 200 may be a data processing system (e.g., 202) having a power source and data processing capability. A card type OTP card having a smart phone or a tablet PC or a power source, various types of smart cards having a power source, or the like may be implemented in the pair system 200.

According to an implementation of the pair system 200, an implementation of a communication protocol in which the pairing digital system 100 and the pair system 200 can communicate can be changed.

The pair system 200 may simply be a system that is maintained for pairing with the pairing digital system 100 or provided for tagging according to an embodiment. In such a case, the pair system 200 may be implemented solely by a communication device capable of communicating with the pairing digital system 100 only.

For example, the pair system 200 may be implemented with a system (e.g., member number 220 in FIG. 8) implemented with only minimal functionality to pair with the pairing digital system 100, The communication device 200 may be an RF tag or a communication device itself including a predetermined communication device (e.g., an RF communication device (antenna, etc.)). Of course, the RF tag or the communication device (e.g., RF communication device) may be provided with a predetermined storage device (e.g., EEPROM) and / or an IC chip.

In such a case, a user may be implemented to attach or fit the pair system 200 to a target object such as a predetermined object or device. To this end, the pair system 200 has a predetermined adhesive surface, or may have a housing to be fitted to the target object. The target object may be variously determined by a user's selection.

Alternatively, the pair system 200 may be a system in which a communication device for the pairing function (e.g., an RF communication device, etc.) is embedded in an object made for a separate function. For example, a wide variety of embodiments may be possible, such as a USB storage device, a security card, an OTP generator, a clock, a bracelet, a smart card, and the like. In any case, the pair system 200 can be implemented in a wide variety of forms only if it includes a communication device capable of performing pairing with the digital system 100.

According to one embodiment, a predetermined communication device for implementing the technical idea of the present invention is attached to a conventional OTP generation device, a security card, an IC card, a credit card, a membership card, etc., The pair system 200 may be implemented.

According to another embodiment, the pair system 200 may store certain information for implementing the technical idea of the present invention, and may transmit the information to the pairing digital system 100 in a predetermined manner System.

The first information stored in the pairing digital system 100 can be modified (e.g., recorded, deleted, or changed) only through a predefined specific application. At this time, the entire application or a part of the application may be stored in the pair system 200. In some implementations, if key information (e.g., authentication information such as a serial number or a password) is required to execute the application, the key information may be stored in the pair system 200. [ Accordingly, when information necessary for the application to be executed, that is, required information (at least a part of the application and / or the key information) is stored in the pair system 200, The required information stored in the pair system 200 may be transmitted to the pairing digital system 100 after the tagging state or at least one tagging has been performed.

Such an embodiment may have higher security than when the pair system 200 merely has a function of forming a pair with the pairing digital system 100. [ For example, if all of the necessary information is stored in the pairing digital system 100, and the application is executed when the pair system 200 is simply paired with the pair system 200 or tagged, a malicious attacker (e.g., a hacker or the like) There may be a risk that the application may be executed even if the pairing state or tagging is not performed. However, if at least some of the necessary information is stored in the pair system 200, execution of the application may not be possible unless the malicious attacker carries the pair system 200.

This technical idea can be applied to any application that can be executed in the pairing digital system 100 as well as an application for modification of the first information stored in the pairing digital system 100. [ In particular, it may be desirable to apply to applications requiring high security level such as financial transactions, electronic commerce, and personal authentication. Depending on the implementation, not only the execution of the application, but also the functions provided by the application may be controlled by the pair system 200. That is, the functions of some of the various functions provided by the application may be executable only after the pair system 200 and the pairing digital system 100 are paired or at least once tagged.

For example, when the application is a financial transaction application, the authentication process such as a public certificate is not required in the past for simple information inquiry among the functions provided by the application, and a certain authentication process is required to perform the financial transaction function . Similarly, if the technical idea of the present invention is applied to financial transactions, some of the functions provided by the application, which may be relatively low in security level, such as simple information inquiry, may be paired with the pair system 200, And a function of relatively high security level such as transfer, settlement, and order can be implemented so that the pairing digital system 100 and the pair system 200 are only required to be paired or at least tagged at least once .

In addition, the technical idea of the present invention can be applied not only to an application that can be executed in the pairing digital system 100, but also to a predetermined hardware configuration provided in the pairing digital system 100. [ For example, the specific hardware included in the pairing digital system 100 may be enabled when the pair system 200 and the pairing digital system 100 are paired or at least once tagged. Alternatively, a specific function of the specific hardware may be enabled, such that the pair system 200 and the pairing digital system 100 are in a pairing state or at least once tagged. To this end, the pairing digital system 100 may change the setting of the software for driving the specific hardware or may drive different software depending on whether the pairing digital system 100 is tagged with the pair system 200 or tagged at least once . Depending on the implementation, the pairing digital system 100 itself may be enabled, in which case the operating system settings of the pairing digital system 100 may be controlled.

As a result, according to the technical idea of the present invention, the pairing digital system 100 can perform a specific function, an application (or a function provided by the application) that the pairing digital system 100 can perform by the pair system 200, And / or execution of the specific hardware (or functions provided by the specific hardware) can be controlled.

2 is a diagram showing a schematic configuration of a pairing digital system according to an embodiment of the present invention.

Referring to FIG. 2, a pairing digital system 100 according to an exemplary embodiment of the present invention includes a control unit 110 and a storage unit 120. The pairing digital system 100 may further include a communication unit 130 and / or an alarm unit 140.

The control unit 110 may drive a predetermined application installed in the pairing digital system 100 or may drive an OS of the pairing digital system 100 to perform the technical idea of the present invention. That is, the pairing digital system 100 according to the embodiment of the present invention may install a predetermined application to implement the technical idea of the present invention, and may be implemented by the firmware of the pairing digital system 100 or the OS itself have.

The configuration such as the control unit 110, the storage unit 120, the communication unit 130, and / or the alarm unit 140 may be implemented by hardware for performing the technical idea of the present invention and software for driving the hardware Can mean a functional and structural combination of the two. For example, each of the above configurations may refer to a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and may be a code physically connected to one another or a specific type of hardware May be easily deduced to the average expert in the field of the present invention. Thus, each of the above configurations refers to a combination of hardware and software that performs the functions defined herein, and does not mean a specific physical configuration.

The controller 110 controls the functions and / or the resources of other components included in the digital system 100 (e.g., the storage unit 120, the communication unit 130, and / or the alarm unit 140) Can be controlled.

The controller 110 controls the audio output device (e.g., a speaker) or the display device included in the pairing digital system 100 to transmit first information including information on the owner to the audio information and / It can be output as display information. In addition, the controller 110 may determine whether the communication unit 130 and the pair system 200 are in a pairing state or at least once tagged. Also, a predetermined security procedure may be performed as will be described later. When the security procedure receives the necessary information corresponding to a predetermined application (e.g., at least a part of the application and / or at least a part of the key information) from the pair system 200, And delete the application generated by the pair digital system 100 when the application is created based on the necessary information. Of course, this security procedure may be performed after the application performs a predetermined function.

The reason why the security procedure is required is that if the received necessary information or the generated application remains in the pairing digital system 100, There is also the risk that the application will run and the information may be exposed.

The storage unit 120 may store the first information. The first information may be stored in a predetermined protection area. The protection area may be an area that is implemented so as not to access and / or modify (write, delete, or change) the protection area except for an application previously authorized. The control unit 110 may monitor an I / O call (for example, a message, a request, etc.) of the protection area to protect the information stored in the protection area. Only the authorized application (or process) may control access to the protection area and / or modify the protection area.

Also, the storage unit 120 may store an application or other software (e.g., OS, firmware, etc.) that can be executed in the pairing digital system 100. [ The storage unit 120 may mean a combination of at least one storage device included in the pairing digital system 100.

The communication unit 130 may perform communication with the pair system 200. The communication unit 130 may be configured to perform communication only with the pair system 200 forming a pair with the pairing digital system 100. [ Then, the communication unit 130 must perform pairing with the pair system 200 forming a pair with the pairing digital system 100, or perform the function or operation defined in the present invention only after tagging at least once .

Pair formation may refer to a series of processes or procedures in which the pairing digital system 100 and the pair system 200 are configured to be a pair.

The pair system 200 may be a system determined by the manufacturer or the distribution entity of the pair system 200 or the pairing digital system 100 to be paired with a specific pairing digital system 100 in advance, Or may be a system that is optionally implemented to pair with the digital system.

For example, the manufacturer of the pairing digital system 100 may determine the pair system 200 that can pair with the pairing digital system 100 in advance. According to an embodiment, a manufacturer or a distributor of the pairing digital system 100 may provide a tag device capable of pairing with the digital system 100, and when a user attaches the tag device to a predetermined object, The object to which the tag device is attached may be implemented as the pair system. Alternatively, a user may select the pair system 200 to pair with the pairing digital system 100.

According to one embodiment, the pair system 200 may be a financial transaction means that can be distributed by a predetermined financial institution. For example, a financial institution, which is a subject of the operation of the financial transaction system, can implement a credit card, an OTP card, a security card, or the like as the pair system 200 and issue it to a user. Alternatively, a point card, a membership card, or the like provided by a mobile communication company to a user may be implemented in the pair system 200.

In any case, pairing is performed by storing identification information that can identify the pairing system 200 or the pairing digital system 100 that the pairing system 100 or the pair system 200 is a pair with . This procedure can be defined as a pair formation procedure. When the pair formation procedure is performed, the pair authentication procedure may be performed before the pairing is formed to implement the technical spirit of the present invention.

Accordingly, the pair forming procedure may include the step of the pairing digital system 100 or the pair system 200 receiving the identification information of the pair system 200 or the pairing digital system 100. That is, the pairing digital system 100 and the pair system 200 can perform the pair forming procedure through direct communication (e.g., various RF communication or NFC communication). According to an embodiment, the pair formation procedure may be performed by a user through the application system 200 (or the digital system 100) or the pair system 200 via a predetermined application or software (e.g., OS) 100).

Of course, in the pairing digital system 100 or the pair system 200, identification information of the pair system 200 or the pairing digital system 100 that is a pair in advance is stored, and the information may not be changed have.

If the pair system 200 is implemented so that the user can attach or insert a target object such as a predetermined object, the target system 200 can not easily recognize the target object, There is also an effect of preventing the loss or theft of itself.

According to the technical idea of the present invention, in order to give an alarm signal to a user when the pairing digital system 100 and the pair system 200 are separated from each other by a predetermined distance or more, the security digital system and the pair system are normally in a pairing state The present invention may be referred to as 'alarm pairing state'). In this case, when the pairing digital system 100 and the pair system 200 attempt to acquire predetermined information through pairing, a pair authentication procedure is performed in advance between the two systems forming the pair, There is also an effect of preventing loss or theft of the pairing digital system 100 and the pair system 200 itself.

Meanwhile, unlike the alarm pairing state, the NFC communication method, that is, the pairing may be performed during tagging.

Whether or not the paired digital system 100 is in the paired state can be determined depending on whether the communication state between the pairing digital system 100 and the pair system 200 satisfies predetermined criteria. The communication state may depend on the distance between the digital system 100 and the pair system 200.

The pairing digital system 100 and the pair system 200 may perform wireless communication (e.g., RF communication). Therefore, the communication environment between the pairing digital system 100 and the pair system 200 may be more affected. In this specification, since the pairing digital system 100 and the pair system 200 assume a normal living environment of a person, the communication state is a dominant condition in the distance between the pairing digital system 100 and the pair system 200 It can be assumed that it is affected. Of course, if there is an object that may interfere with wireless communication between the pair system 200 or the pairing digital system 100, the pairing may not be performed even if the distance is sufficiently close.

When the pairing digital system 100 and the pair system 200 are paired, for example, the pairing digital system 100 and the pair system 200 can communicate with each other. Alternatively, it may mean that a signal of a predetermined size or larger can be transmitted to the pairing digital system 100 and / or the pair system 200 even if communication is performed. That is, in a general communication environment, the pairing digital system 100 and the pair system 200 are present within a communication distance capable of communicating with each other, or within a predetermined distance shorter than the communication distance can do.

Meanwhile, the communication between the pairing digital system 100 and the pair system 200 can be performed in various ways. It is well known that, in accordance with this approach, the distance and / or environment in which pairing is possible may vary.

The communication between the communication unit 130 and the pair system 200 included in the pairing digital system 100 may be various embodiments such as Bluetooth, NFC, infrared communication, and optical communication. A communication device for such communication may be provided in the pairing digital system 100 and the pair system 200, respectively.

According to one embodiment, the pairing digital system 100 and the pair system 200 can perform RF communication. For example, the digital system 100 and the pair system 200 may perform communication using a wireless standard protocol such as Bluetooth, Zigbee, or the like. Of course, when performing Bluetooth communication, the pair system 200 may have its own power source or be a system capable of receiving power from the outside. On the other hand, in the case of Zigbee communication, it may be advantageous that communication can be performed with low power as compared with Bluetooth. In addition, the pairing digital system 100 and the pair system 200 may perform various short-range wireless communications (e.g., IrDA, UWB, etc.) according to an embodiment, and the pairing digital system 100 And the pair system 200 may be provided with predetermined configurations for the environment required for the wireless communication.

According to one embodiment, the pair system 200 may be a system driven by an RF signal output from the pairing digital system 100 without its own power source. That is, RFID communication or NFC communication can be performed. For example, the pair system 200 may be implemented as an RFID tag, or may be a predetermined device including the RFID tag. In this case, the pairing digital system 100 may serve as a reader capable of performing communication with the RFID tag. The pairing digital system 100 may then output a predetermined RF signal to search for the pair system 200 or to receive certain information stored in the pair system 200. In addition, the communication distance between the pairing digital system 100 and the pair system 200 may vary according to the output power of the pairing digital system 100.

Generally, the pair system 200 can be implemented to be carried in a user's purse. Then, when the user is carrying the pairing digital system 100, a communication protocol capable of performing contactless communication with the pair system 200 located in the purse can be selected to implement the technical idea of the present invention . It is preferable that a configuration to which such a communication protocol can be applied be provided in the pairing digital system 100 and the pair system 200.

According to one embodiment, the pairing digital system 100 and / or the pair system 200 may perform communication using a plurality of different communication protocols. For example, the communication unit 130 included in the pairing digital system 100 may include a first communication module 131 and a second communication module 132. For example, the first communication module 131 may be a communication means for performing an alarm pairing function as will be described later, and the second communication module 132 may be a communication means for obtaining security information. Of course, the first communication device 221 and the second communication device 222 corresponding to the first communication module 131 and the second communication module 132 may be provided in the pair system 200 .

The first communication module 131 may be a communication unit having a longer communication distance than the second communication module 132. The first communication module 131 and the first communication device 221 included in the pair system 200 maintain the pairing state and then enter the non-paired state when the pairing digital system 100 and / The system 200 can output a predetermined alarm signal. To this end, the pairing digital system 100 and the pair system 200 may further include an alarm unit 140, respectively. Or the distance between the pairing digital system 100 and the pair system 200 can be determined according to the communication state of the first communication module 131 and the first communication device 221, The alarm signal can be outputted when the distance between the first and second sensors 100 and 200 is more than a certain distance. Of course, the two systems 100 and 200 may be judged to be in a pairing state only if they are within the predetermined distance even within the communicable distance.

The first communication module 131 and the first communication device 221 periodically or continuously determine whether the first communication module 131 and the first communication device 221 are in a pairing state. When it is determined that the first communication module 131 and the first communication device 221 are spaced apart from each other by more than a predetermined distance, As a means for judging whether or not it is possible.

Even when the first communication module 120 and the first communication device 221 are provided as means for pairing of alarms, the first communication module 120 and the first communication device 221 Some information (for example, necessary information) for realizing the technical idea of the invention can be transmitted or received more easily. That is, since the first communication module 120 and the first communication device 221 search for a system to be paired in order to determine whether or not they are in a pairing state, Can be transmitted and received.

According to another embodiment, the first communication module 131 and the first communication device 221 are only involved in performing an alarm pairing function, while the second communication module 132 and the second communication device 222 are related to each other, May be used to transmit and receive necessary information. That is, the pairing digital system 100 and the pair system 200 can perform communication through different communication protocols. In this case, it may be assumed that communication through the different communication protocols is free of collisions. Alternatively, the pairing digital system 100 and / or the pair system 200 may further include predetermined means capable of avoiding a collision even when a collision occurs. In the present specification, in order to emphasize the technical features of the present invention, two systems 100 and 200 will not consider a collision when a communication is to be made or a technical idea for avoiding the same.

The first communication protocol, that is, the communication protocol performed by the first communication module 131 and the first communication device 221 is a second communication protocol, that is, the second communication module 132 and the second communication device 222 May be a protocol capable of performing communication with a relatively long distance as compared with the communication protocol performed by the mobile communication terminal. According to an embodiment, the first communication protocol may be a protocol for relatively long communication such as Bluetooth, Zigbee, etc., and the second communication protocol may be a communication protocol for NFC (including RFID communication) communication.

Because the first communication protocol is for alarm pairing and is a protocol for determining that the pairing digital system 100 and the pair system 200 are within a certain distance, While the second communication protocol is for exchanging information, because it may be desirable for the two systems 100, 200 to be at a closer distance for information exchange.

In addition, when the second communication protocol is NFC, it may not be necessary to perform a separate pair formation procedure or pair authentication procedure again for information exchange, and information exchange may be performed immediately through tagging.

In addition, there is an effect that the target to communicate with the second communication protocol can be specified to the pair system 200 is performing communication with the first communication protocol. That is, the pair system 200 that can communicate through the second communication protocol may be limited to the pair system 200 in which pairing is maintained through the first communication protocol. For example, the pair system 200 that performs communication through the first communication protocol records information capable of identifying the second communication module 132, and the second communication module 132 communicates only with the pair system 200 in which the information is recorded . ≪ / RTI >

In any case, the pairing digital system 100 and the pair system 200 have one communication means, and the communication means may perform an alarm pairing function and / or an information exchange function. Alternatively, each of the pairing digital system 100 and the pair system 200 includes a plurality of communication means, one of the communication means performs an alarm pairing function, and the other one performs an information exchange function .

According to the technical idea of the present invention, the user can obtain security information through the pairing digital system 100 without removing the pair system 200 from the purse. Acquisition of such security information may be possible only in the state where the pairing state is maintained or only when at least one tagging is performed. In a state where the pairing state is maintained, the user can make a predetermined input or request, and the necessary information can be obtained. Or tagging itself may be treated as an act of requesting the necessary information. The pairing digital system 100 and the pair system 200 can periodically or continuously communicate with each other to determine whether or not the pairing state is maintained. Only when the pairing is required, the pairing digital system 100 and The pair system 200 may be paired through a predetermined pair forming procedure and / or a pair authentication procedure.

According to the technical idea of the present invention, when the pairing digital system 100 and the pair system 200 are separated from each other by a predetermined distance or in a non-pairing state (Hereinafter, when the alarm output condition is satisfied), it is possible to output a predetermined alarm signal. In addition, in the present invention, the pairing state is maintained, and when the alarm output condition is satisfied, the predetermined alarm signal is defined as an 'alarm pairing' function. The alarm signal may be a predetermined voice signal, a visual signal using a lamp or predetermined display information, or may be a tactile signal such as a vibration.

Thereby, there is an effect that a legitimate user blinks and the risk of losing or moving the pairing digital system 100 or the pair system 200 is reduced. Of course, there is also an effect that can reduce the probability of being stolen by others.

On the other hand, when a legitimate user desires to possess only one of the pairing digital system 100 or the pair system 200 intentionally, the pairing digital system 100 100) or the pair system 200 may be implemented.

The 'alarm pairing' according to the embodiment of the present invention is based on the assumption that the pairing digital system 100 and the pair system 200 are paired in a normal case. That is, when the pairing digital system 100 and the pair system 200 are separated from each other by a predetermined distance, that is, when a non-paired state is established, a predetermined alarm signal can be output. And the pair system 200 are in a pairing state. Accordingly, the pairing digital system 100 or the pair system 200 may be omitted from the pair authentication procedure for obtaining the necessary information (i.e., the procedure for authenticating whether the system is a pair-specified system by a pair forming procedure) The necessary information can be obtained by a simple method such as a signal receiving method through the specific button of the digital system 100 or the pair system 200. [

In addition, the necessary information acquisition in the 'alarm pairing' state is not necessary because a pairing procedure is not required between the pairing digital system 100 and the pair system 200, so that a very efficient effect is obtained in terms of speed, Can be greatly improved. This difference in effectiveness is inherent to maintaining the pairing status continuously (or periodically in very short time units) in the case of 'alarm pairing' It can be said that pairing is performed by the pair system 200 because it is performed once or on a single occasion.

Depending on the implementation, i.e., the manner in which the pairing digital system 100 and the pair system 200 communicate, the user may select a predetermined Performing the act of locating the pairing digital system 100 within the distance to the pair system 200 or placing the pair system 200 within a predetermined distance of the pairing digital system 100 It is possible. For example, the pairing digital system 100 includes an NFC (Near Field Communication) chip, and the pairing digital system 100 and the pair system 200 can perform NFC communication. In this case, the user may perform pairing by positioning the pairing digital system 100 and the pair system 200 within a predetermined distance (e.g., 10 cm), i.e., performing tagging.

For example, a user may bring the pairing digital system 100 closer to his wallet. That is, tagging can be performed. Then, the pairing digital system 100 is paired with the pair system 200 in the wallet. At this time, predetermined information for implementing the technical idea of the present invention can be exchanged.

In addition, the pairing digital system 100 may finally acquire necessary information only when performing a plurality of tagging. That is, some of the processes required to acquire necessary information during or after each tagging may be performed sequentially.

For example, the pairing digital system 100 and the pair system 200 need to be tagged a predetermined number of times a plurality of times to transmit necessary information from the pair system 200 to the pairing digital system 100 . For example, in the case of tagging once, the pairing digital system 100 and the pair system 200 may perform a pair authentication procedure for authenticating whether the system is a pair system. Once tagged again, the necessary information stored in the pair system 200 may be transmitted to the pairing digital system 100.

The process by which the pairing digital system 100 is to be performed in order to obtain the necessary information (for example, at least a part of the specific application or at least a part of the key information) may be performed in such a plurality of times, The process to be performed separately may be performed each time a plurality of times of tagging are performed. Or all of the plurality of processes may be performed while the last tagging among the plurality of tagging is performed.

Meanwhile, the pairing digital system 100 may further include an alarm unit 140. The pair system 200 may further include a predetermined alarm device (not shown). The alarm unit 130 or the alarm device (not shown) may output a predetermined alarm signal. The alarm signal may be a signal for informing the user when the pairing digital system 100 and the pair system 200 are separated by a predetermined distance or more. Although the alarm signal may be a voice signal, the alarm signal may be implemented as various types of signals for allowing the user to recognize that the pairing digital system 100 and the pair system 200 are separated by a predetermined distance or more, such as a vibration or a display signal.

3 is a diagram illustrating an example of a method of forming a pair by a pairing digital system and a pair system according to an embodiment of the present invention.

Referring to FIG. 3, a pair forming procedure can be performed by directly inputting the identification information of the pairing digital system 100 or the pairing system of the pair system 200.

According to one embodiment, the pairing digital system 100 may be provided with a predetermined application 10 for implementing the technical idea of the present invention. The application may be downloadable from the pairing digital system 100 or a predetermined web server operated by a providing entity or a utilizing entity of the pair system 200.

The user can execute the application 10, and a UI as shown in Fig. 3 can be provided to the user. Then, the user can input identification information of the pair system 200 to be a pair with the pairing digital system 100 through the UI. The input identification information can be stored in a predetermined storage device, and the communication module 120 can confirm the stored identification information.

For example, there may be a case where the pairing digital system 100 is a mobile phone, and the pair system 200 is a smart card that can be paired with the pairing digital system 100. In this case, the pairing digital system 100 may download the application 10 on a web site of a card company or financial institution providing the smart card, or in a predetermined app store or the like. Then, after the user of the pairing digital system 100 executes the application 10, the user can perform the pair forming procedure by inputting the identification information of the smart card.

Meanwhile, according to an embodiment, the pair system 200 may also be a system in which a predetermined application can be operated. In this case, the pair forming procedure may be performed by inputting the identification information of the pairing digital system 100 through a predetermined application installed and executed in the pair system 200.

When the pair formation procedure is performed by the user, the user can select a pair system 200 that is paired with the pairing digital system 100 of his / her own, and can select a pair system 200 capable of implementing the technical idea of the present invention A pair system 200 that is a pair with the pairing digital system 100 may be changed, or a plurality of pairs may be used as a pair system.

On the other hand, a system to be paired in advance may be determined by the providing system of the pairing digital system 100 or the pair system 200. In this case, the information about the pair system 200 may be stored in advance in the pairing digital system 100, or the information about the pairing digital system 100 may be stored in advance in the pair system 200, Or distributed. According to an embodiment, the providing entity may sell or distribute the pair system 200 (or the digital system 100) to the user while selling or distributing the pairing digital system 100 (or the pair system 200) can do. Particularly, this may be the case in the case of a manufacturer or a distributor who intends to manage a customer or a community with a clouding system, or to conduct a business related to authentication or settlement utilizing the technical idea of the present invention. In a case where the alarm pairing is performed first and the pairing for acquiring necessary information according to the technical idea of the present invention is performed in the alarm pairing state, a system that is a pair of each of the pairing digital system 100 and the pair system 200 Is more likely to be predetermined in the distribution and manufacturing stages.

Meanwhile, in order for the pair forming procedure to be performed, the pairing digital system 100 and the pair system 200 may communicate with each other. For example, in order to perform the pair forming procedure, a user may input a predetermined signal to the pairing digital system 100 or the pair system 200 in advance to request the pair forming procedure to be performed. When such a signal is input, the pairing digital system 100 or the pair system 200 can know in advance that a pair forming procedure is performed. The pairing digital system 100 and the pair system 200 can then communicate with each other. The pairing digital system 100 may then receive identification information identifying the pair system 200 from the pair system 200. According to an embodiment, the pairing digital system 100 may transmit the identification information of the pairing digital system 100 to the pair system 200. Alternatively, both of these processes may be performed. The identification information of the transmitted pair system 200 or the identification information of the pairing digital system 100 may be recorded in the pairing digital system 100 or the pair system 200, respectively.

When the identification information of another system to be a pair in one of the systems is recorded, the pair formation procedure can be completed. When the pair forming procedure is completed, the pairing digital system 100 (or the pair system 200) communicates with the pair system 200 (or the digital system 100) corresponding to the identification information recorded in the pairing digital system 100 If possible, within a certain distance, or in case of tagging.

Of course, pairing may be performed in each of the pairing digital system 100 and / or the pair system 200 to determine whether the system is a paired system through a pair formation procedure.

If the pair forming procedure is performed and the pair authentication procedure is further performed if necessary, the pairing digital system 100 and the pair system 200 can be put into a pairing state. Or tagging may be performed at least once. Then, a specific function that can be performed in the pairing digital system 100 as described above can be performed. That is, the specific function may be performed only when the pairing digital system 100 and the pair system 200 are in a pairing state or at least once tagged.

An example of the case where the specific function is a modification function of the first information is shown in Figs.

4 is a diagram illustrating an example of a manner in which a pairing digital system protects information about the owner in accordance with an embodiment of the present invention. 5 is a diagram illustrating a method by which a pairing digital system can delete or change information about an owner according to an embodiment of the present invention.

4, the controller 110 stores at least one first information (e.g., first owner information, second owner information) in a predetermined protection area 121 included in the storage unit 120, Can be stored. That is, according to an embodiment, the pairing digital system 100 may additionally store new owner information without deleting or changing information on the existing owner every time the owner changes. In this case, the protection area 121 may perform the same function as a registration part of the pairing digital system 100. Also, in this case, information on a plurality of owners stored in the protection area 121, that is, information for marking information on the current owner of the first information, may be further stored. Depending on the implementation, the last stored first information may be treated as information about the current owner.

The control unit 110 may monitor an I / O call (for example, a message, a request, etc.) requesting access to the protection area 121 among various processes activated in the pairing digital system 100. In addition, the control unit 110 may store information (or information on an application) of a predetermined authorized process 20. The control unit 110 monitors the I / O call and determines whether an authorized process 20 accesses the protection area 121 and / or whether the protection area 121 is to be modified have. According to one embodiment, the controller 110 may determine whether the call is from the authorized process 20 by hooking the I / O call. Then, the control unit 110 may selectively process the I / O call (that is, perform an operation corresponding to the actual I / O call) or invalidate the I / O call. For normal processing, the controller 110 may output a new I / O call that causes the result of the call to be received by the process 20. Or may output a null signal to the process 20 to invalidate the I / O call output from the process 20 or may not perform any response.

As a result, the control unit 110 may selectively access the protection area 121 to modify the protection area 121. At this time, if the communication unit 130 and the pair system 200 are not paired or the tagging is not performed at least once, the control unit 110 may modify the protection area 121 output from any process Or to request a request to do so. In addition, if the communication unit 130 and the pair system 200 are paired or tagging is performed at least once, the modification request of the protection area 121 output from the specific process 20 can be selectively granted .

According to one embodiment, when the pair system 200 is paired or tagged at least once, the controller 110 may be configured to modify any process in the protection area 121 . However, in order to achieve higher security, in this case, the protection area 121 may be modified only by a specific process, that is, a pre-authorized application.

In addition, the pre-authorized application may be stored in the pairing digital system 100 in advance. However, the pair system 200 may store information necessary for executing the application, that is, necessary information. The necessary information may mean information necessary for execution of the application. The required information may be, for example, all or part of the software code of the application. That is, if there is not all or a part of the code of the application, the application is not performed. According to an embodiment, there may be a case where predetermined key information is required to execute the application. For example, a password, a serial number, or the like must be input before the application may be executed, in which case at least a part of the key information may be the necessary information.

Referring to FIG. 5, the pairing digital system 100 may be implemented such that modification (recording, deletion, and / or modification) of the first information is performed only through a predetermined application 30. The application 30 can then be executed in the pairing digital system 100, as long as all of the necessary information for executing the application 30 is stored in the pairing digital system 100. [

According to one embodiment of the present invention, the necessary information includes at least the code of the application (30). According to an embodiment, key information may be further included in the necessary information.

All of the necessary information may be stored in the pairing digital system 100 in advance. In such a case, the control unit 110 may determine whether the pairing digital system 100 and the pair system 200 are in a pairing state or at least once tagged, and may execute the application 30 according to the determination result. Then, the user can modify the first information through the application (30). When the application 30 is executed at least once, the control unit 110 may execute the application 30 only within a predetermined time after being tagged at least once.

According to another embodiment, at least some of the necessary information may be stored in the pair system 200. 5, the controller 110 determines whether the pairing digital system 100 and the pair system 200 are in a pairing state (S10). If the pairing digital system 100 and the pair system 200 are in a pairing state, 200) to receive the necessary information stored in the pair system 200 (S11). Then, the control unit 110 may store the received necessary information in the storage unit 120. [ If necessary, the controller 110 may generate the application code by combining information received from the pair system 200 and information stored in the pairing digital system 100 in advance, or may generate the key information. Then, the control unit 110 may execute the application 30. [ Of course, the controller 110 determines whether the tagging has been performed at least once (S20), and may receive the necessary information from the pair system 200 according to the determination result (S21).

When at least a part of the information required for the application to be executed is stored in the pair system 200, the case where the pairing digital system 100 executes the application 30 even when an attack such as hacking is performed, As shown in FIG.

In order to maintain this effect, the control unit 110 may further perform a predetermined security procedure. That is, information received from the pair system 200 or information (for example, application code or key information, etc.) generated based on the received information to execute the application 30 is transmitted to the pairing digital system 100 , If the pairing digital system 100 executes the application 30 once and the pairing digital system 100 stores all the information necessary for execution of the application 30 Lt; / RTI > Therefore, when the execution of the application 30 is terminated, the control unit 110 can delete information received from the pair system 200 and / or information generated based on the received information. In addition, when the application 30 is running, it may monitor an I / O call that is called in the pairing digital system 100 to prevent duplication of the application.

On the other hand, a concrete example in which the pair system 200 stores at least a part of the necessary information is shown in FIG. 7 is a diagram for explaining a method of controlling execution of a specific application according to an embodiment of the present invention.

7A, in order to control the execution of the specific application 61 by the pairing digital system 100 according to the embodiment of the present invention, information necessary for execution of the specific application 61, that is, necessary information (60) needs to be defined. The necessary information 60 may be the code of the specific application 61 itself. Predetermined key information 62 may be further included in the necessary information 60 according to the type of the specific application 61. [

Then, as shown in FIG. 7B, the pairing digital system 100 may store all of the necessary information 60 (61 and 62). Then, the necessary information 60 may not be stored in the pair system 200 at all. In this case, the transmission of at least a portion of the necessary information 60 may not occur while the pairing digital system 100 and the pair system 200 are in the pairing state or at least once the tagging is performed.

According to another embodiment, as shown in FIG. 7C, only a part of the application 61-1 of the necessary information is stored in the pairing digital system 100, and the remaining part 61-2 is stored in the pair system 200, May be stored. The remaining portion 61-2 may then be transmitted to the pairing digital system 100 while the pairing digital system 100 and the pair system 200 are in the pairing state or at least once the tagging is performed. Then, the control unit 110 may generate the application 61 by combining the part 61-1 of the application with the remaining part 61-2. The combination of the portion 61-1 of the application and the remaining portion 61-2 may be a process of simply concatenating the two codes or may be a combination through a predetermined algorithm. Similar processing may be performed when the key information 62 is stored in the pairing digital system 100 and the pair system 200 separately.

On the other hand, all of the necessary information 60 (61 and 62) may be stored in the pair system 200 as shown in FIG. 7D. In this case both of the necessary information 60 (61 and 62) are transmitted to the pairing digital system 100 while the pairing digital system 100 and the pair system 200 are in the pairing state or at least once during tagging Lt; / RTI >

On the other hand, the technical idea as described in Figs. 4, 5, and 7 need not be applied to applications in which the application can modify the first information. That is, the technical idea as described above may be applied to all applications executable in the pairing digital system 100. As a matter of course, an application to which the technical idea of the present invention is applied may be predetermined and a state that should be recognized by the control unit 110 as needed.

An example of this is shown in Fig.

6 is a diagram for explaining a concept that execution of a specific application is controlled according to a method of providing a pairing digital system according to an embodiment of the present invention.

Referring to FIG. 6A, the pairing digital system 100 may execute certain applications (e.g., 40, 41). The first application (e.g., 40) may be an application to which the technical idea of the present invention is not applied, and the second application (e.g., 41) may be an application to which the technical idea of the present invention is applied, ). ≪ / RTI >

Hereinafter, a first application (for example, 40) is defined as general software, and an application whose execution is controlled by the pair system 200 such as a second application (for example, 41) is defined as security software do.

For example, if a user enters an execution request for generic software, such as the first application 40, into the pairing digital system 100, the pairing digital system 100 may execute the first application 40.

Meanwhile, when the user inputs an execution request of security software such as the second application 41 to the pairing digital system 100, in order for the second application 41 to be executed as shown in FIG. 6B, The UI 50 indicating that the digital system 100 and the pair system 200 are in a pairing state or that tagging should be performed at least once may be displayed.

At this time, at least a part of the necessary information corresponding to the second application 41 may be stored in the pair system 200. Even if all of the necessary information is stored in the pair system 200, predetermined information (e.g., an icon, etc.) that can identify the second application 41 may be stored in the pairing digital system 100 . This allows the user to determine that the second application 41 can be executed in the pairing digital system 100 when the pairing digital system 100 and the pair system 200 are in a pairing state or at least once tagged Able to know. According to an embodiment, if the pairing digital system 100 and the pair system 200 are tagged in the pairing state or at least once, the second application 41 may be automatically executed without a separate execution request.

According to the technical idea of the present invention, the control unit 110 not only can control the execution of the second application 41 through the pair system 200, It is possible to control whether or not some of the functions to be executed are executed. For example, some of the functions of the second application 41 may be executed even if the pairing digital system 100 and the pair system 200 are not in a pairing state or at least once tagging is performed. However, the predetermined function may be executed only when the pairing digital system 100 and the pair system 200 are in a pairing state or at least once tagging has been performed. Information indicating whether the control function is a certain function or not may be registered in the control unit 110 in advance or may be included in the second application 41. [ Then, the control unit 110 determines whether the pairing digital system 100 and the pair system 200 have been tagged in the state of being paired or at least once, and determines whether to perform the control function according to the determination result It can be judged.

For example, the second application 41 may be a program for searching a file and / or a folder of the file management program (e.g., Windows Explorer or the like), i.e., the pairing digital system 100. Then, the file management program may be executed in a state of being paired with the pair system 200 or at least once. According to another embodiment, the execution of the file management program may be performed in a pairing state or at least once even if no tagging is performed. However, the predetermined file or folder managed by the file management program (that is, It may be necessary to perform tagging with the pair system 200 or at least once. That is, at this time, the file management program may selectively apply only the access function of the file or folder to the technical idea of the present invention.

The second application 41, that is, the control application controlled by the pair system 200 to which the technical idea of the present invention is applied, may be a user application that can be installed in the pairing digital system 100 by a user , A unit application of the OS installed in the pairing digital system 100, or a unit application of the firmware. For example, if the pairing digital system 100 is a mobile phone, the application may be an application that allows the mobile phone to perform a call. Then, the execution of the application itself may be controlled by the pair system 200, and only some functions of the application (e.g., outgoing call function) may be controlled.

Depending on the implementation, the security software may be the operating system or firmware itself to drive the specific hardware provided in the pairing digital system 100 itself or the pairing digital system 100 itself. In this case, according to the technical idea of the present invention, the pairing digital system 100 itself is set to enable the pairing digital system 100 and the pair system 200 to be in a state of being paired or at least once tagged . Of course, at this time, the minimum hardware necessary for performing pairing or tagging, such as the communication unit 130 of the pairing digital system 100, and / or the software for driving the hardware should preferably operate normally. The control unit 110 can enable or disable the specific hardware by changing or adjusting the setting of the software that drives the specific hardware to be controlled, that is, the application. If necessary, the application may be a different application, such as a pairing state or an application (e.g., a device driver) that drives specific hardware when tagging is performed, and an application when not. It is also possible to selectively determine the software for driving the specific hardware, or to control only the specific functions of the specific hardware by changing the settings of the software. For example, a particular communication chip (e.g., Bluetooth or NFC chip) may be activated only when it is paired with the pair system 200 or at least once tagged. Or only a certain function of the communication chip (for example, a card emulation function of an NFC chip) may be controlled. Or a network device for connecting to a predetermined network such as the Internet may be activated only in the state of being paired with the pair system 200 or at least once. Various other embodiments may be possible. In particular, if a higher level of security is required, such as accessing important information or performing financial functions, this technical idea of the present invention may be more effective.

According to the technical idea of the present invention, the second application 41, that is, the security software can be applied to an authentication related application requiring security, an application used for a financial transaction, and the like, and thus can have a superior security effect. For example, the second application 41 may be a client application that connects to a specific financial institution and enables financial transactions (for example, ordering, payment, etc. of a transfer, stock or gift) to be performed. The server (not shown) of the specific financial institution can control the financial transaction to be performed only through the second application 41. The second application 41 can be executed only when the pairing digital system 100 and the pair system 200 are in a pairing state or tagged at least once, as described above. In this case, even if the authentication information capable of authenticating the user is leaked, the financial transaction through the specific financial institution can be prevented from being stolen by the hacker or the fraudulent acquirer until the pairing digital system 100 and the pair system 200 are stolen It can be unacceptable and very safe.

Further, when the information about the pairing digital system 100 and the pair system 200 is predetermined and registered in the server of the specific financial institution, a higher security effect can be obtained. That is, a financial transaction may be permitted if the pairing digital system 100 and / or the pair system 200 registered in the server of the specific financial institution is in a pairing state or must be tagged at least once. When the second application 41 is executed, the second application 41 transmits the identification information of the pairing digital system 100 and / or the identification information of the pair system 200 to the server of the specific financial institution And the server may allow financial transactions only if the registered identification information and the information received from the second application 41 correspond.

Of course, this technical idea may be applied to the specific function of the second application 41. [ That is, the execution of the second application 41 can be performed freely, but the specific function (e.g., order, payment, etc. of the transfer, stock or gift, etc.) (100) and the pair system (200) are in a pairing state or tagged at least once. At this time, the specific function may be permitted by the server of the specific financial institution only if the pairing digital system 100 and / or the pair system 200 is a system registered in advance in the server of the specific financial institution.

Even when the specific functions of the second application 41 or the second application 41 are executed using specific hardware (for example, NFC chips, etc.) provided in the pairing digital system 100, Thoughts can be applied.

Specific embodiments of the security software as described above will be described later with reference to FIGS. 10 to 12

8 is a diagram showing a schematic configuration of a pair system according to an embodiment of the present invention. 8, the pair system 200 may include a storage device 212 and a communication device 220 capable of performing communication with the communication unit 130 included in the pairing digital system 100 .

According to an embodiment, the pair system 200 may have data processing capability by itself, and in this case, a predetermined control device 211 may be further provided.

According to one embodiment, the pair system 200 may be implemented with a smart card including the storage device 212 and the control device 211. In this case, the pair system 200 may be a system in which the smart card is further provided with a communication device 220 for implementing the technical idea of the present invention in the conventional control device 211 and the storage device 212 .

Meanwhile, according to another embodiment, the pair system 200 may merely perform a function of forming a pair with the pairing digital system 100 only. In this case, at least one of the control device 211 and / or the storage device 212 may not be included in the pair system 200.

For example, the pair system 200 may include a communication device (e.g., RF communication device 220, etc.). In some implementations, the communication device (e.g., RF communication device 220, etc.) itself may be the pair system 200. According to one embodiment, the communication device (e.g., RF communication device 220, etc.) may include a predetermined RF antenna.

The communication device 220 may be implemented, for example, as an RFID tag. According to an embodiment, the pair system 200 itself may be the RFID tag. According to another embodiment, the communication device 220 may include an RF reader. In any case, the communication device 220 may be configured to communicate with the communication unit 130 included in the pairing digital system 100.

Also, the pairing digital system 100 and / or the pair system 200 according to an embodiment of the present invention may be configured to provide the digital system 100 and the pair system 200, It may further include means for outputting a predetermined alarm signal so that the user can recognize the alarm signal. Means for measuring the distance between the pairing digital system 100 and the pair system 200 for outputting the alarm signal are further provided in the pairing digital system 100 and / or the pair system 200, respectively . In some implementations, the distance may be measured based on the communication state (signal strength, etc.) of the communication unit 130 or the communication device 220, and in this case, It is possible.

9 is a diagram for explaining a concept of a security digital system or a pair system outputting an alarm signal according to an embodiment of the present invention.

Meanwhile, the pairing digital system 100 according to the embodiment of the present invention may further include an alarm unit 140. The alarm unit 140 may output an alarm signal when the pairing digital system 100 and the pair system 200 are in a non-paired state (that is, when they are separated by a predetermined distance or more).

This example will be described with reference to FIG. 9. Referring to FIG. 9, the controller 110 included in the pairing digital system 100 may determine whether pairing with the pair system 200 is maintained (S14). That is, the controller 110 can confirm whether or not the alarm is paired. Of course, the alarm pairing function may be activated or deactivated at the request of the user.

At least a portion of the necessary information stored in the pair system 200 may be transmitted to the pairing digital system 100 when a predetermined event occurs in the alarm pairing state (e.g., when a request is entered from the user or automatically) (S24). As described above, execution of a specific application (or a specific function of a specific application) may be controlled, or activation of the specific hardware (or a specific function of the specific hardware) may be controlled (S24-1).

Meanwhile, when the pairing digital system 100 and the pair system 200 are in a non-paired state while the pairing state (i.e., the alarm pairing state) is maintained, or when the two systems 100 and 200 are separated from each other by a predetermined distance , The alarm output condition can be satisfied. Then, the control unit 110 may control the alarm unit 140 to output a predetermined alarm signal (S34). According to an embodiment, the pair system 200 may also output a predetermined alarm signal (S34-1).

The pair system 200 may also periodically or continuously determine whether a pairing state (i.e., an alarm pairing state) with the pairing digital system 100 is maintained. For example, the pair system 200 periodically or continuously receives a predetermined signal from the pairing digital system 100, and if the signal is no longer received, the pair system 200 determines that the alarm output condition is satisfied and outputs an alarm signal have.

As described above, the pairing digital system 100 and / or the pair system 200 may be configured such that the pairing digital system 100 and the pair system 200 are spaced apart from each other by a predetermined distance The alarm signal may be output.

For example, as described above, the pairing digital system 100 and the pair system 200 may be paired only within a first distance (e.g., 10 cm), and the alarm signal may be paired at a second distance (e.g., several meters) And may be output when the pairing digital system 100 and the pair system 200 are disconnected.

According to one embodiment, the pairing digital system 100 and / or the pair system 200 provides an alarm pairing function, and the pairing digital system 100 or the alarm pairing as described above, (For example, 1 meter or 10 centimeters in the case of NFC), and the alarming distance is set to be longer than the reference distance of the alarm pairing Signal.

If the alarm pairing function is disabled or the alarm pairing function is not provided, even if the pairing digital system 100 and the pair system 200 satisfy the alarm output condition, The pairing digital system 100 and the pair system 200 may perform the same or similar operations.

10 is a diagram for describing security data whose execution is controlled according to an embodiment of the present invention.

Referring to FIG. 10, at least one secure data may be included in the pairing digital system 100 according to the spirit of the present invention.

The security data may be stored in the storage unit 120 included in the pairing digital system 100. The security data may be software executable by a user's request, that is, an application, and includes all information that security needs to be provided according to the technical idea of the present invention, such as an image, a video, an email, or personal information. Can be.

For example, the pairing digital system 100 may store first to fourth applications app.1 to app.4 as shown in FIG. In addition, a plurality of images (image 1 to image 3) may be included.

Among them, the first application and the second application may be general software, and the third application and the fourth application may be secure data. That is, to execute the third application and the fourth application, it may mean that the predetermined pair system 200 and the pairing digital system 100 are in a pairing state or must be tagged at least once.

In addition, a first image of the plurality of images (image 1 to image 3) may be security data.

The third application and the fourth application may be applications that are automatically set as secure data by the pairing digital system 100. Alternatively, the application may be an application previously set as secure data by a distribution agent of the third application and the fourth application. Alternatively, the controller 110 included in the pairing digital system 100 may receive a security data setting request for data such as an application or information from a user. Then, the controller 110 may set the data as secure data. Of course, the data that has already been set as security data by the user's setting request may be set as general data.

According to an embodiment of the present disclosure, there may be one pair system corresponding to the pairing digital system 100. According to an embodiment, there may be a plurality of pair systems corresponding to the pairing digital system 100. In this case, pair systems or security data corresponding to security data or pair systems may be determined. Accordingly, when the controller 110 receives a setting request for setting predetermined data as security data from the user, the controller 110 may receive identification information of the pair system corresponding to the data. The method of receiving identification information of the pair system may vary. For example, as illustrated in FIG. 3, a user may directly input identification information of the pair system through a predetermined UI provided by the pairing digital system 100. Alternatively, the control unit 110 may automatically receive identification information corresponding to predetermined security data by requesting a user to perform a pairing state or at least one tagging between the communication unit 130 and the pair system.

Then, the controller 110 may store management information including identification information of the pair system corresponding to the security data in the storage 120. The management information may include information on security data (eg, a file name, a stored address, etc.) and identification information of a pair system corresponding to the security data. In addition, the management information may also be security data to be provided with security. Otherwise, if the management information is forged, the technical spirit of the present invention may not be smoothly implemented.

As a result, according to the spirit of the present invention, the control unit 110 receives an access request for secure data among the data stored in the storage unit 120 by a predetermined process or application received by the pairing digital system 100. If so, it may be determined whether it is in a pairing state with the pairing system corresponding to the security data or at least once tagging (hereinafter referred to as 'pair condition') or not. As a result of the determination, the pairing condition must be satisfied to allow the access request.

In some embodiments, additional authentication (eg, user authentication through a password, a pattern, a certificate, etc.) is performed in addition to satisfying a pair condition with a pair system corresponding to the security data as described above in order to allow access to predetermined security data. Etc.) may be required. When the access request for the security data is detected, the controller 110 may request the user for additional authentication before or after the pair condition is satisfied.

The access request for the third application and / or the fourth application, which is secure data, may be an execution request for the third application and / or the fourth application. Then, the controller 110 may control the third application and / or the fourth application to be executed when the pair condition is satisfied. For this control, a method as described in FIG. 4 may be applied, but is not limited thereto.

In addition, the request for access to the first image (image 1), which is security data, may be a display re-request of the first image. Then, the controller 110 may control to display the first image through a predetermined application only when a pair condition is satisfied. In this case, the application itself for displaying the first image may not be secure data.

According to the present invention, there may be various embodiments of how to process the security data (ie, to execute the security data or use it as input data of a predetermined application) when an access request is allowed according to the type of security data. The average expert in the art will be able to reason easily.

On the other hand, the pair system corresponding to the third application and the fourth application that is secure data does not necessarily need to be identical. That is, the pairing digital system 100 in order to allow the access request of the fourth application and the pair system that must satisfy the pair condition with the pairing digital system 100 in order to allow the access request (eg, execution) of the third application. The pair systems that must satisfy this pair condition do not have to be identical.

In this case, when the user sets each data as security data, the user may set a pair system corresponding to the security data, and the set information may be stored in the storage 120 as management information. Then, the control unit 110 may check the management information stored in the storage unit 120 whenever a predetermined pair system and a pair condition are satisfied or whenever an access request for predetermined security data is detected.

For example, if the third application is an application distributed by the first financial institution, the third application may be set to correspond to a pair system (eg, credit card, security card, etc.) issued by the first financial institution, and the fourth application. If the application is an application distributed by a second financial institution, the fourth application may be set to correspond to a pair system (eg, credit card, security card, etc.) issued by the second financial institution. Accordingly, when a pair system corresponding to each application can be set, the execution control policy or service policy of the application can be flexibly set for each distribution subject of the application.

When a request for confirming information on secure data stored in the pairing digital system 100 is input, the pairing digital system 100 may display information corresponding to the secure data (eg, as shown in FIG. 10). Icon, file information, etc.) may be displayed on a display device provided in the pairing digital system 100. In this case, a predetermined icon (for example, to distinguish general data (that is, data for which security is not provided according to the spirit of the present invention) and security data (for example, app. 3, app. 4, image 1) can be distinguished. Lock icon of FIG. 10 may be displayed to be associated with the security data.

According to an embodiment, the pairing digital system 100 may prevent the information corresponding to the security software from being exposed to a general file management program (eg, a searcher). In addition, security data stored in the pairing digital system 100 may be checked or searched only by predetermined software for implementing the technical idea of the present invention, that is, security management software. In addition, when the at least one security data is controlled to be accessible only by the security management software, the security management software itself may perform a function of a folder for security data.

The security management software may refer to software capable of processing an access request for security data stored in the pairing digital system 100 and / or setting or releasing security data. That is, the security management software may mean a file management program for security data. According to an embodiment of the present invention, the security management software itself may also be secure data.

Accordingly, in order to execute the security management software, tagging may be performed or paired with a predetermined pair system.

According to an embodiment of the present invention, all security data stored in the pairing digital system 100 may be implemented to be managed only through the security management software (eg, confirmation, access, execution, etc.). In some embodiments, only some of the security data stored in the pairing digital system 100 may be managed through the security management software. That is, security data managed by the security management software may be set by the user or by the pairing digital system 100.

According to an embodiment of the present disclosure, the controller 110 may control access to the security data only through the security management software. Therefore, the user can check the information (eg, icon, file information, etc.) corresponding to the security data stored in the pairing digital system 100 only when the security management software is executed. In addition, the access request is confirmed only after confirming information information corresponding to the security data displayed through the security management software and making an access request (for example, an execution request, a reproduction request, etc.) to the security data through the security management software. It may be controlled to be allowed.

According to an embodiment of the present disclosure, the security management software may be automatically executed when paired with a predetermined pair system or tagged at least once, that is, when a pair condition is satisfied.

Then, the security management software may display information (eg, icon, file information, etc.) corresponding to the security data stored in the storage unit 120. The user checks the information corresponding to the security data displayed through the security management software, and sends an access request (eg, execution request) to a predetermined security data (eg, the first application) to the pairing digital system 100. You can enter Then, the controller 110 may execute the security data (eg, the first application).

Of course, the controller 110 may control access to predetermined security data even when the security management software is not executed if only the pair system and the pair condition are satisfied. In this case, when a request for access to secure data is received by a user, a predetermined process, or an application, the controller 110 may satisfy a pair condition with a pair system corresponding to the secure data without executing the security management software. You can also ask the user. According to another embodiment of the present disclosure, predetermined security data may be automatically accessed (eg, executed, reproduced, etc.) in a predetermined manner when a pair condition corresponding to the secure data is met. For example, if the control unit 110 determines that a predetermined executable application is secure data and a pair system and a pair condition corresponding to the application are satisfied, the control unit 110 may automatically execute the application.

According to an embodiment of the present disclosure, when the access request for predetermined security data (eg, the first application) is received through the security management software, the controller 110 may again be irrelevant to whether a predetermined pair system and a pair condition are satisfied. Access to the secure data (eg, the first application). That is, it may be a condition that only the security management software is executed to access the security data (eg, the first application). In this case, since the security management software itself is secure data, if only a pair condition for executing the security management software is satisfied, the security data (for example, the first application) corresponds to the security data (for example, the first application). It may not be necessary to satisfy the pair condition with the pair system.

According to an embodiment of the present disclosure, when the access request for the security data (eg, the first application) is input by the user after the security management software is executed, the control unit 110 again returns the security data (eg, the first application). The user may be required to satisfy the pair system and pair condition corresponding to the application). In this case, the pair system corresponding to the security data (eg, the first application) may or may not be the same as the pair system corresponding to the security management software. That is, the user can execute the security management software by satisfying the pair condition with the pairing digital system 100 for the first pair system. Information corresponding to at least one security data (eg, an icon, file information, an executable file (link), etc.) may be displayed through the security management software. At this time, any one of the at least one security data displayed may be accessible as soon as an access request is received (or if a pair condition with the first pair system is satisfied). However, the predetermined second security data may be controlled to be accessible only when a pair condition with a second pair system different from the first pair system for executing the security management software is satisfied. In this case, the security can be significantly increased since the user may be required to have two different pair systems in order to access the second secure data.

According to an embodiment of the present disclosure, the security management software may be set to correspond to a plurality of pair systems. The plurality of pair systems may be a pair system corresponding to predetermined security data stored in the storage 120. Therefore, when the first security data of the security data stored in the storage unit 120 corresponds to the first pair system, and the second security data corresponds to the second pair system, the security management software is configured to the first pair. Corresponds to both the system and the second pair system. Therefore, the security management software may be executed if the pair condition with the first pair system is satisfied, or may be executed even if the pair condition with the second pair system is satisfied. The controller 110 may execute the security management software when the pair system and the pair condition in which the identification information is stored in the management information stored in the storage 120 are satisfied.

For example, when the pair condition is satisfied between the first pair system and the pairing digital system 100, the controller 110 may execute the security management software. The security management software can then display information about certain security data.

At this time, according to an embodiment of the present disclosure, the security management software may display only security data corresponding to the first pair system. For example, the third application and the first image of the security data may correspond to the first pair system, and the fourth application may correspond to the second pair system. Then, the controller 110 may execute the security management software when a pair condition with the first pair system is satisfied. The security management software may then display only security data corresponding to the first pair system. That is, information (eg, an icon, etc.) corresponding to the third application and the first image may be displayed. Then, the user may perform an access request for the third application or the first image. Then, the controller 110 may allow access to the third application or the first image. At this time, it may be required to satisfy the pair condition with the first pair system again or not.

Of course, when the second pair system and the pairing digital system 100 satisfy the pair condition, the controller 110 may execute the security management software, and the security management software corresponds to the second pair system. Only information corresponding to the secure data (eg, the fourth application) may be displayed.

As such, the control unit 110 allows access to only the security data corresponding to the pair system where the pair condition is satisfied when the pair condition is met by the paired digital system 100 through the security management software. Can be controlled.

According to this technical idea, the pairing digital system 100 has an effect of providing a virtual secret space or a virtual system environment to a user by the number of pair systems. That is, the data accessible from the pairing digital system 100 may be set differently according to which pairing system the user has.

When the pair condition with the first pair system is satisfied, the controller 110 may display not only security data corresponding to the first pair system but also security data corresponding to another pair system. Of course, the display at this time may be performed by the security management software. For example, security data corresponding to the second pair system may be further displayed. Then, when an access request for the security data corresponding to the first pair system is input, the controller 110 may immediately allow access to the security data, and access the security data corresponding to the second pair system. When a request is input, the user may be required to satisfy a pair condition with the second pair system. Then, the controller 110 may allow an access request for security data corresponding to the second pair system only when a pair condition with the second pair system is satisfied.

According to an implementation example, the pairing digital system 100 may be set as a pair with a predetermined master pair system. The master pair system may be a system for allowing access to all secure data stored in the pairing digital system 100. Therefore, the controller 110 may allow access to any security data when the pair condition with the master pair system is satisfied. Information about the master pair system may also be stored in the storage unit 120 as management information.

The controller 110 may store security data in a predetermined security area. In this case, the security area may be a predetermined physical area included in the storage unit 120. When the general data is set as secure data, the controller 110 may change the storage location of the secure data into the secure area. As described above, when a predetermined security area is set to implement the technical idea of the present invention, the controller 110 can control only the access request to the security area according to the technical idea of the present invention. It may be possible. The secure area is not necessarily a physically contiguous area. Of course, information (eg, an address) about the security area may be stored in the storage 120 in advance. In addition, the size of the security area may be dynamically changed according to the amount of security data.

According to an embodiment of the present invention, the security data need not be set only in units of files. For example, a user may set a specific folder itself as secure data in a folder structure formed in the pairing digital system 100. Setting the folder as secure data may mean that all files included in the folder may be set as secure data.

The security management software searches for and provides a file directory structure of the pairing digital system 100 to the user, and the user may set a predetermined folder as a security folder in the provided file directory structure. Then, the secure folder itself may be set as secure data. Then, in order to access the security folder or data included in the security folder, a pair system and a pair condition may be satisfied according to the technical idea of the present invention.

The security folder may be searchable only by the security management software or may be searched by a predetermined file search program installed in the pairing digital system 100, but a pairing system and a pairing condition may be used to access the security folder. May need to be satisfied.

Meanwhile, the security data according to the embodiment of the present invention does not necessarily need to be set in file units. The security data may be set in units of information handled by a given application.

For example, a predetermined application (eg, a messenger application) may be installed in the pairing digital system 100. The application may be general data. Then, only specific information (eg, a specific message, a message received from a specific person) among the information (eg, a message) handled through the application may be set as secure data. In this case, general information may be accessible (ie identifiable) through the application as long as the application is executed in a conventional manner. However, the information set as the secure data may be implemented to be confirmed through the application only when the pair data and the pair condition corresponding to the secure data or the application are satisfied.

According to an embodiment of the present disclosure, the application may be executed in a general manner, that is, in a conventional general application execution manner, rather than a method in which a predetermined pair system and a pair condition are satisfied as in the technical spirit of the present invention. It may be executed when the technical condition is applied and the pair condition is satisfied. In this case, when executed in a general manner, only general data among data (for example, messages) handled through the application may be confirmed (displayed) through the application. In addition, when the technical idea of the present invention is applied and a predetermined pair system and a pair condition are executed after being executed, the application may check security data among data (for example, a message) handled through the application. May be implemented. According to an embodiment of the present disclosure, execution of the application may first be executed in a general manner, and after execution, if a predetermined pair system and a pair condition are satisfied, access to secure data among information handled through the application may be possible.

To this end, the application itself may provide a function for implementing the technical idea of the present invention. At this time, the security management software as described above may not need to be executed. That is, the application itself may perform a function that the security management software performs. According to an embodiment of the present disclosure, when information handled by the application is stored in a predetermined file, the controller 110 may separately generate a file including only information set as secure data among the information. The technical spirit of the present invention may be implemented by selectively controlling the application to access the file generated by the controller 110 according to whether the pair system corresponding to the application and the pair condition are satisfied. According to an embodiment, a plurality of identical applications may be installed in the pairing digital system 100. Some of the same applications may be set as general data and some may be set as secure data.

As such, an example of setting secure data in units of information handled by an application may be a case where some of messages received from others are set as secure data when the application is a messenger application. Alternatively, when the application is an email client, some of emails received by the email client may be set as secure data. Various other applications may be implemented such that at least some of the information handled by the same as the technical spirit of the present invention is set as secure data. Then, as described above, the controller 110 executing the application may selectively allow access to the secure data according to whether the pair system and the pair condition corresponding to the application are satisfied.

As described above, the security management software for implementing the technical idea of the present invention may be executed when a predetermined pair system and a pair condition are satisfied. According to an embodiment of the present invention, the security management software is executed in advance, and when a pair pair system and a pair condition are satisfied, information about the security data so as to request access to the security data corresponding to the pair system. May be provided.

The control unit 110 is an application capable of executing the security data, and when predetermined data is generated by the execution of the application, the data may also be set as security data. In this case, the generated data may be set to correspond to the pair system corresponding to the application. For example, the predetermined application (eg, word processor, camera application, etc.) may be secure data that is controlled to be executed only when the pairing condition with the predetermined first pair system is satisfied. In addition, the user may generate predetermined data (eg, a document, a photo, etc.) using the application. Then, the controller 110 may also set data (eg, document, photo, etc.) generated by the application as security data. The pair system corresponding to the data (eg, document, photo, etc.) may also be automatically set as the first pair system in the same manner as the application. Therefore, when a predetermined application is set as secure data, the data generated through the application may also be set as secure data, thereby providing security for related data. Of course, according to an embodiment, the pair system corresponding to the data generated through the application may be set differently from the pair system corresponding to the application. In addition, even if the application is secure data by the user's selection, the data generated through the application may be set as general data.

On the other hand, the technical spirit of the present invention described above can be described that the accessible security data may vary depending on the pair system. However, according to another embodiment of the present invention, the pairing digital system 100 may be implemented such that the accessible security data varies depending on how many times the pairing digital system 100 and the predetermined pair system are tagged within a predetermined time. It may be.

For example, the communication unit 100 and a predetermined pair system may be tagged once within a predetermined time. That is, the user may perform the act of approaching the pairing digital system 100 and the pairing system within a predetermined distance during the time. Then, the controller 110 may control a predetermined process or application to be accessible only to the first security data corresponding to one tagging action. In addition, when tagging twice within a predetermined time, the controller 110 may control a predetermined process or application to be accessible only to the second security data corresponding to the two tagging actions. Depending on how many tagging actions are performed within a predetermined time, information about accessible security data may be previously stored in the storage 120 as management information. In addition, when the user sets general data as security data, information on how many tagging actions the security data corresponds to may be set.

According to an embodiment of the present disclosure, when the user tags the pairing digital system 100 and the predetermined pair system once within a predetermined time, the storage unit 120 stores security data corresponding to one tagging action. It can be specified based on the information. Then, the control unit 110 may control such that a predetermined process is accessible only to the specified security data, and may not control access to other security data. In addition, when access to the security data is made by security management software, the control unit 110 determines that the pairing digital system 100 and the pair system have been tagged once within a predetermined time, the security management automatically After executing the software, only the information corresponding to the specified security data can be displayed through the security management software. The user or certain process may then only be able to access secure data corresponding to the displayed information.

If the user tags the pairing digital system 100 and the predetermined pair system N times (N is a natural number) within a predetermined time, the storage unit 120 stores security data corresponding to N tagging actions. It can specify based on management information. Then, the control unit 110 may control such that a predetermined process is accessible only to the specified security data, and may not control access to other security data. In addition, when access to security data is made by security management software, when the control unit 110 determines that the pairing digital system 100 and the pair system have been tagged N times within a predetermined time, the security management software automatically. After executing, only the information corresponding to the specified security data can be displayed through the security management software. The user or certain process may then only be able to access secure data corresponding to the displayed information.

As such, according to the spirit of the present invention, accessible security data may be determined differently according to the number of taggings performed within a predetermined time. Therefore, there is an effect that it is possible to provide a plurality or a plurality of virtual (secret) space or a virtual (secret) system environment through one or a small number of pair systems.

11 is a view for explaining the security management software according to an embodiment of the present invention.

As shown in FIG. 11, predetermined security management software may be installed in the pairing digital system 100. Through the security management software, a user may set general data as security data or security data as general data.

The security management software may display information about predetermined security data (eg, the third application (app. 3) and the fourth application (app. 4)) corresponding to the pair system as shown in FIG. .

According to one embodiment, the security management software itself may be security data as described above. In addition, access to the security data may be possible only when the security management software is executed. Therefore, in order to access certain security data (eg, a third application), the security management software may need to be executed first. When the security management software is executed, the security data provided by the security management software (for example, the third application (app. 3) and the fourth application (app. 4)) in addition to pairing system with the corresponding pair system Access may be possible without being satisfied. Of course, additional pair conditions must be satisfied to finally access (e.g., execute) the security data (e.g., the third application (app. 3) and the fourth application (app. 4)) through the security management software. It may be controlled to be possible.

As a result, access to the security data stored in the pairing digital system 100 may be controlled by the pair system for each of the security data, but the security management software may perform a function of a kind of virtual folder managing security data. have. The security data included in the virtual folder may be adaptively changed depending on which pairing system is paired or tagged at least once.

A plurality of security management software may be installed in the pairing digital system 100, and a pair system corresponding to each of the plurality of security management software may be different. Alternatively, only one security management software is installed, but security data managed by the security management software according to a pair system satisfying a pair condition, that is, displaying information and receiving an access request may be dynamically changed. Of course, the predetermined security data may be set to correspond to the plurality of pair systems.

Meanwhile, as described above, the general data may be set as security data (for example, app. 5) through the security management software. When the security data (e.g., app. 5) is set by the security management software, the corresponding security data (e.g., app. 5) is automatically set to the same pair system as the pair system corresponding to the security management software. May be According to an embodiment of the present disclosure, the security management software may provide a UI corresponding to security data and a UI corresponding to general data as shown in FIG. 11 for setting and / or releasing security data. Each UI includes security data. The list of and the list of general data can be listed up. In addition, by performing the operation of moving the listed security data or general data to the UI corresponding to the general data or the UI corresponding to the security data, the setting or release may be performed as the security data. FIG. 11 shows an exemplary UI, and it can easily be deduced that the average expert in the technical field of the present invention can set it as security software through various UIs or release the security software into general software.

As such, when predetermined general data (eg, app. 5) is set as security data by the security management software, the security management software may provide information about the security data as shown in FIG. 12.

12 illustrates an example of a screen displayed when the security management software is executed according to an embodiment of the present invention.

Referring to FIG. 12, the security management software may provide information about security data (eg, app. 3, app. 4, and app. 5). Information about security data provided by the security management software may be determined according to which pair system and pair conditions are satisfied. Alternatively, depending on the implementation, information about all secure data may be provided regardless of which pair system and pair condition are satisfied.

The security management software may be automatically executed when a pair condition corresponding to the security management software and a pair condition are satisfied to display a list of security data corresponding to the pair system as shown in FIG. 12. Of course, when the execution request of the security management software is input by the user, the security management software may be executed when paired or tagged at least once with a pair system corresponding to the security management software.

Meanwhile, as described above, the security data installed in the pairing digital system 100 may be implemented to be accessible (eg, verified) only by the security management software. In addition, since the security management software is also secure data, the security management software may also be implemented to be inaccessible (eg, verified) by a general file management program installed in the pairing digital system 100. In this case, the security management software is executed only when paired with the pair system corresponding to the security management software or at least one tagging, so that access to security data provided to the security management software may be possible. Therefore, according to the technical idea of the present invention, there is an effect of providing a virtual storage space or a software execution environment to the pairing digital system 100 by the security management software and the corresponding pair system. And the virtual storage space or software execution environment may be controlled by the pair system.

According to an embodiment, a plurality of security management software may be installed in the pairing digital system 100, and different pair systems corresponding to each of the plurality of security management software may be set. In this case, the first pair system may be paired with the pairing digital system 100 or tagged at least once to access the virtual first storage space (ie, the first security management software). A user who does not have the first pair system may not even recognize the presence of the first security management software and the security software managed by the first security management software in the pairing digital system 100.

The virtual second storage space (eg, the second security management software) may be accessible only when the second pair system is paired with the pairing digital system 100 or tagged at least once.

The pairing digital system and the method of providing the same according to the embodiment of the present invention can be embodied as a computer-readable code on a computer-readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, an optical data storage device, and the like in the form of a carrier wave (for example, . In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner. And functional programs, codes, and code segments for implementing the present invention can be easily inferred by programmers skilled in the art to which the present invention pertains.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. Therefore, the true technical protection scope of the present invention will be defined by the technical spirit of the appended claims.

Claims (4)

In a digital system,
A storage unit storing at least one security data;
A communication unit for communicating with a pair system which is preset to pair with the digital system; And
And a controller configured to control the communication unit and the pair system to access the security data stored in the storage unit when the communication system and the pair system are paired or tagged at least once.
The apparatus of claim 1,
Receiving a security data setting request for a predetermined data, in response to the receiving pairing digital system for smart security, characterized in that for receiving the identification information of the pair system corresponding to the data stored in the storage.
In the method of providing a digital system,
Storing at least one secure data by the digital system;
Determining whether the digital system is paired or tagged at least once with a pair system that is preset to pair the digital system with the digital system; And
And controlling access to the secure data stored in the digital system when it is determined that the digital system is in a paired state or tagged at least once with the pair system.
A computer-readable recording medium having recorded thereon a program for performing the method of claim 3.

Images