KR20190049314A - Information security apparatus, and method, computer program and recording medium applied to the same - Google Patents

Abstract

Disclosed are an information security apparatus, and a method and a computer program and a recording medium applied thereto. The information security apparatus according to the present invention comprises a memory and one or more processors, wherein the processor moves or selectively sets a first program for automatically logging into an information protection security area of a device, a second program in which an exposure of a security value is a concern, or a file, thereby, blocking an access to the information security protection safe area from outside of the device, blocking an access to the information protection security safe area attributable to a malicious code in the device, creating a firewall of the information security protection safe area based on a dynamic security value change-based security, and when an access is made to the information protection security safe area through a user control of the device, automatically granting an access authority to the information protection security safe area.

Description

[0001] The present invention relates to an information security apparatus, and a method, a computer program, and a recording medium applied to the information security apparatus,

The present invention relates to an information security apparatus and a method, a computer program, and a recording medium applied thereto, and more particularly to an information security apparatus for enhancing security related to automatic log-in, security value exposure or file, , A computer program and a recording medium.

Prior to 2005, security was perimeter security such as password entry, and security since 2005 is security (security intelligence) that supports the idea of real-time collection, normalization, and analysis of structured data. Security since 2015 is unstructured data, Document, and speech), and provides reasoning / learning that supports access (interpretive security).

All of these are pattern-based security. The security history in the meantime can be said to repeat the process of upgrading the pattern and reading the pattern.

Since the capacity of computing systems has increased significantly and quantum computers have appeared, there has been a proliferation of pattern-based security itself. In order to take measures against these problems, advanced countries / global companies have taken measures as countermeasures And support.

In addition, the security requirements for automatic login, the security requirements for preventing exposure of the security value in the program, or the security of the file are also significant.

Korean Registered Patent No. 10-1380041 (Apr. 25, 2014)

It is an object of the present invention to solve all the problems described above.

It is also an object of the present invention to enhance automatic log-in, security value exposure, or file security.

The objects of the present invention are not limited to the above-mentioned problems, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

According to a first aspect of the present invention, there is provided an information security apparatus comprising a memory and at least one processor, the processor comprising: a first program for automatically logging into an information security safe zone of a device; The access to the information protection safe area is blocked from the outside of the device by moving or selecting the second program or file in which the exposure of the device is likely to occur, A security barrier based on dynamic security value change is continued, and if the user accesses the information security safe area through user control of the device, the information security safe area The access authority of the user.

In addition, when the use information of the device is changed by a user for use given to the device, or changed to a factor other than the use of the user, the changed information is specified and a pure random number is generated based on the changed information And can perform the dynamic security value change through the pure random number.

According to a second aspect of the present invention, there is provided an information security method comprising the steps of: in a information security device, a first program for logging into an information security safe area of a device by automatic login, Blocking access to the information protection safe area from the outside of the device or blocking access to the information protection safe area due to malicious code in the device by moving or selecting a file, The method comprising the steps of: continuing a defense wall of the information security safe area based on security based on security value change, and accessing the information security safe area through user control of the device; .

According to a third aspect of the present invention, there is provided a computer program stored in a computer-readable recording medium, the program causing a computer to function as: a first program for logging into an information- The access to the information protection safe area is blocked from the outside of the device by moving or selecting the second program or file in which the exposure of the device is likely to occur, The method comprising the steps of: blocking the access to the information security safe area; blocking the access to the information security safe area based on security based on dynamic security value change; and when accessing the information security safe area through user control of the device, A step of automatically granting the access right of the area is executed.

A computer readable recording medium according to a fourth aspect of the present invention for achieving the above object is a computer readable recording medium having stored therein a first program for logging in automatically into an information security safe area of a device when executed by an information security device, Access to the information protection safe area from the outside of the device is prevented or the access to the information protection safe area due to the malicious code in the device is performed by moving or selecting the second program or file concerned The method comprising the steps of: continuing a defense wall of the information security safe area based on security based on dynamic security value change; and accessing the information security safe area through user control of the device, And the step of automatically granting the authority.

Therefore, the present invention has the advantage of enhancing security related to automatic login, security value exposure, or file.

The effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the description of the claims.

1 is a block diagram illustrating an information security apparatus according to an exemplary embodiment of the present invention.
2 is a diagram showing an example of application to the pure random number generating apparatus of the present invention.
3 is a table comparing the pure random number generating apparatus of the present invention and the other random number generating apparatus of the present invention.
4 is a block diagram showing another example of the pure random number generating apparatus of the present invention.
5 is a reference diagram showing a random number generation result.
6 is a diagram showing an application of the pure random number generating apparatus of the present invention.
7 is a diagram illustrating a pure random number primitive data pool according to an embodiment of the present invention.
8 is a diagram showing change information added to the pure random number base data pool of FIG.
9 is a diagram showing an example in which the pure random number base data pool of FIG. 7 is changed to another data format.
FIG. 10 is a diagram showing an example in which the pure random number base data pool of FIG. 9 is changed into an array structure of pure random number generation.
11 is a view showing an example of the comparison result of the arrangement structure of FIG.
12 is a diagram showing an example in which the binary number in FIG. 11 is converted into a decimal number.
FIG. 13 is a diagram showing an example in which information changed in addition to FIG. 10 is reflected.
FIG. 14 is a diagram showing another example in which information changed in FIG. 10 is further modified. FIG.
FIG. 15 is a diagram showing another example in which information changed in FIG. 14 is further modified. FIG.
Fig. 16 is a diagram showing an example in which the data of Fig. 14 is simplified.
17 is a diagram showing another example in which the data of Fig. 16 is simplified.
18 is a diagram of a security service according to an embodiment of the present invention.
19 is a diagram showing an example in which the security service of Fig. 18 is executed.
20 is a diagram showing another example in which the security service of Fig. 19 is executed.
FIG. 21 is a reference diagram for explaining the Ransomware defense function of the present invention. FIG.
22 is a flowchart showing an example of the pure random number generating method of the present invention.

The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, the specific shapes, structures, and characteristics described herein may be implemented by changing from one embodiment to another without departing from the spirit and scope of the invention. It should also be understood that the location or arrangement of individual components within each embodiment may be varied without departing from the spirit and scope of the present invention. Therefore, the following detailed description is not to be taken in a limiting sense, and the scope of the present invention should be construed as encompassing the scope of the appended claims and all equivalents thereof. In the drawings, like reference numbers designate the same or similar components throughout the several views.

Hereinafter, various embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention.

The present invention is directed to a configuration that enhances security associated with automatic logins, exposure of security values, or files. That is, it is about building security services for individual users or small businesses that are vulnerable to security, and includes a configuration for activating security of endpoints.

1, an information security apparatus 100 includes a memory 110 and at least one processor 120. The processor 120 is a first program that logs in automatically to an information security safe zone of a device, A second program in which a security value is likely to be exposed or a file is moved or selected to block access to the information protection safe area from the outside of the device or to protect the information protection due to malicious code in the device When accessing the information security safe area through the user's control of the device, blocking the access to the safe area, continuing the firewall of the information security safe area based on the security based on the dynamic security value change, Access to the protected area is automatically granted.

For example, if the device is a phone, the first program may be an app that logs in automatically with login (e.g., a portal app), and the second program may be an app (e.g., a securities app) that includes a security value And the file can be data such as downloaded files, photos, etc. in the phone.

The information security apparatus 100 of the present invention grants the access right to the route that starts from the device and accesses a specific app or file but does not provide access to a specific app or file located in the information security safe area from the outside of the device . However, it is acceptable for accesses such as pushes received from a direct service provider corresponding to a specific app or file, and access from outside the device other than access by the service provider is desirably blocked.

It is preferable that the above-described information security safe area operates as a kind of a firewall when accessing from outside the device and is easily allowed when accessing the firewall by user's control of the device.

For example, a firewall access by a user's control of a device may include user control for dragging and moving an application or a file to be protected to an information security safe zone provided in a folder form, User control, and the like.

For reference, the folder-type information security safe zone exemplified above is an example, and the information security safe zone includes the one or more programs selected by the user from the user-selectable program list and is not a visible zone It is possible to provide an invisible area.

That is, the user control of the device is preferably limited to indirect or physical interface access to the device (e.g., a touch of a touch pad, a click only through a mouse physically connected to the PC, etc.) . Even if an attempt to access the information security safe area from the outside of the device is blocked, it is necessary to block an attempt to access the information security safe area programmatically from the malicious code executed in the device. .

The information security apparatus 100 described above may be provided independently in the device without communication with the outside, or may be configured to communicate with an external server system.

In addition, the information security safe area is preferably configured with security based on dynamic security value change.

Here, the security based on the dynamic security value change refers to a technique of generating a pure random number according to the use of a device, a security technique in which a device becomes a subject and changes a security value without a pattern according to use of the device, OTP technology and so on to change the specific security value of the device.

Hereinafter, description will be made on the basis of a pure random number generation technique according to the use of a device.

In the pure random number generation technique based on the use of a device, the use of a device includes that the device is used by a user for a given use (including main use or incidental use) do. Also, the term " used as a factor other than the use of the user " means that the user is not directly used, but the device is used (for example, if the device is a phone, Etc.), and in the case of the use of a device in which the user's direct intervention is unnecessary (for example, the operation of an automatic facility in a factory, the operation of a surveillance camera, etc.).

That is, the use of a device means all possible uses of the device. However, it is possible to specify the usage category of the device to be reflected in the pure random number generation device as a default, or to select at least one of a plurality of predefined device usage categories. Here, the pure random number generating device may be configured in the device or connected to the device based on the memory and processor configuration of the device.

Likewise, the information security apparatus 100 of the present invention may be configured in the device based on the memory and processor configuration of the device, or may be a configuration connected to the device.

Referring to FIG. 2, in the case of detecting the movement of the device, it is a type of a factor other than a user's use, which corresponds to a case where the user does not intend to use the device but uses the device. Here, the motion of the device can be classified into a pure random number (e.g., a motion of a device), a motion of a device about a direction change, a movement of a device about a space, And can be constituted as a basic data extraction object for generation of a pure random number by one or a plurality of combinations of these device motions.

On the other hand, cable connection and earphone jack connection for battery charging of the device is a category corresponding to use of the device intended by the user. Camera shooting, device boot, device vibration mode switching, and so on.

In Fig. 2, the case where the device is a phone is described as an example. A device in the present invention means an object capable of generating use information, and in fact includes most of the devices. In addition to the phone, devices such as a car, a surveillance camera, a server, an industrial facility, a medical device, a refrigerator, and the like can be the device targets mentioned in the present invention.

In the case of automobiles, AM 10:12 Open usage history, the driver's door in front of the car, 2017.10.13. AM 10:13 Closed usage, car will be released on October 13, 2017. AM 10:17 The engine was started, the driver behind the passenger's door 2017.10.13. AM 10.18, closed usage history, etc., can be used as basic data of the pure random number generator.

For medical equipment, October 15, 2017. AM 11:01 Device booted history, 2017.10.15. AM 11:03 Connection authorized usage, 2017.10.15. AM 11:04 Usage of the patient's part scanned for operation, October 15, 2015. AM 11:48 The usage history inputting the termination of the patient can be used as basic data of the pure random number generation device.

Since the pure random number generating apparatus of the present invention is based on the use information of the unpredictable device as described above, there is no pattern at all, and there is a characteristic of dynamically changing. This provides a basis for generating pure random numbers with excellent quality.

Referring to FIG. 3, the portion in the red box of FIG. 3 corresponds to the pure random number generator of the present invention, and is a pure random number system using a device itself, not a separate component. For example, observations of physical phenomena moving up and down and left and right of a device, observing physical phenomena observing the degree of tilting of a device, and the like are used to extract observation values of physical phenomena for generating pure random numbers, Observation values can be converted into bits.

The pure random number generation apparatus of the present invention includes a memory and at least one processor in which when a usage information of a device is changed by a user for an application given to the device, Information is specified, and a pure random number is generated based on the changed information.

The processor changes the pure random number base data pool through the addition of the changed information, and it is possible to generate a pure random number based on the result of comparing the array data of the changed pure random number base data pool. A specific example of this will be described from FIG. 7 below.

The pure random number generating device may be included in the device or may be configured in a form separate from the device. When included in a device, it may be configured with a configuration including an in-device memory and at least one processor.

When the pure random number generating device is configured in a form separated from the device, it may be configured as a mobile storage device such as a USB as shown in FIG. The physical phenomenon of movement of the mobile storage device can be observed and a pure random number can be generated based on the basic data. That is, in order to construct a pure random number generating apparatus in a form separate from the device, a separate chip for random number generation is required in some cases. For example, an acceleration sensor chip or a gyro sensor chip for discriminating the movement of the mobile storage device, and a chip configuration including at least one processor for generating pure random numbers.

The pure random number generation apparatus of the type separated from the device is configured to extract the basic data on the motion of the mobile storage device as described above, continuously change the basic data target of the pure random number, and store it every time it is changed And generate a pure random number as a basis.

In other cases, the mobile storage device includes a configuration for extracting basic data on the motion of the mobile storage device, continuously changing the basic data target of a pure random number, and storing the changed basic data each time it is changed, It is also possible to utilize at least one processor of the device. That is, in this case, a pure random number generating device can be configured through a combination between the mobile storage device and the device.

Referring to FIG. 5, the Gaussian random number is concentrated and distributed in a certain region, and the deflection is remarkable. The Microsoft random number improves the deflection more than the Gaussian random number, but the pattern is clearly confirmed. The quantum random number is confirmed to generate a random number as a uniform distribution with no observed biases as shown.

The pure random number generating apparatus of the present invention can generate pure random numbers having an unbiased distribution with the same level as the quantum random numbers, and it is possible to derive the results that are both unpredictable and non-correlated.

That is, the pure random number generating apparatus of the present invention is characterized in that it does not require a separate hardware chip, unlike the quantum random number, while satisfying both pure random number requirements. Referring to FIG. 6, when the pure random number generating apparatus of the present invention is applied to quantum cryptography communication, there is an advantage that a chip configuration for generating a pure random number can be eliminated.

Pure number means a number that does not have a specific order or rule. This is different from a normal pseudo-random number, which means that it conforms to the original random number definition.

The pure random numbers generated through the pure random number generation apparatus of the present invention can be variously applied, for example, as follows.

- Password: Enhanced security through random numbers

- Academic research: can be used to select the experimental group, the control group, or the population to increase the reliability of the study

- Use when displaying banner advertisement or gallery image in random, random order

- In case of showing specific events and promotions at random

- To avoid redundant image and file storage

- When programming a randomly moving object

- Enhance the security of automatic logins, while preserving the user experience of automatic logins

- Defense Against Ransomware Attacks

- Video game: If you randomly run an appearance loop of a specific configuration in the game

The pure random number generation apparatus of the present invention can generate not only a random number for encryption but also a secret number based on a pure random number.

The generation of a pure random number based cryptosystem generated by the pure random number generation apparatus of the present invention is characterized by generating a cryptograph with a pure random number dynamically as a device subject, which is quite different from changing the security value as a server subject.

The pure random number generating apparatus of the present invention includes a configuration for generating a pure random number based on changed information when the usage information of the device is changed by a user for use given to the device or changed by a factor other than the user's use do. Here, various methods are available for the construction of generating a pure random number based on the changed information.

For example, the pure random number generation apparatus changes the pure random number base data pool through the addition of changed information, and can generate a pure random number based on a result of comparing the array data of the changed pure random number base data pool. This method will be described later in more detail with reference to FIG.

In another example, it is also possible to generate a pure random number based on the classification of the changed information in the device. More specifically, if the motion of the device is a motion that tilts in the + direction, it is set to 1 out of the binary numbers. If the movement of the device is a motion that tilts in the minus direction, If there is a physical phenomenon that the earphone jack is connected to the device, set it to 1 out of the binary number. If there is a physical phenomenon that the battery jack is connected to the device, the binary number 0, and so on. The generated binary data can be used as a pure random number, and the binary data can be converted into a decimal conversion or a hexadecimal number to be used as a pure random number.

In addition, it is possible to design various configurations in which pure random numbers can be generated based on information in which device usage information is changed.

Hereinafter, a method of generating a pure random number on the basis of the result of comparing the array data of the changed pure random number base data pool by changing the pure random number base data pool through the addition of the changed information I would like to explain more specifically.

7 is a pure random number primitive data pool according to an embodiment of the present invention. As shown in FIG. 7, the pure random number basic data pool may be record data of a natural language type, and may be a data type converted from the data, or a data type rearranged through a predetermined data array rule, Lt; / RTI > data format.

The pure random number base data pool shown in FIG. 7 is managed as one of five stacks as an example. A pure random number base data pool of five stacks can be changed each time the changed information is added. When the changed information is added, the process of deleting the data of the oldest stack is repeated.

That is, as shown in Fig. 8, as the changed information A, 2017.10.20. AM 07:34 31sec When device movement (90 cm downward movement) is added, A stack is placed on stack 5 of the pure random number base data pool of FIG. 15, and stack 1 is 2017.10.19. PM 11:31 04sec The battery charge cable connection is excluded from the pure random number base data pool. In addition, the data located in the existing 5th stack is moved to the 4th stack, the data in the 4th stack is 3 times, the data in the 3th stack is 2 times, Data is moved to the first stack.

Here, the number of stacks constituting the pure random-number-based data pool depends on the design. Depending on the number of pure random numbers for temporary creation, the number of stacks constituting the pure random number base data pool can be designed. For example, if the number of pure random numbers for temporary generation is six, it can be set to the five stacks shown in FIG. 7, and if the number of pure random numbers for temporary generation is 50, It can be set as a stack.

As shown in FIGS. 7 to 8, data included in the pure random number base data pool may be reflected in real time whenever there is use belonging to a predetermined use category of the device. In addition, it is possible to set a predetermined period to be reflected in real time. For example, if the predetermined change period is 30 seconds, even if there is continuous use of the device within 30 seconds, there is no fluctuation of the pure random number base data pool, but the change of the pure random number base data pool is possible Active mode, and when the first device is used, it can be changed as the changed information of the device to change the pure random number base data pool.

The above-mentioned change period can be set variously in units of seconds, minutes, hours, and so on.

Referring to FIG. 9, the pure random number base data pool can be changed into an encrypted data form for each stack.

Further, as shown in Fig. 10, as a final arrangement for generating a pure random number, the pure random number base data pool can be changed. At this time, the array of the pure random number base data pool can be changed into a fixed array structure with 15 horizontal positions.

Referring to FIG. 10, it is possible to compare whether or not the arrangement data positioned on the first row and the arrangement data positioned on the second row in the drawing of FIG. 10 match. For example, when the arrangement data (%) located in the first column of the first row and the arrangement data (X) located in the first column of the second row are compared, they do not coincide with each other. As a result of the comparison, if it does not coincide, the binary number may be zero. As another example, when the arrangement data 7 positioned in the sixth column of the first row is compared with the arrangement data 7 positioned in the sixth column of the second row, the comparison results as a comparison result. As a result of the comparison, if it is matched, it can be 1 out of binary numbers. Of course, it is possible to set it to 1 when it does not match, to 0 when it does not match, and other rules can be applied.

It is also possible to compare whether or not the arrangement data located at the second row and the arrangement data located at the third row in the drawing of Fig. 10 match. In FIG. 10, the data of the fifth stack is sequentially arranged at the positions where the array is allocated, and the remaining data may be generated among the data of the fifth stack. At this time, the remaining data can be excluded.

11 is a diagram showing a result of comparison between the arrangement data in the above-mentioned manner. In FIG. 11, a binary number group is formed in five array units, and each binary number group is converted into a decimal number. Here, the decimal conversion depends on the design. Also, the unit of the binary bundle is also designed.

That is, 00100, 10001, 10000, 00001, 01000, and 10010 become decimal conversion targets. The decimal conversion result is as shown in Fig. That is, the pure random numbers according to the pure random number base data pool shown in FIG. 7 are 04, 17, 16, 01, 08, and 18.

In addition, if there is an event requesting generation of a pure random number from the device (for example, touching a screen requesting generation of a pure random number), 2017.10.20. AM 07:41 21sec It is also possible to add a random number generation button position in the device terminal screen by using the end device and generate a pure random number based on the pure random number base data pool based on this.

10, the addition of changed information will be described. When the encrypted data jK ## 2? 39 shown in FIG. 8 is added as changed information, it is filled in from the last array of the array structure shown in FIG. As jK ## 2? 39 is filled, the 8-digit data arranged on the left side of the first row is removed. The data located in the middle forms an arrangement for sequentially moving. That is, it can be arranged as shown in FIG.

On the other hand, it is also possible to change the pure random number base data pool for each additional event of changed information. For example, as described above, the arrangement of the pure random-number-based data pool may be changed to 10-digit, 5-digit, or the like for each additional event of changed information instead of 15-digit fixed-length array.

If the event of the changed information located in the last array of the pure random number base data pool is an 'earphone jack connection', it can be arranged in an array structure of 15 horizontal lines. Thereafter, if the event of the changed information located in the last array of the pure random number basic data pool is 'device movement', it can be changed to a 10-digit array structure of 10 horizontal digits as shown in FIG. Thereafter, if the event of the changed information located in the last array of the pure random number base data pool is a 'battery charging cable connection', it can be changed again to a five-digit arrangement structure as shown in FIG.

In Fig. 14, when 2i ** 6 in the first row and g17 # 4 in the second row are compared, the pure random numbers become 0 because they are not all the same. When the BhX% k of the first row and the 0i * 5 * of the second row are compared, the pure random number becomes 0 because the two are not identical. That is, the non-biased quality, which is a condition for random number generation, may not be good.

In consideration of the non-biased quality, 2i ** 6 in the first row, g17 # 4 in the second row, 2KK 3% in the third row are compared or extended to obtain 2i ** 6 in one row, g17 # 4, 2KK3% of the third row, and i ** my of the fourth row are compared with each other, so that the matrix of the comparison object can be expanded.

Rather, it is preferable to simplify the data type of the pure random number base data pool. For example, as shown in FIG. 16, by setting the data type to two types, the character is 1 and the number is 0 in the data of FIG. 14, it is possible to derive various results from the comparison between the arrangement data have.

That is, referring to FIG. 16, 01110 of one row and 10010 of the second row can be compared. If they are matched, they can be represented as 1. If they do not match, the comparison result can be shown as 0.

According to this criterion, the result of comparing 01110 of the first row to 10010 of the second row is 00010. That is, a pure random number obtained by converting a binary number to a decimal number is 2.

Likewise, it is preferable to simplify the data type by setting the character to 1 and the number to 0 in the same manner as in Fig. 24 in the pure random number base data pool of Fig. 15, and then compare the interline data. That is, the data can be simplified as shown in FIG.

The pure random number generator may be configured to generate pure random numbers without any separate communication with the external server and to be applied to various functions in the device. Here, various functions in the device include various examples such as an automatic login security enhancement function and a random software defense function. 18 and 19 are for the automatic login security enforcement feature. According to the use of the device, it is possible to strengthen the security of the automatic login through a configuration in which a pure random number is dynamically generated based on information changed without a pattern.

If you are concerned about security in an app or web service that you use as an automatic login, you can install a pure random number-based automatic login security program yourself. 18 is a pure random number based automatic login security app (B) installed in the phone. As shown in FIG. 19, the user can drag-move at least one application for security enhancement to a pure random number-based automatic login security application B in a folder form. Alternatively, after activating a pure random-number-based automatic login security app, it is also possible to specify a target app to be secured by selecting a user among the related related applications displayed in security.

Alternatively, after activating a pure random-number-based automatic login security app, it is also possible to specify a target app to be secured by selecting a user among the related related applications displayed in security.

As shown in FIG. 19, when there is a security enhancement target application moved by the user himself / herself in order to enhance security within the folder type automatic login security application B, the security enhancement application is automatically protected from access from outside the device . Here, in blocking from access from the outside of the device, the service server of the URL that serves the security enhancement target application can be excluded from the blocking target.

A pure random number that can not be predicted every time based on information that is changed without a pattern according to use of the device is generated and access from outside the device for accessing the security enhancement target through a firewall based on the generated pure random number Can be blocked.

On the other hand, when the user touches the folder-type automatic login security application B in which the security enhancing target app is located to use the security enhancing target app, the user operates the pure random number generating device in the device automatically with the touch The pure random number type password of the defense wall blocking the access to the security enhancement target app is generated and the access right is obtained through the generated pure random number type password so that the automatic login to the security enhancement target app can be executed only .

That is, when the security enhancement target application is located in the folder-type automatic login security application B shown in FIG. 19, access from the outside of the device is intrinsically blocked as long as it does not break the pure random number-based firewall, The existing pattern using the automatic login of the user can be maintained as it is.

Here, unlike the pseudo random number, the pure random number based defense wall is based on the pure random number as the random number definition, and furthermore, since the pure random number is changed without a pattern whenever there is a predetermined use of the device, it can not be broken by hacking.

The above-described automatic login security application (B) is an example of a security service. 20, a security service (e.g., a folder type) may include not only an application N as an object of security enhancement for logging in by automatic login but also a gallery L for storing a photograph or a moving image , And establish a barrier called the information security safe zone (B) for these objects. Furthermore, it is also possible in some cases to add a folder application (not shown) for file management to the information protection safe area B.

Here, the service protection area M for the service setting of the security app may be further included in the information security safe area B.

The security services exemplified so far can protect information stored in a program, or protect a file, by any form of program, such as an application or the web.

In other words, through the function of protecting the file, it becomes possible to protect the Rangumware which accesses the file and encrypts the file. The Ransomware defense function can also be implemented similar to the automatic login security enhancement method described above. The user can move at least one protected file that he / she wants to protect to the Ransomware safe area (for example, in the form of a folder). It can be configured as a program for Ransomware defense and can be configured in a device (eg, a computer), and a Ransomware safe area (eg, in the form of a folder) is activated through a program that is installed and run. It is possible to move the protection target file to the area.

As shown in FIG. 21, when the Raman software is operated to search the document file or the like in the device, the Raman software can not attack the file located in the Raman software secure area (for example, in the form of a folder). In order to access the Ransomware secure area (e.g., in the form of a folder), the pure random-number-based firewall according to the present invention must be released. The only method for accessing the protected file in the Ransomware secure area protected by the pure random number based firewall is the same pure random number based encryption approach applied to the pure random number based firewall.

On the other hand, when a user wants to access a protected file, the user can easily access the protected file by simply clicking on the Rangemeware safe area of the corresponding device. That is, when the user clicks the Rangemeware safe area of the device, the device generates a pure random number based password applied to the pure random number-based firewall protecting the Rangemeware safe area automatically , The user can gain access to the protected file located in the RANMWARE safe area by obtaining the effective access right through the generated password.

Alternatively, the pure random number generating device may be configured to communicate with an external server separately.

Typically, the most widely used design to implement automatic logins is Charles Miller's Persistent Login Cookie Best Practice. In summary:

- the user Auto login Check  Once logged in, a login cookie is issued with a standard session management cookie (a session cookie that expires when the browser is terminated).

- The login cookie has a username (or ID) and an appropriate token. The token is a sufficiently large random number (encrypted). This information is stored in pairs in the database.

- If a user who has not logged in visits the site and provides a login cookie, the username and token are retrieved from the DB.

- Viewed  If there is a pair The user is authenticated  And, Used  The token is removed from the database. At the same time, a new token is generated and stored in DB as a pair with the user name, and a new login cookie is issued to the user.

- If there is no pair, the login cookie is ignored.

- Auto-Login  Only authenticated users can access special services such as password changes and money spending. You must submit a login form to do this.

- This mechanism allows multiple browsers or computers to have multiple stored logins. Therefore, you should provide a way to discard all automatic logins in a single operation.

If the same pure random number-based cryptographic approach as applied to a pure random number-based firewall is allowed using the pure random number based automatic login security app mentioned above with reference to FIG. 18 described above, An automatic login execution can be performed for the user. At this time, if the automatic login is designed by Miller, the automatic login of the aforementioned Miller design can be executed.

However, when the pure random number generation apparatus of the present invention is configured to communicate with the external server separately, the token of the login cookie can be replaced with the pure random number system of the present invention.

When a token according to the pure random number scheme of the present invention is generated through use of a device, it is possible to synchronize the device / external server with the token generated through real-time communication between the device and the external server, It is also possible to proceed with synchronization of tokens generated by communication.

In the Miller design, when the login cookie is replaced with the pure random number method of the present invention, a pure random number type login cookie is transmitted to the external server in response to the automatic login execution request from the device, and the external server transmits, It is possible to determine whether to authenticate after comparing the token in the login cookie of the received pure random number with the details in the external server.

Here, the external server may be an authentication server included in the service server that services the security enhancement target application, or may be a separate authentication server that is independent of the service server and has an independent structure.

In this way, when the Miller design is changed to the pure random number system of the present invention, the possibility that the login cookie is stolen and automatically logged in can be blocked.

The automatic random login method of the present invention is also applicable to an automatic login for storing an ID / PW rather than a Miller design.

In this case, by changing the PW of the automatic login to the password of the pure random number system of the present invention, it is possible to enhance the security of the automatic login without losing any existing user experience using the automatic login.

In addition, although the automatic login mechanism according to the Miller design is inaccessible to special services such as password change and money spending, if the pure random number password of the present invention is applied to the PW of the automatic login, There is also an advantage to be able to access. This is because, unlike the Miller design, it is possible to manage with a single password, rather than having multiple stored logins in various browsers or devices, through the pure random number cryptography of the present invention.

Meanwhile, another example of a structure in which the pure random number generating apparatus of the present invention communicates with an external server separately is one applied to the RANCOMWARE defense function. The function of the Ransomware defense function for communicating with the external server is similar to the automatic login described above, so a detailed description thereof will be omitted.

The information security method of the present invention is an information security method of an information security apparatus 100 that is a program for logging in a first program that logs in automatically to an information security safe area of a device, Selectively blocking access to the information protection safe area from the outside of the device or blocking access to the information protection safe area due to malicious code in the device.

Then, based on the security based on dynamic security value change, the firewall that forms the information security safe area continues. Here, it is possible to apply the pure random number generation technique of the present invention to the dynamic security value change.

Then, when accessing the information security safe area through user control of the device, the access right of the information security safe area is automatically granted.

That is, in the case of automatic log-in, a security value based on a pure random number is automatically generated by touching the folder-type information security safe area, and the security value is compared with the security value applied to the firewall. The access right to the firewall is granted. Even in the case of the randomware, a security value based on a pure random number is automatically generated even if a folder type information security safe area is clicked or selected so that the comparison with the security value applied to the firewall is executed. The access right to the firewall is granted.

Each of the steps referred to above as an information security method may be implemented as a computer program stored in a recording medium in combination with the information security device 100 or may include instructions to execute each of the above steps when executed by the information security device 100 And may be configured as a computer-readable recording medium.

 22, in the pure random number generating method of the present invention, in the pure random number generating device, it is detected that the use information of the device is changed by a user for use given to the device or changed to a factor other than the user's use (S100).

After the step S100, the changed information is specified (S102), and a pure random number is generated based on the changed information of the step S102 (S104).

The step S104 may include a step of changing the pure random number base data pool through the addition of the changed information and generating the pure random number based on a result of comparing the array data of the changed pure random number base data pool.

Each of the above-mentioned steps may be configured as a computer program stored in a recording medium in combination with a pure random number generating apparatus, or configured as a computer-readable recording medium including instructions for executing the above steps when being executed by a pure random number generating apparatus .

In addition, since the present invention is intended to enhance security related to automatic log-in, security value exposure, or file, it is industrially applicable because it is not only a possibility of commercialization or sales, but also can be practically and practically carried out.

100: Information security device
110: Memory
120: Processor

Claims (5)

Memory; And
At least one processor,
The processor comprising:
A first program that logs in as an automatic login to an information security safe area of a device, a second program that is likely to expose a security value, Blocking access to the information security safe area due to malicious code in the device,
Based on security based on dynamic security value change, continues the firewall of the information security safe domain,
And an access right of the information security safe area is automatically granted when accessing the information security safe area through user control of the device. The method according to claim 1,
And when the use information of the device is changed by the user for use given to the device or when the user changes to another factor other than the use of the user,
Generates a pure random number based on the changed information,
And performs the dynamic security value change through the pure random number. In the information security apparatus, a first program to log in automatically to the information security safe area of the device, a second program to which a security value is likely to be exposed, Blocking access to the protected safe area or blocking access to the information safe safe area due to malicious code in the device;
Continuing the firewall of the information security safe area based on security based on dynamic security value change; And
And accessing the information security safe area through user control of the device, automatically granting the access right of the information security safe area. By combining with the information security device, a first program to log in automatically login to the information security safe area of the device, a second program to worry about exposure of security value, Blocking access to the information protection safe area or blocking access to the information security safe area due to malicious code in the device;
Continuing the firewall of the information security safe area based on security based on dynamic security value change; And
And accessing the information protection safe area through the user control of the device, automatically granting the access right of the information security safe area when accessing the information security safe area through user control of the device. When executed by the information security apparatus, moves a first program that logs in automatically to an information security safe area of the device, a second program that is susceptible to exposure of a security value, or a file, Blocking the access to the information protection safe area from the information security safe area or blocking access to the information security safe area due to the malicious code in the device;
Continuing the firewall of the information security safe area based on security based on dynamic security value change; And
And automatically accessing the information security safe area when accessing the information security safe area through user control of the device.

Images