KR20160125222A - System and method for network partition computer security using mobile device - Google Patents

System and method for network partition computer security using mobile device Download PDF

Info

Publication number
KR20160125222A
KR20160125222A KR1020150056124A KR20150056124A KR20160125222A KR 20160125222 A KR20160125222 A KR 20160125222A KR 1020150056124 A KR1020150056124 A KR 1020150056124A KR 20150056124 A KR20150056124 A KR 20150056124A KR 20160125222 A KR20160125222 A KR 20160125222A
Authority
KR
South Korea
Prior art keywords
computer
portable device
security
input
module
Prior art date
Application number
KR1020150056124A
Other languages
Korean (ko)
Other versions
KR101729693B1 (en
Inventor
황태호
황순홍
Original Assignee
황태호
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 황태호 filed Critical 황태호
Priority to KR1020150056124A priority Critical patent/KR101729693B1/en
Publication of KR20160125222A publication Critical patent/KR20160125222A/en
Application granted granted Critical
Publication of KR101729693B1 publication Critical patent/KR101729693B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/26Power supply means, e.g. regulation thereof
    • G06F1/32Means for saving power
    • G06F1/3203Power management, i.e. event-based initiation of a power-saving mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly

Abstract

Provided are computer security system and method using a mobile device. The computer security system includes an authentication module which is formed in a mobile device including a communication module for short-range wireless communication and authenticates a user and communication module which transmits and receives a short-range wireless signal to/from the mobile device; and a security device which includes a control module which detects the existence of the mobile device based on the short-range wireless signal and controls the operation of an input/output device connected to a computer in line with the authentication module when the mobile device is authenticated. The security device may be included in the input/output device or may be included in a device connected to the computer.

Description

TECHNICAL FIELD [0001] The present invention relates to a computer security system and a network security system using a portable device,

Embodiments of the present invention relate to a computer security system and method that can enhance the security of a networked computer using a portable device.

Recently, due to the frequent occurrence of internal document leakage through the Internet and cyber terrorism, the security consciousness of computers has been increasing, and thus a network separation computer has attracted attention.

A network separation computer is generally composed of two computers (a computer capable of connecting only to an internal network and a computer capable of connecting only to an external network such as the Internet), and each computer is physically separated. However, the network separation computer can prevent the security threat from the external network from affecting the internal network, but prevents the third party from accessing the internal network using the network separation computer while the user of the network separation computer is idle Is difficult. In order to prevent a third party from unauthorized use of the network separation computer, a password may be set to the network separation computer so that the network separation computer can be used only when the password is input. However, There is still a security problem because third parties can use the computer if it can be inferred. As a method for solving such a problem, Korean Patent Laid-Open Publication No. 10-2014-0137552 (published on Dec. 3, 2014) entitled " Security function providing method, terminal and recording medium " And a security process corresponding thereto is performed.

However, there is still a security problem with this security feature as the third party can unlock the password at once if the password has already been exposed to a third party. Accordingly, there is a need for a method that can more effectively secure the security of the network disconnection computer.

Disclosure of Invention Technical Problem [8] The present invention provides a system and an apparatus capable of effectively enhancing the security of a network disconnection computer even when a user is left unattended.

Another object of the present invention is to provide a method for effectively enhancing the security of a network disconnection computer even when a user is left unattended.

According to an aspect of the present invention, a computer security system includes an authentication module that is provided in a portable device including a communication module for short-range wireless communication and authenticates a user, a communication module that transmits and receives a short- And a control module for detecting the presence of the portable device based on the signal and controlling the operation of the input / output device connected to the computer in association with the authentication module when the portable device is authenticated, the security device comprising: And may be included in the device included in the input / output device or connected to the computer.

According to one aspect, the short-range wireless signal may include a Bluetooth signal including a code for paring between the portable device and the security device, a wireless fidelity (WiFi) signal, a Near Field Communication (NFC) , And an RFID (Radio Frequency Identification) signal.

According to another aspect, the code may include an ID of the user or a telephone number of the portable device.

According to another aspect of the present invention, the control module controls power to be supplied to the input / output device when the control module is interlocked with the portable device, and when the disconnection state with the portable device is maintained for a predetermined time or longer, .

According to another aspect, the interface may include at least one of a USB (Universal Serial Bus) interface, a PCM (Pulse Code Modulation) interface, a serial interface, and a LAN (Local Area Network) interface.

According to another aspect, the computer may include a first computer connected to the internal network, a second computer connected to the external network, and an interface module shared by the first computer and the second computer.

According to another aspect of the present invention, a computer security method for a computer security system includes a step of authenticating a user by an authentication module included in a portable device including a communication module for short-range wireless communication, Transmitting or receiving a short distance wireless signal to or from a security device included in the device connected to the computer, detecting the presence of the portable device based on the short distance wireless signal, and when the portable device is authenticated And the security device may control the operation of the input / output device or the device connected to the computer in cooperation with the portable device.

The security of the network separation computer can be enhanced since the network separation computer can be used only when the portable device exists within a predetermined transaction from the network separation computer.

Since the input / output device connected to the network separation computer operates only when the portable device exists within a predetermined transaction from the network separation computer, the energy consumed by the input / output device can be reduced.

1 is a block diagram illustrating a computer security system in accordance with an embodiment of the present invention.
2 is a block diagram illustrating a security system for a computer according to another embodiment of the present invention.
3 is a block diagram illustrating a security device in accordance with an embodiment of the present invention.
4 is a flowchart illustrating a computer security method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when an element is referred to as "comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise. In addition, the term "module" or the like in the description means a unit for processing at least one function or operation, and may be implemented by hardware, software, or a combination of hardware and software.

1 is a block diagram illustrating a computer security system in accordance with an embodiment of the present invention.

1, a computer security system may include a network separation computer 110, an input / output device 120, a security device 130, and a portable device 140.

The network separation computer 110 includes an interface module 111 and a plurality of computers 112 and 113 as objects of security in the present invention. In FIG. 1, the network separating computer 110 includes a first computer 112 and a second computer 113, for example. Here, the network separating computer 110 represents a computer in which an internal network and an external network (for example, the Internet) are separated for security. For example, the first computer 112 may connect only to the internal network, and the second computer 113 may connect to the external network only.

 The interface module 111 provides a connection between the plurality of computers 112 and 113 and the input / output device 120 such as a keyboard, a mouse, a monitor, a speaker, and the like. The interface module 111 may include a USB (Universal Serial Bus) interface, a PCM (Pulse Code Modulation) interface, a serial interface, and a LAN (Local Area Network) interface. A plurality of computers 112 and 113 included in the network separating computer 110 may share one interface module 111 and use them.

The input / output device 120 provides inputs and / or outputs to the network separating computer 110. The input / output device 120 may include, for example, an input device such as a keyboard, mouse, etc. for providing input to each computer 112, 113, output (video, audio, Etc.), a speaker, and the like.

The security device 130 is for securing the network separation computer 110 and may be included in the input / output device 120. For example, the security device 130 may be mounted on or embedded in each input / output device 120 to control the operation of the corresponding input / output device 120. When the security device 130 is mounted or embedded in the keyboard, the security device 130 can control the operation of the corresponding keyboard. In addition, when the security device 130 is mounted or embedded in the monitor, the security device 130 controls the output (video, audio, etc.) from the monitor or controls the on / It is possible to control the power and / or the video signal supplied to the monitor. To this end, the security device 130 includes a communication module 131 and a control module 132.

The communication module 131 transmits / receives a short-range wireless signal to / from the portable device 140 using a short-range wireless network. For example, the communication module 131 may include a Bluetooth module, a wireless fidelity (WiFi) module, a near field communication (NFC) module, and a radio frequency identification (RFID) module.

The Bluetooth module may transmit and receive a Bluetooth signal including a code for pairing between the portable device 140 and the security device 130. [ Here, the code may include an ID of a user, an ID of a portable device, and the like. The ID of the portable device may be a phone number of the portable device when the portable device 140 is a smart phone, a mobile phone, or the like. The WiFi module can receive a WiFi signal including a predetermined password through communication with the portable device 140 within the WiFi communication range. The NFC module and the RFID module may receive a signal including a predetermined password (or code) in communication with the portable device 140 when the portable device 140 approaches the security device 130 within a predetermined distance .

The control module 132 detects the presence of the portable device 130 on the basis of the short range wireless signal and detects the presence of the portable device 140 when the portable device 140 is detected, 120).

For example, when the control module 132 receives a short distance wireless signal from the portable device 140, the control module 132 can authenticate the portable device 140 based on a code (or a password) included in the short distance wireless signal. When the portable device 140 is authenticated, the control module 132 can control the input / output device 120 connected to the security device 130 to be in an operable state in association with the portable device 140. Conversely, the control module 132 does not establish a link with the portable device 140 because the local wireless signal is not received from the portable device 140, or the code (or password) included in the local wireless signal does not match And if it is disconnected, the security program may be executed to control the input / output device 120 not to operate. That is, when the near-field radio signal from the portable device 140 is detected, the control module 132 authenticates the portable device 140 and releases the security so that the input / output device 120 can be operated. However, It is possible to secure the network disconnection computer 110 by setting security so that the authenticated user is not in the vicinity and the input / output device 120 is not operated.

For example, the control module 132 may control the operation of the input / output device 120 as shown in Table 1 below.

Previous state Current Status Control detection detection Works (unsecured) detection Non-detection Restricting Operation (Security Settings) Non-detection detection Works (unsecured) Non-detection Non-detection Restricting Operation (Security Settings)

Referring to Table 1, the control module 132 may determine whether a short-range wireless signal is detected from a portable device (pre-registered or authenticated portable device) every predetermined period, Output device 120 may be operated or the operation of the input / output device 120 may be restricted (for example, power supplied to the input / output device may be cut off) according to the current state when it is determined that there is a change.

The portable device 140 includes a communication module 141 for short range wireless communication and an authentication module 142 for user authentication. The portable device 140 may be implemented by various types of devices such as a smart phone including a short-range wireless communication function, a portable personal authentication device, and the like.

The communication module 141 performs short-range wireless communication with the communication module 131 of the security device 130, such as Bluetooth, WiFi, NFC, and RFID.

The authentication module 142 is used to authenticate whether the user of the portable device 140 has a right to use the network separation computer 110. The authentication module 142 may be implemented in the form of an application and installed in the portable device 140 . For example, the authentication module 142 may perform user authentication through the mobile communication network using the wireless communication function of the portable device 140. [ Alternatively, the authentication module 142 may perform user authentication based on whether a predetermined password is input.

If the user authentication is successful by the authentication module 142, the communication module 141 may transmit the short-range wireless signal including the predetermined code (or password) to the security device 130. Therefore, even if a user (a third party) who does not have the right to use the computer acquires the portable device 140, if the authentication module 142 fails to authenticate the user, the interlocking between the portable device 140 and the security device 130 fails The network separating computer 110 can not be used. Therefore, according to the present invention, since the network separation computer 110 can be used only when the authenticated user carries the portable device 140 registered in advance (authenticated), security of the network separation computer 110 is enhanced Output device 120 connected to the network separation computer 110 based on the short-range wireless communication, so that the user is consumed by the input / output device 120 when the user is not present around the network separation computer 110 Energy can be saved.

2 is a block diagram illustrating a security system for a computer according to another embodiment of the present invention.

2, the security system for a computer includes a network separation computer 210, a keyboard video mouse audio (KVMA) device 220, a first input / output device 221, a second input / output device 222, a security device 230 And a portable device 240. [0033]

The detailed configuration of the network separation computer 210, the security device 230 and the portable device 240 in FIG. 2 corresponds to the network separation computer 210, the security device 230 and the portable device 140 in FIG. 1, A detailed description thereof will be omitted.

The KVMA device 220 is connected to the network separating computer 210 and may be a device that supports a plurality of computers to share a keyboard, a monitor, a mouse, a speaker, and the like. The KVMA device 220 may be connected to the network separation computer 210, the security device 230, and the input / output devices 221 and 222, respectively. Although two input / output devices are shown as being connected to the network separating computer 210 through the KVMA device 220 in FIG. 2, three or more input / output devices are connected to the KVMA device 220, Lt; / RTI >

In this case, the security device 230 may be connected through an interface module (not shown) provided in the KVMA device 220, or may be mounted or embedded in the KVMA device 220. The security device 230 can determine whether a short-range wireless signal from the portable device 240 is detected. If a short range radio signal from the portable device 240 is not detected for a predetermined time, the security device 230 determines that the user is not present in the vicinity of the network separation computer 210 and supplies it to the KVMA device 220 And the input / output devices 221 and 222 connected to the KVMA device 220 are not operated.

3 is a block diagram illustrating a security device in accordance with an embodiment of the present invention. Hereinafter, the security device according to the present invention will be described in more detail with reference to FIG.

3, the security device 300 includes a control module 320, an interface module 330, and a battery 340 (hereinafter referred to as a " device "), each of which includes a communication module 310, a processor 321, software 322, ).

The communication module 310 can transmit and receive short-range wireless signals to and from the portable device through short-range wireless communication. For example, the communication module 310 may include at least one of a Bluetooth module, a WiFi module, an NFC module, and an RFID module.

In the control module 320, the processor 321 processes all the control functions performed by the security device 320 based on the software 322. The software 322 may correspond to a security program. The memory 323 is for storing information accompanying the processing of the processor 321, and may be implemented as a volatile memory as an example.

The interface module 330 provides an interface for connection with an input / output device and / or a KVMA device. For example, the interface module 330 may include a USB interface, a PCM interface, a serial interface, a LAN interface, and the like, and may be connected to the input / output device and / or the KVMA device through the interface. However, when the security device 330 is embedded or mounted in the input / output device and / or the KVMA device, the security device 330 may not include the interface module 330.

The battery 340 provides power for operation of the security device 300.

4 is a flowchart illustrating a computer security method according to an embodiment of the present invention. Hereinafter, a method for performing computer security by the computer security system according to the present invention will be described with reference to FIG.

An authentication module included in a portable device including a communication module for short-range wireless communication authenticates a user who intends to use the network separation computer (S410). For example, the authentication module authenticates whether the user has a right to use the network disassembly computer by using a wireless communication function provided in the portable device, or performs a user authentication based on a password for a preset personal authentication . When the user authentication is successful, the authentication module can transmit / receive a short-range wireless signal to / from a security device included in (or connected to) the input / output device and / or the KVMA device of the network separation computer using the communication module provided in the portable device S420). The communication module may include, for example, a Bluetooth module, a WiFi module, an NFC module, and an RFID module.

For example, the authentication module can send and receive a Bluetooth signal including a code for pairing between the portable device and the security device through the Bluetooth module. Here, the code may include a user ID, an ID of the portable device, and a phone number of the portable device. In addition, the authentication module can send and receive a signal including a predetermined password through a WiFi module, an NFC module, and / or an RFID module.

The security device can detect the presence of the portable device based on the local wireless signal transmitted from the portable device (S430). The security device can control the operation of the input / output device in cooperation with the portable device when authentication of the portable device is successful based on a code (or a password) included in the short range wireless signal.

For example, if the security device determines that the portable device exists in the vicinity of the security device as a short-range wireless signal from the portable device associated with the security device is detected, operation of the input / output device and / or KVMA device is enabled (S440). However, it is possible to control the operation of the input / output device and / or the KVMA device to be in a disabled state when the short-range wireless signal is not received from the portable device for a predetermined time or longer, (S450). To this end, for example, when the security device is interlocked with the portable device, the power is controlled to be supplied to the input / output device, and the power supplied to the input / output device can be controlled to be cut off when the disconnection state with the portable device is maintained for a predetermined time.

The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

110: Network disconnection computer
120: input / output device
130: Security device
140: Portable device

Claims (10)

A computer security system comprising:
An authentication module provided in a portable device including a communication module for short-range wireless communication to authenticate a user; And
A communication module for transmitting / receiving a short distance wireless signal to / from the portable device; a control unit for controlling the operation of the input / output device connected to the computer in cooperation with the authentication module when the presence of the portable device is detected based on the short- A security device including a control module
Lt; / RTI >
The security device comprises:
Wherein the computer security system is included in the device included in the input / output device or connected to the computer. The method according to claim 1,
The short-
(Bluetooth) signal, a WiFi signal, an NFC (Near Field Communication) signal, and an RFID (Radio Frequency Identification) signal including a code for paring between the portable device and the security device The computer security system comprising: 3. The method of claim 2,
The code includes:
(ID) of the user or a telephone number of the portable device. The method according to claim 1,
The control module includes:
Wherein the controller controls the power to be supplied to the input / output device when the portable device is interlocked with the portable device, and controls the power supplied to the input / output device to be cut off when the disconnected state with the portable device is maintained for a predetermined time or longer. . The method according to claim 1,
The interface comprises:
Wherein the computer system comprises at least one of a USB (Universal Serial Bus) interface, a PCM (Pulse Code Modulation) interface, a serial interface, and a LAN (Local Area Network) interface. The method according to claim 1,
The computer,
A first computer connected to the internal network, a second computer connected to the external network, and an interface module shared by the first computer and the second computer. A method of computer security by a computer security system,
Authenticating a user by an authentication module included in a portable device including a communication module for short-range wireless communication;
Transmitting and receiving a short-range wireless signal to / from a security device included in an input / output device connected to the computer or connected to the computer;
The security device detecting the presence of the portable device based on the short range wireless signal; And
When the portable device is authenticated, the security device controls operation of the input / output device or a device connected to the computer in association with the portable device
Gt; 8. The method of claim 7,
The short-
(Bluetooth) signal, a WiFi signal, an NFC (Near Field Communication) signal, and an RFID (Radio Frequency Identification) signal including a code for paring between the portable device and the security device The method comprising the steps of: 9. The method of claim 8,
The code includes:
(ID) of the user or a telephone number of the portable device. 10. The method of claim 9,
Wherein the controlling comprises:
Controlling the power to be supplied to the input / output device when the portable device is interlocked with the portable device, and controlling the power supplied to the input / output device to be cut off when the disconnection state with the portable device is maintained for a predetermined time or more .
KR1020150056124A 2015-04-21 2015-04-21 System and method for network partition computer security using mobile device KR101729693B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150056124A KR101729693B1 (en) 2015-04-21 2015-04-21 System and method for network partition computer security using mobile device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150056124A KR101729693B1 (en) 2015-04-21 2015-04-21 System and method for network partition computer security using mobile device

Publications (2)

Publication Number Publication Date
KR20160125222A true KR20160125222A (en) 2016-10-31
KR101729693B1 KR101729693B1 (en) 2017-04-25

Family

ID=57445902

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150056124A KR101729693B1 (en) 2015-04-21 2015-04-21 System and method for network partition computer security using mobile device

Country Status (1)

Country Link
KR (1) KR101729693B1 (en)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101459059B1 (en) 2014-07-07 2014-11-12 쉐도우시스템즈(주) Physical network switching apparatus for dual monitor

Also Published As

Publication number Publication date
KR101729693B1 (en) 2017-04-25

Similar Documents

Publication Publication Date Title
US8467770B1 (en) System for securing a mobile terminal
US9654981B2 (en) Data integrity for proximity-based communication
US9615257B2 (en) Data integrity for proximity-based communication
US10028079B2 (en) Enhanced security for near field communication enabled bluetooth devices
EP3238467B1 (en) Controlling a modality of a dockee in a wireless docking system
US9326114B2 (en) Transferring a voice call
US20230411994A1 (en) Contraband detection through smart power components
US20140189801A1 (en) Method and System for Providing Limited Usage of an Electronic Device
KR101729692B1 (en) System and method for computer security and energy saving using mobile device
US20150050882A1 (en) User equipment, communication method, program, and communication system
EP3610665A1 (en) Techniques for repairing an inoperable auxiliary device using another device
KR101729693B1 (en) System and method for network partition computer security using mobile device
JP2015162235A (en) authentication system
US20220188443A1 (en) A computing device, method and system for controlling the accessibility of data
US20150303734A1 (en) Induction Charger
JP2021161724A (en) Communication system and communication method
JP2008118419A (en) Repeater, radio communication terminal, communication system, and communication method and program
JP2005159690A (en) Radio communication apparatus and authentication method
US20210185742A1 (en) Machine for processing foods and packaging products
JP2006080674A (en) Radio data communication device, radio data communication method, and radio data communication system
EP3291117B1 (en) Method and device having secure removable modules
US20240056306A1 (en) Intelligent arrangement of unlock notifications
CN101888634A (en) Wireless communication system
EP4315883A1 (en) Extending a hearing device with a user interface device to enable authentication
KR20160030424A (en) Security blocking setup method and mobile apparatus using the method

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant