KR20220051510A - Device, method and computer program for protecting image including personal information - Google Patents

Abstract

Disclosed is a method for protecting an image including personal information. According to the present invention, the method for protecting an image including personal information comprises the steps of: receiving an image from a terminal; encrypting the image by using personal information included in the image and storing the encrypted image; receiving personal information input by a user of the terminal from the terminal; decrypting the encrypted image by using the received personal information; and transmitting the decrypted image to the terminal.

Description

A computer program stored in a medium to perform a protection device for images containing personal information, a method for protecting images containing personal information, and a method for protecting images containing personal information {DEVICE, METHOD AND COMPUTER PROGRAM FOR PROTECTING IMAGE INCLUDING PERSONAL INFORMATION}

The present invention encrypts an image using the personal information detected in the image, and decrypts the encrypted image using the personal information input by the user. It relates to a computer program stored in a medium to perform the protection method of the image and the protection method of the image containing personal information.

With the advent and development of the digital age and the information age, a so-called mobile work society in which various smart devices are used to perform work is being realized.

In a mobile work society, various data can be shared and used externally, providing convenience to users. However, the adverse function also exists, and a representative example is an accident of personal information leakage due to the use of smart devices.

With the recent trend of cyber attacks targeting personal information increasing, social concerns about personal information exposure and the need for protection are increasing, and the standards of personal information are also expanding to various types of information that can identify individuals.

In particular, as non-face-to-face services increase across multiple industries, the scope of personal information is expected to expand further, redefining the concept of personal information in preparation for security and privacy issues, and protecting personal information of electronic documents stored in external devices. It can be said that management is necessary.

Recently, there is an increasing number of cases of sharing images externally by photographing or scanning ID cards, various documents, and certificates, and then storing them on a cloud server.

However, images may contain personal information, and accordingly, security of personal information included in images is required.

A general method of protecting personal information in an image is to encrypt or mask the image, store it, and then decrypt the image or remove the masking and provide it to the user when the user enters a password.

However, in this method, there is a risk that the user will forget the password, and there is a risk that personal information in the image may be leaked as the password is hacked while the password is being distributed or stored.

The present invention is to solve the above problems, and an object of the present invention is to encrypt an image using personal information detected in the image, and decrypt the encrypted image using personal information input by a user, personal information This is to provide a computer program stored in a medium to perform an image protection device including , a method for protecting an image containing personal information, and a method for protecting an image containing personal information.

According to the present invention, a method for protecting an image including personal information includes the steps of: receiving an image from a terminal; encrypting the image using personal information included in the image and storing the encrypted image; receiving personal information input by a user of , decrypting the encrypted image using the received personal information, and transmitting the decrypted image to the terminal.

In this case, the storing of the encrypted image may include storing the type of personal information included in the image together with the encrypted image.

In this case, the step of receiving the personal information from the terminal includes: receiving a download request for the image from the terminal; when the download request is received, extracting the type of personal information; Transmitting a personal information query corresponding to the terminal, and receiving the personal information corresponding to the type of the extracted personal information from the terminal.

In this case, the type of personal information may be at least one of a phone number, name, resident registration number, email, passport number, driver's license number, alien registration number, credit card number, health insurance number, and account number, but is not limited thereto.

Meanwhile, the step of encrypting the image using the personal information included in the image includes generating a public key using the personal information included in the image, and encrypting the image using the generated public key. Including, the public key may be paired with a private key generated based on personal information input by the user.

In this case, the step of storing the type of personal information included in the image together with the encrypted image may include storing the type of personal information and the public key in metadata of an exchange image file format.

Meanwhile, the step of decrypting the encrypted image using the received personal information includes generating a private key using the received personal information and decrypting the encrypted image using the generated private key. may include

Meanwhile, encrypting the image using personal information included in the image and storing the encrypted image includes dividing the image into a plurality of blocks and using the personal information included in the image to performing encryption on each block, and storing the type and block length information of the personal information in metadata corresponding to the image, wherein the encrypted image using the received personal information The decrypting may include performing decryption on each of the plurality of encrypted blocks using the received personal information and length information of the block.

Meanwhile, encrypting the image using personal information included in the image, and storing the encrypted image includes extracting a partial image in which personal information is located from the image, partial image in which personal information is located encrypting the image, and storing the encrypted partial image and the remaining image, wherein the step of decrypting the encrypted image using the received personal information includes: It may include decrypting the encrypted partial image, and synthesizing the decrypted partial image and the remaining image.

Meanwhile, the apparatus for protecting an image including personal information according to the present invention includes a communication unit communicating with a terminal, a storage unit for storing data, and receiving an image from a terminal through the communication unit, and storing the personal information included in the image. encrypting the image using the, storing the encrypted image in the storage unit, receiving personal information input by a user of the terminal from the terminal, and storing the encrypted image using the received personal information and a control unit for decoding and transmitting the decoded image to the terminal through the communication unit.

In this case, the controller may store the type of personal information included in the image together with the encrypted image.

In this case, the control unit receives a download request for the image from the terminal, extracts the type of personal information when the download request is received, and queries the personal information corresponding to the extracted type of personal information. It is possible to transmit to the terminal and receive personal information corresponding to the type of the extracted personal information from the terminal.

In this case, the type of personal information may be at least one of a phone number, name, resident registration number, email, passport number, driver's license number, alien registration number, credit card number, health insurance number, and account number, but is not limited thereto.

Meanwhile, the controller generates a public key using the personal information included in the image, encrypts the image using the generated public key, and the public key is based on the personal information input by the user. can be paired with the generated private key.

In this case, the controller may store the type of personal information and the public key in metadata of an exchange image file format.

Meanwhile, the controller may generate a private key using the received personal information, and decrypt the encrypted image using the generated private key.

Meanwhile, the control unit divides the image into a plurality of blocks, performs encryption on each of the plurality of blocks using personal information included in the image, and sets the type of personal information and length information of the block to the image. may be stored in metadata corresponding to , and decryption of each of the plurality of encrypted blocks may be performed using the received personal information and length information of the block.

Meanwhile, the control unit extracts a partial image in which personal information is located from the image, encrypts the partial image in which the personal information is located, stores the encrypted partial image and the remaining images, and uses the received personal information Thus, the encrypted partial image may be decrypted, and the decrypted partial image and the remaining image may be synthesized.

Meanwhile, the apparatus for protecting an image including personal information includes an image acquisition unit including at least one of a camera and a scanner, a display unit for displaying an image, a storage unit for storing data, and an image captured by the camera, the Acquire a specific image that is either an image scanned by a scanner or an image stored in the storage unit, encrypt the specific image using personal information included in the specific image, and store the encrypted specific image in the storage unit and a control unit for controlling the display unit to store in , receive input of personal information from the user, decrypt the encrypted specific image using the personal information input by the user, and display the decrypted specific image do/.

In this case, the controller stores the type of personal information included in the specific image together with the encrypted specific image, and when a display request for the specific image is received from the user, extracts the type of personal information, and A personal information query corresponding to the extracted personal information type may be displayed, and an input of personal information corresponding to the extracted personal information type may be received from the user.

According to the present invention, since personal information included in an image is detected and stored after being encrypted based on the detected personal information, there is an advantage in that personal information can be protected for an atypical electronic document such as an image.

Also, according to the present invention, an image is encrypted using personal information included in the image, and the image is decrypted using personal information input by the user. That is, according to the present invention, since the image is decoded by receiving the user's unique information that is always remembered by the user or can be easily checked in daily life, there is an advantage in that it is possible to resolve concerns about password management and loss.

Also, according to the present invention, basic information used for encryption is tagged and managed in metadata as information that may be disclosed. In addition, without storing the user's personal information in a protection device, a simple authentication step of querying personal information according to the type of user's personal information is added to acquire the key for decryption, so in the process of storing or distributing the key It has the advantage of preventing possible hacking.

In addition, according to the present invention, the type of personal information in the image is stored, and the personal information corresponding to the type of personal information is requested from the user and used for decryption. That is, since personal information used for encryption is requested again from the user and used again for decryption, there is an advantage in that information necessary for decryption can be accurately requested.

In addition, according to the present invention, the encryption/decryption key leakage can be prevented by managing the key used for encryption dually with a private key known only by the individual and a public key generated by the system. can

In addition, the general security procedure using a password is “(1) setting a password to store or encrypt data, and (2) reading data by entering the password”. However, according to the present invention, since the process of setting a password is omitted and the user only needs to perform the process of inputting a password (personal information), there is an advantage in that user convenience can be improved.

In addition, according to the present invention, there is an advantage in that the storage space can be used more efficiently because the file is stored and managed by utilizing the tag function of the metadata of the image without storing the file information in a separate recording medium, and the metadata is As it is managed separately, it is possible to prevent security from becoming weak.

1 is a block diagram illustrating an apparatus for protecting an image including personal information according to the present invention.
2 is a diagram illustrating a process of encrypting an image in blocks.
3 is a diagram for explaining a method of extracting personal information included in an image.
4 is a diagram for explaining a training method of an artificial intelligence model.
5 is a diagram for explaining the configuration of meta data of an EXchangeable Image File format (Exif).
6 is a block diagram illustrating a process of decrypting an encrypted image.
7 is a diagram for explaining an example of dividing an image into a plurality of blocks to encrypt and decrypt the image.
8 is a diagram for explaining a method of performing partial encryption processing on an area in which personal information is located.
9 is a diagram for explaining a method of protecting an image including personal information.

Hereinafter, the embodiments disclosed in the present specification will be described in detail with reference to the accompanying drawings, but the same or similar components are assigned the same reference numbers regardless of reference numerals, and redundant description thereof will be omitted. The suffixes "module" and "part" for components used in the following description are given or mixed in consideration of only the ease of writing the specification, and do not have distinct meanings or roles by themselves. In addition, in describing the embodiments disclosed in the present specification, if it is determined that detailed descriptions of related known technologies may obscure the gist of the embodiments disclosed in this specification, the detailed description thereof will be omitted. In addition, the accompanying drawings are only for easy understanding of the embodiments disclosed in the present specification, and the technical idea disclosed herein is not limited by the accompanying drawings, and all changes included in the spirit and scope of the present invention , should be understood to include equivalents or substitutes.

Terms including an ordinal number such as 1st, 2nd, etc. may be used to describe various elements, but the elements are not limited by the terms. The above terms are used only for the purpose of distinguishing one component from another.

When an element is referred to as being “connected” or “connected” to another element, it is understood that it may be directly connected or connected to the other element, but other elements may exist in between. it should be On the other hand, when it is said that a certain element is "directly connected" or "directly connected" to another element, it should be understood that the other element does not exist in the middle.

The singular expression includes the plural expression unless the context clearly dictates otherwise. In the present application, terms such as “comprises” or “have” are intended to designate that a feature, number, step, operation, component, part, or combination thereof described in the specification exists, but one or more other features It should be understood that this does not preclude the existence or addition of numbers, steps, operations, components, parts, or combinations thereof.

In implementing the present invention, components may be subdivided for convenience of description, but these components may be implemented in one device or module, or one component may be divided into a plurality of devices or modules. It can also be implemented in

1 is a block diagram illustrating an apparatus for protecting an image including personal information according to the present invention.

Here, the device for protecting an image including personal information (hereinafter referred to as a protection device) may be a device that receives and stores the image from the terminal and transmits the stored image to the terminal when there is a request from the terminal.

For example, the protection device may be a cloud server that receives and stores an image from the terminal when there is an upload request from the terminal, and transmits the stored image to the terminal when there is a download request from the terminal.

Referring to FIG. 1 , the protection device 100 may include a communication unit 110 , a control unit 120 , and a storage unit 130 .

The communication unit 110 may support wired or wireless communication between the protection device 100 and an external device.

Specifically, the communication unit 110 may provide an interface for connecting the protection device 100 to a wired/wireless network including an Internet network. The communication unit 110 may transmit or receive data with one or more terminals and other external devices through the connected network or another network linked to the connected network.

Also, the communication unit 110 may communicate with a plurality of terminals. And when images are uploaded from a plurality of terminals, the communication unit 110 may receive images from the plurality of terminals.

Also, when a download request is received from a plurality of terminals, the communication unit 110 may transmit an image to the plurality of terminals.

The controller 120 may control the overall operation of the protection device 100 .

In addition, the control unit 120 may encrypt and store the image received from the terminal, and decrypt the stored encrypted image.

In addition, the control unit 120 may include a personal information detection module 121 , an image encryption module 122 , a metadata management module 123 , and an image decryption module 124 . A detailed configuration of the control unit 120 will be described later in detail.

The storage unit 130 may store programs, contents, signal-processed images, audio or data signals, etc. for each signal processing and control in the control unit 120 .

Also, the storage unit 130 may store an application program or data for the operation of the protection device 100 .

Also, the storage unit 130 may store an image received from the terminal and metadata of the image.

2 is a diagram illustrating a process of encrypting an image in blocks.

The controller 120 may receive an image from the terminal.

Specifically, the terminal may transmit an image upload request and the image to the protection device 100 . In this case, the control unit 120 may receive the image through the communication unit 110 .

It is assumed that the received image 211 is a photograph of the resident registration card 212 and is described (210).

Meanwhile, the controller 120 may detect personal information included in the image ( 220 ).

This will be described with reference to FIG. 3 .

3 is a diagram for explaining a method of extracting personal information included in an image.

Personal information may be divided into a plurality of types.

Specifically, the type of personal information may be any one of phone number, name, resident registration number, email, passport number, driver's license number, alien registration number, credit card number, health insurance number, and account number, but is not limited thereto.

In addition, the personal information may be a unique letter, number, symbol, etc. assigned to an individual so that the individual can be identified.

For example, when the type of personal information is a phone number, the personal information may mean numbers (eg, 010-1111-0000) constituting the phone number.

For another example, when the type of personal information is a resident registration number, the personal information may be numbers (eg, 800101-2345678) constituting the resident registration number.

Meanwhile, the personal information detection module 121 in the controller 120 may extract personal information from the received image (original image) 211 .

In this case, the personal information detection module 121 may extract personal information from the received image (original image) 211 using an optical character recognition (OCR) technology.

Here, Optical Character Recognition (OCR) technology is a technology for digitally encoding text (letters, numbers, symbols, etc.) in an image scanned or photographed by an optical method.

In addition, the personal information detection module 121 uses an optical character recognition (OCR) technology to read text (letters, numbers, symbols) in the image 211 and convert it into text recognizable by the computer. can

For example, referring to FIG. 3A , the name “Hong OO” and the resident registration number “800101-2345678” are included in the image 211 . In this case, the personal information detection module 121 recognizes “Hong OO” and “800101-2345678” in the image 211 as shown in FIG. 3B , and the text “Hong” that is recognizable by the protection device 100 OO” and “800101-2345678”.

Meanwhile, in addition to optical character recognition (OCR) technology, various known techniques for recognizing letters, numbers, symbols, etc. in an image and converting them into text may be used.

Meanwhile, the personal information detection module 121 may acquire the type of personal information.

Specifically, the personal information detection module 121 may acquire the type of personal information based on an arrangement or combination of letters, numbers, and symbols in the image.

For example, the personal information detection module 121 may determine that the personal information type of the arrangement consisting of 6 digits, “-”, and 7 digits is a resident registration number.

As another example, the personal information detection module 121 may determine that the personal information type of an arrangement consisting of three characters is a name.

In addition, the personal information detection module 121, in order to obtain the type of personal information, the type of the object 310 including text (letters, numbers, symbols, etc.) in the image and the text (letters, numbers, etc.) in the object 310 , symbols, etc.) may be additionally used.

For example, the personal information detection module 121 may determine that the object 310 including text is a resident registration card using object recognition technology. In addition, the personal information detection module 121 may determine that the personal information type of the arrangement consisting of 6 digits, “-”, and 7 digits in the resident registration card is the resident registration number.

For another example, the personal information detection module 121 may determine that the object 310 including text is a resident registration card using object recognition technology. In addition, the personal information detection module 121 may determine that the personal information type of the arrangement consisting of 6 digits, “-” and 7 digits located at a place where the resident registration number is displayed in the resident registration card is the resident registration number.

On the other hand, the image may contain text in various fonts. In addition, when the text of these various fonts is converted into text that the protection device 100 can recognize, an error may occur.

And in order to prevent such an error, the personal information detection module 121 provides the text read from the image 211 to the AI model, so that the text output from the AI model (standardized text that the protection device 100 can recognize) ) can be obtained.

Here, the standardized text may be information converted so that the text read from the image 211 can be recognized by the protection device 100 . For example, the standardized text may be information obtained by converting text (or designed text) of another font read from the image 211 into text having a standardized font (eg, gothic font). As another example, the standardized text may be information obtained by converting text read from the image 211 into digital data.

4 is a diagram for explaining a training method of an artificial intelligence model.

The AI model includes a neural network, and the neural network can be trained using standardized labels and various font data. Here, the standardization label is provided as a correct answer value to the AI model for training the AI model, and the standardized text described above may be used as the standardization label.

Specifically, the training device (or protection device) may collect various font data and corresponding standardized labels 410 .

In addition, the training device (or protection device) may generate a training data set 420 including font data and standardized labels. In addition, the training apparatus may train the artificial intelligence model 430 by providing the font data as an input value and the standardization label as an output value to the artificial intelligence model 430 .

For example, if the font data provided as an input value is "ABC" designed as an input value, the standardized label provided as an output value may be "ABC" with a gothic font. For another example, if the font data provided as an input value is “ABC” with an archetype, the standardized label provided as an output value may be digital data representing ABC in binary format.

In addition, the training apparatus (or protection apparatus) may train the artificial intelligence model 430 by providing training data sets having various types of font data to the artificial intelligence model 430 . Accordingly, parameters (weight, bias, etc.) of the artificial intelligence model 430 may be optimized.

And the artificial intelligence model 430 may be mounted on the protection device 100 . In this case, when the personal information detection module 121 provides the text read from the image 211 to the artificial intelligence model 430 , the artificial intelligence model 430 detects the input data (text read from the image 211 ). It can be converted to standardized text and output. Also, even after the artificial intelligence model 430 is mounted on the protection device 100 , the personal information detection module 121 may train the artificial intelligence model 430 using the standardized label and various newly collected font data. Accordingly, the recognition rate of the artificial intelligence model 430 may be improved.

Returning to FIG. 3 again, the result processed by the personal information detection module 121 is shown in FIG. 3B .

That is, the personal information detection module 121 may output personal information and a personal information type corresponding to the personal information as a result value. When the artificial intelligence model 430 is used, the personal information detection module 121 may recognize personal information using standardized text and output the recognized personal information and personal information type corresponding to the personal information as a result value. there is.

For example, the personal information detection module 121 may output personal information such as “800101-2345678” and personal information types such as resident registration number as result values.

As another example, the personal information detection module 121 may output the personal information of “Hong OO” and the personal information type of the name as result values.

Also, the personal information detection module 121 may output a result value in a JSON format. For example, the personal information detection module 121 may output a result value having a pair of an attribute (personal information type) and a value (personal information).

Referring back to FIG. 2 , the controller 120 may encrypt the image using personal information included in the image ( 230 ).

The controller 120 may divide the image into a plurality of blocks and encrypt the image in units of the divided blocks. However, an embodiment of encrypting in units of divided blocks will be described later, and an embodiment of encrypting without dividing an image will be described.

The image encryption module 122 of the controller 120 may encrypt an image using the personal information output from the personal information detection module 121 .

Hereinafter, an asymmetric key-based encryption/decryption technique is introduced as an encryption method. However, the present invention is not limited thereto, and various encryption/decryption techniques capable of encrypting an image using personal information included in the image and decrypting the image using personal information input by a user may be used.

The asymmetric key encryption technique is based on the integer theory that it is very difficult to factor a large number. use it

For example, when n is public, it is easy to obtain q if only individuals know p, but it is impossible to obtain q if p is unknown.

That is, the key used for encryption/decryption is divided into a public key and a private key, and the contents encrypted with the public key are only the private key and the private key. key) so that it can be decrypted only with the public key.

In addition, the image encryption module 122 may generate a public key using the personal information included in the image, and may encrypt the image using the generated public key. Here, the public key may be paired with a private key generated based on personal information included in the image.

Specifically, the image encryption module 122 generates a private key based on the personal information extracted from the image, and the public key may be set to a value paired with the private key. . In addition, the image encryption module 122 may encrypt an image using a public key among a public key and a private key.

The process of generating a key used for encryption/decryption will be described in more detail as follows.

The image encryption module 122 may convert the extracted personal information string into an integer d. When there are a plurality of extracted personal information, the image encryption module 122 may select any one of the plurality of personal information and convert the corresponding string into an integer d. In this case, a sufficiently large value can be used as the integer d in order to convert not only a short string such as a name but also a long string such as a resident registration number into an integer.

In addition, the image encryption module 122 may select arbitrary natural numbers (p-1) and (q-1) that are mutually exclusive with d.

Then, the image encryption module 122 may search for e such that the remainder of dividing e·d by (p-1)(q-1) becomes 1

Then, the image encryption module 122 may obtain N by calculating N=p·q. Meanwhile, p, q, (p-1), and (q-1) may be removed without being stored in the protection device 100 .

Through this process, a public key composed of e and N and a private key composed of d and N may be generated. In this case, the public key may be expressed as {e, N} and the private key may be expressed as {d, N}. Here, e and N are disclosed, whereas d is a converted personal information that only the user knows and is not disclosed.

In addition, the image encryption module 122 may encrypt the image using the generated public key {e, N}.

Specifically, the image encryption module 122 may convert the received image into binary data. Also, the image encryption module 122 may encrypt binary data using the public key {e, N}.

The image encryption module 122 may store the encrypted image, that is, the encrypted image in the storage unit 130 . Also, the image encryption module 122 may delete the private key without storing the private key in the protection device 100 .

Meanwhile, the metadata management module 123 may store metadata of the encrypted image 251 together with storing 250 of the encrypted image 251 in the storage unit 130 .

Also, the metadata management module 123 of the controller 120 may store the type of personal information included in the image together with the encrypted image.

In this case, the metadata management module 123 may store the public key together with the type of personal information. Also, the metadata management module 123 may store the type of personal information and the public key in a manner of recording the received image (original image) metadata.

Meanwhile, in order not to separately store the type of personal information, the public key, and other extracted personal information, the metadata management module 123 includes the type of personal information in the metadata of the EXchangeable Image File format (Exif), The public key and other extracted personal information may be tagged (240).

This will be described in detail with reference to FIG. 5 .

5 is a diagram for explaining the configuration of meta data of an EXchangeable Image File format (Exif).

Referring to FIG. 5 , metadata of an EXchangeable Image File Format (Exif) for an image includes various information related to an image, such as an attribute, a date taken, and a photo size. In addition, such metadata may be received from the terminal together with the image.

In addition, the metadata management module 123 may tag metadata of an EXchangeable Image File format (Exif) without separately storing the type of personal information and the public key.

In addition, the metadata management module 123 removes personal privacy-related information (GPS information, name, etc.), and exchanges the type of personal information and the public key used for image encryption in the image file format ( It can be recorded in metadata of EXchangeable Image File format (Exif).

Here, the public key is a value paired with a private key generated using personal information in the protection device 100 .

In addition, since the personal information input by the user later is the same as the personal information included in the image, the public key may be paired with a private key generated based on the personal information input by the user.

In addition, image decryption, which will be described later, is possible only with the private key, and it is virtually impossible to find out the private key through the public key. It can be recorded in meta data as free information.

Referring to FIG. 5 , it can be seen that the type of personal information and the encryption key (public key) are tagged in the metadata.

Next, a process of decrypting the encrypted image will be described with reference to FIG. 6 .

6 is a block diagram illustrating a process of decrypting an encrypted image.

An encrypted image 251 is stored in the storage unit 130 ( 610 ).

In addition, the image decryption module 124 of the controller 120 may decrypt the encrypted image 251 stored in the storage unit 130 .

Specifically, the image decryption module 124 may receive a download request for the encrypted image 251 from the terminal through the communication unit 110 .

And when the download request is received, the image decryption module 124 may extract the type of personal information corresponding to the encrypted image 251 ( 620 ).

Specifically, the image decryption module 124 may extract the type of personal information from the metadata of the encrypted image 251 .

In this case, the image decoding module 124 may transmit a personal information query corresponding to the extracted type of personal information to the terminal ( 630 ).

For example, if the type of personal information recorded in the metadata is a resident registration number, the image decoding module 124 stores the personal information (a number array uniquely assigned to a user) corresponding to the type of personal information (resident registration number). query can be transmitted to the terminal.

Meanwhile, the terminal may receive and display a query for personal information corresponding to the type of personal information. In this case, the user may input personal information corresponding to the type of personal information into the terminal ( 630 ). In addition, the terminal may transmit the personal information input by the user to the protection device 100 .

Meanwhile, the image decoding module 124 may receive personal information input by the user of the terminal from the terminal, that is, personal information corresponding to the previously extracted type of personal information.

In this case, the image decryption module 124 may obtain a decrypted image by decrypting the encrypted image using the received personal information (640, 650).

Specifically, the image decryption module 124 may generate a private key using the received personal information, and decrypt the encrypted image using the generated private key.

The process of decrypting the encrypted image will be described in more detail as follows.

The image decryption module 124 may convert the encrypted image into binary data. Also, the image decryption module 124 may extract a public key from metadata of the encrypted image 251 .

Then, the image decoding module 124 may convert a string of personal information input by the user into an integer d to generate a private key {d, N}. Specifically, the image decryption module 124 may extract N from the public key {e, N}, and in this case, the private key {d, N} can be created.

Then, the image decryption module 124 may decrypt the encrypted image using the private key {d, N}.

Also, the image decoding module 124 may transmit the decoded image 211 to the terminal.

Next, an application example of the present invention will be described with reference to FIGS. 2 and 6 .

First, an encryption process will be described with reference to FIG. 2 .

Referring to FIG. 2 , the control unit 120 performs OCR recognition on the received image (original image) to obtain text (Hong OO) corresponding to the name and text (800101-2345678) corresponding to the resident registration number. there is.

In addition, the control unit 120 may generate an encryption key {7,55} (public key) and a decryption key {23,55} (private key) using the text string 800101-2345678 corresponding to the resident registration number. .

In addition, the control unit 120 encrypts the image using the encryption key {7,55} (public key), and stores the type of personal information (resident registration number) and the encryption key {7,55} (public key) in metadata. can

Next, a decoding process will be described with reference to FIG. 6 .

The controller 120 may extract the type of personal information (resident registration number) and the encryption key {7,55} (public key) from the metadata of the downloaded encrypted image.

In addition, the controller 120 may transmit a personal information query corresponding to the type of extracted personal information to the terminal, and receive personal information input by the user from the terminal.

On the other hand, when the resident registration number (800101-2345678) input by the user is received, the control unit 120 converts the string of the received resident registration number (800101-2345678) into the integer value 23 to decrypt the key {23,55} (private key ) can be created.

In addition, the controller 120 may decrypt the encrypted image using the decryption key {23,55} (private key), and transmit the decrypted image to the terminal.

As described above, according to the present invention, since personal information included in an image is detected and stored after being encrypted based on the detected personal information, there is an advantage in that personal information can be protected for an atypical electronic document such as an image.

Also, according to the present invention, an image is encrypted using personal information included in the image, and the image is decrypted using personal information input by the user. That is, according to the present invention, since the image is decoded by receiving the user's unique information that is always remembered by the user or can be easily checked in daily life, there is an advantage in that it is possible to resolve concerns about password management and loss.

Also, according to the present invention, basic information used for encryption is tagged and managed in metadata as information that may be disclosed. In addition, without storing the user's personal information in a protection device, a simple authentication step of querying personal information according to the type of user's personal information is added to acquire the key for decryption, so in the process of storing or distributing the key It has the advantage of preventing possible hacking.

In addition, according to the present invention, the type of personal information in the image is stored, and the personal information corresponding to the type of personal information is requested from the user and used for decryption. That is, since personal information used for encryption is requested again from the user and used again for decryption, there is an advantage in that information necessary for decryption can be accurately requested.

In addition, according to the present invention, the encryption/decryption key leakage can be prevented by managing the key used for encryption dually with a private key known only by the individual and a public key generated by the system. can

In addition, the general security procedure using a password is “(1) setting a password to store or encrypt data, and (2) reading data by entering the password”. However, according to the present invention, since the process of setting a password is omitted and the user only needs to perform the process of inputting a password (personal information), there is an advantage in that user convenience can be improved.

In addition, according to the present invention, there is an advantage in that the storage space can be used more efficiently because the file is stored and managed by utilizing the tag function of the metadata of the image without storing the file information in a separate recording medium, and the metadata is As it is managed separately, it is possible to prevent security from becoming weak.

Next, an embodiment in which an image is divided into a plurality of blocks and encrypted in units of the divided blocks will be described with reference to FIGS. 2 and 6 .

The foregoing descriptions may be applied to the following embodiments, and different points will be mainly described.

First, a process of dividing an image into a plurality of blocks and encrypting it will be described with reference to FIG. 2 .

The controller 120 may divide the received image (original image) into a plurality of blocks and perform encryption on each of the plurality of blocks.

Specifically, the controller 120 may convert the received image into binary data. In addition, the controller 120 may divide the converted binary data into blocks of a predetermined length and store them in an array. In this case, the length of the single block may be set smaller than the length of the binary data of the image.

Then, the controller 120 may perform encryption on the divided block unit data b _i using the public key {e, N}.

This can be expressed by the following formula.

Then, the control unit 120 may repeatedly perform encryption on all of the block unit data divided into a plurality of pieces. Then, the controller 120 may store the data encrypted in block units in an array, and generate an encrypted image by using information about the stored array.

Also, the controller 120 may delete the received image (original image) and store the encrypted image file in the storage unit 130 .

Meanwhile, the controller 120 may store the block length information together with the encrypted image.

In this case, the controller 120 may store information on the type of personal information, the public key, and the length of the block. In addition, the controller 120 may store the type of personal information, the public key, and the block length information in a manner of recording the received image (original image) metadata.

Here, the block length information may include the number of divided blocks. However, the present invention is not limited thereto, and various types of information that can indicate the length of the block may be used as the length information of the block.

Meanwhile, the type of personal information, the public key, and the block length information may be tagged in metadata of an EXchangeable Image File format (Exif).

Next, a process of decrypting an image divided into a plurality of blocks and encrypted will be described with reference to FIG. 6 .

The control unit 120 may decrypt the encrypted image stored in the storage unit 130 .

When the download request is received, the controller 120 may extract the type of personal information from the metadata of the encrypted image 251 .

In addition, the controller 120 may transmit a personal information query corresponding to the extracted personal information type to the terminal.

In addition, the controller 120 may receive personal information input by the user of the terminal from the terminal, that is, personal information corresponding to the previously extracted type of personal information.

In this case, the controller 120 may decrypt each of the plurality of encrypted blocks by using the received personal information and the block length information.

Specifically, the controller 120 may convert the encrypted image 251 into binary data. Also, the controller 120 may extract the public key and block length information from the metadata of the encrypted image 251 .

Then, the controller 120 may divide the converted binary data into a plurality of blocks and store the converted binary data in an array by using the block length information extracted from the metadata.

Then, the controller 120 may decrypt the divided block unit data encrypt_b _i using the private key {d, N}.

This can be expressed by the following formula.

Then, the controller 120 may repeatedly perform decoding on all of the block unit data divided into a plurality of pieces. Then, the controller 120 may store the data decoded in block units as an array, and generate a decoded image by using the stored information on the array.

Then, the controller 120 may transmit the decoded image to the terminal.

Next, an application example of the present invention will be described with reference to FIG. 7 .

7 is a diagram for explaining an example of dividing an image into a plurality of blocks to encrypt and decrypt the image.

The controller 120 may divide the received image (original image) into a plurality of blocks.

In addition, the controller 120 may generate an encryption key {7,55} (public key) and a decryption key {23,55} (private key) by using the character string 800101-2345678 of personal information included in the image. .

In this case, the controller 120 may perform encryption on each of the plurality of blocks using the encryption key {7,55} (public key).

For example, if it is assumed that the plaintext data of a specific block is 15, the encrypted data of 5 is obtained by going through the encryption process of “15 ⁷ mod 55 = 5” using the encryption key {7,55} (public key). can be obtained. And by performing this process for a plurality of blocks, a plurality of encrypted blocks may be generated.

Then, the controller 120 may generate one encrypted whole image by merging the plurality of encrypted blocks, and store the generated whole image.

In addition, the control unit 120 may store the type of personal information, encryption key {7,55} (public key), and block length information in the metadata.

Meanwhile, the controller 120 may extract the type of personal information, the encryption key {7,55} (public key), and the length of the block from the metadata of the downloaded encrypted image.

Then, when the personal information input by the user is received, the controller 120 may convert the received personal information string into an integer value 25 to generate a decryption key {23,55} (private key).

Also, the controller 120 may divide the entire encrypted image into a plurality of encrypted blocks by using the block length information.

Then, the controller 120 may decrypt each of the plurality of encrypted blocks using the decryption key {23,55} (private key).

For example, if it is assumed that the encrypted data of a specific block is 5, the plaintext data of 15 is obtained by going through the decryption process of “5 ²³ mod 55 = 15” using the decryption key {23,55} (private key). can be obtained. And by performing this process for a plurality of blocks, a plurality of decoded blocks may be generated.

Then, the controller 120 may merge the plurality of decoded blocks to generate one decoded entire image and transmit the generated entire image to the terminal.

As described above, according to the present invention, there is an advantage in that security can be improved by performing encryption and decryption in units of a plurality of blocks.

Next, a method of performing partial encryption processing on an area in which personal information is located will be described with reference to FIG. 8 .

8 is a diagram for explaining a method of performing partial encryption processing on an area in which personal information is located.

The controller 120 may encrypt a partial image of a region where personal information is located.

Specifically, the controller 120 may extract a partial image in which personal information is located from the received image (original image) 710 . Here, the partial image in which the personal information is located may be an image of the region 720 in which an object including personal information is located, or an image of the regions 730 and 740 in which the personal information is located.

Meanwhile, the controller 120 may encrypt a partial image in which personal information is located. As a method of encrypting/decrypting a partial image, the method of encrypting/decrypting the entire image described above may be applied.

Also, the controller 120 may divide the partial image in which the personal information is located into a plurality of blocks and perform encryption on each of the plurality of blocks. As a method of dividing a partial image into a plurality of blocks and encrypting/decrypting it, the method of encrypting/decrypting a plurality of blocks of the entire image described above may be applied.

Then, the controller 120 may store the encrypted partial image and the remaining images. Here, the remaining image means an image excluding a partial image from the entire image, and may mean an unencrypted image.

Meanwhile, the controller 120 may decrypt the encrypted partial image using personal information input by the user.

Then, the controller 120 may generate a full image by synthesizing the decoded partial image with the remaining images, and transmit the generated full image to the terminal.

As described above, according to the present invention, there is an advantage in that the amount of computation can be reduced by encrypting only the area requiring protection (the area in which personal information is located).

9 is a diagram for explaining a method of protecting an image including personal information.

The method 900 for protecting an image including personal information may include receiving an image from a terminal ( S910 ).

Also, the method 900 for protecting an image including personal information may include encrypting the image using the personal information included in the image and storing the encrypted image (S920).

Specifically, encrypting the image using personal information included in the image and storing the encrypted image (S920) may include storing the type of personal information included in the image together with the encrypted image. .

In this case, the step of storing the type of personal information included in the image together with the encrypted image may include storing the type of personal information and the public key in metadata of an exchange image file format.

In addition, encrypting the image using the personal information included in the image, and storing the encrypted image (S920) generates a public key using the personal information included in the image and encrypts the image using the generated public key may include the step of In this case, the public key may be paired with a private key generated based on personal information input by the user.

Here, the type of personal information may be at least one of a phone number, name, resident registration number, email, passport number, driver's license number, alien registration number, credit card number, health insurance number, and account number, but is not limited thereto.

Meanwhile, in the block-by-block encryption embodiment, encrypting the image using personal information included in the image, and storing the encrypted image (S920) divides the image into a plurality of blocks, and the individual included in the image. The method may include performing encryption on each of the plurality of blocks using the information, and storing type and block length information of personal information in metadata corresponding to the image.

Also, in an embodiment of encrypting a partial image in which personal information is located, the step of encrypting the image using personal information included in the image and storing the encrypted image (S920) is, from the image, the partial image in which personal information is located It may include extracting, encrypting a partial image in which personal information is located, and storing the encrypted partial image and the remaining images.

Meanwhile, the method 900 for protecting an image including personal information may include receiving personal information input by a user of the terminal from the terminal ( S930 ).

Specifically, the step of receiving the personal information input by the user of the terminal from the terminal (S930), the step of receiving a download request for the image from the terminal, when the download request is received, extracting the type of personal information, The method may include transmitting a personal information query corresponding to the type of personal information to the terminal, and receiving personal information corresponding to the type of personal information extracted from the terminal.

Meanwhile, the method 900 for protecting an image including personal information may include decrypting the encrypted image using the received personal information ( S940 ).

Specifically, the step of decrypting the encrypted image using the received personal information (S940) includes generating a private key using the received personal information and decrypting the encrypted image using the generated private key. can do.

On the other hand, in the embodiment of decrypting the image encrypted in block units, the step of decrypting the encrypted image using the received personal information ( S940 ) includes a plurality of blocks encrypted using the received personal information and block length information. It may include performing decoding for each.

Also, in an embodiment of encrypting the partial image in which the personal information is located, the step of decrypting the encrypted image using the received personal information (S940) includes the steps of decrypting the encrypted partial image using the received personal information, and synthesizing the decoded partial image and the remaining images.

Meanwhile, the method 900 for protecting an image including personal information may include transmitting the decrypted image to the terminal (S950).

Meanwhile, in FIGS. 1 to 9, a protection device serving as a data storage has been described. However, the present invention may be performed not only in a protection device serving as a data storage, but also in a general terminal for photographing or scanning.

In this case, the protection device 100 may further include an input unit for receiving an input from a user and a display unit for displaying an image.

Also, the protection device 100 may include an image acquisition unit including at least one of a camera and a scanner.

In addition, the controller 120 may acquire a specific image to be encrypted. Specifically, the controller 120 may acquire an image photographed by a camera or an image scanned by a scanner as a specific image to be encrypted. Also, the controller 120 may acquire a specific image to be encrypted by reading an image pre-stored in the storage unit 130 .

In this case, the controller 120 may encrypt a specific image using personal information included in the specific image, and store the encrypted specific image in the storage unit. Also, the controller 120 may store the type of personal information included in the image together with the encrypted image.

Also, the controller 120 may receive an input of personal information from the user. Specifically, when a display request for a specific image is received from the user, the controller 120 may control the display unit to extract a type of stored personal information and display a personal information query corresponding to the extracted type of personal information. .

In this case, the control unit 120 may receive an input of personal information corresponding to the type of personal information extracted through the input unit.

In addition, the controller 120 may decrypt the encrypted specific image using the personal information input by the user and control the display unit to display the decrypted specific image.

As described above, according to the present invention, even in devices that directly generate images such as mobile phones and scanners, images containing personal information are encrypted and stored, and when it is necessary to display the image, the image is decrypted using the personal information input by the user. By doing so, an image can be provided to the user.

The present invention described above can be implemented as computer-readable codes on a medium in which a program is recorded. The computer-readable medium includes all types of recording devices in which data readable by a computer system is stored. Examples of computer-readable media include Hard Disk Drive (HDD), Solid State Disk (SSD), Silicon Disk Drive (SDD), ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage device, etc. There is this. In addition, the computer may include a control unit. Accordingly, the above detailed description should not be construed as restrictive in all respects but as exemplary. The scope of the present invention should be determined by a reasonable interpretation of the appended claims, and all modifications within the equivalent scope of the present invention are included in the scope of the present invention.

100: protection device 110: communication unit
120: control unit 130: storage unit

Claims (20)

receiving an image from a terminal;
encrypting the image using personal information included in the image, and storing the encrypted image;
receiving personal information input by a user of the terminal from the terminal;
decrypting the encrypted image using the received personal information; and
Transmitting the decoded image to the terminal; including
How to protect images that contain personal information. The method of claim 1,
Storing the encrypted image comprises:
Storing the type of personal information included in the image together with the encrypted image; including
How to protect images that contain personal information. 3. The method of claim 2,
Receiving personal information from the terminal comprises:
receiving a download request for the image from the terminal;
when the download request is received, extracting the type of personal information and transmitting a personal information query corresponding to the extracted type of personal information to the terminal; and
Receiving the personal information corresponding to the type of the extracted personal information from the terminal;
How to protect images that contain personal information. 4. The method of claim 3,
The type of personal information is,
At least one of phone number, name, resident registration number, email, passport number, driver's license number, alien registration number, credit card number, health insurance number and account number
How to protect images that contain personal information. 4. The method of claim 3,
The step of encrypting the image by using the personal information included in the image,
Including; generating a public key using the personal information included in the image, and encrypting the image using the generated public key;
The public key is
Paired with a private key generated based on the personal information input by the user
How to protect images that contain personal information. 6. The method of claim 5,
The step of storing the type of personal information included in the image with the encrypted image comprises:
Storing the type of personal information and the public key in metadata of an exchange image file format
How to protect images that contain personal information. 6. The method of claim 5,
Decrypting the encrypted image using the received personal information comprises:
generating a private key using the received personal information, and decrypting the encrypted image using the generated private key;
How to protect images that contain personal information. 3. The method of claim 2,
Encrypting the image by using the personal information included in the image, and storing the encrypted image,
dividing the image into a plurality of blocks and performing encryption on each of the plurality of blocks using personal information included in the image; and
Storing the type and block length information of the personal information in metadata corresponding to the image;
Decrypting the encrypted image using the received personal information comprises:
performing decryption on each of the plurality of encrypted blocks by using the received personal information and length information of the block;
How to protect images that contain personal information. The method of claim 1,
Encrypting the image by using the personal information included in the image, and storing the encrypted image,
extracting a partial image in which personal information is located from the image;
encrypting a partial image in which the personal information is located; and
Including; storing the encrypted partial image and the remaining images;
Decrypting the encrypted image using the received personal information comprises:
decrypting the encrypted partial image using the received personal information; and
synthesizing the decoded partial image and the remaining image; including
How to protect images that contain personal information. a communication unit for communicating with the terminal;
a storage unit for storing data; and
Receives an image from a terminal through the communication unit, encrypts the image using personal information included in the image, stores the encrypted image in the storage unit, and receives an image input by a user of the terminal from the terminal A control unit that receives personal information, decrypts the encrypted image using the received personal information, and transmits the decrypted image to the terminal through the communication unit; including a
A safeguard for images that contain personal information. 11. The method of claim 10,
The control unit is
Storing the type of personal information included in the image with the encrypted image
A safeguard for images that contain personal information. 12. The method of claim 11,
The control unit is
receiving a download request for the image from the terminal, extracting the type of personal information when the download request is received, and transmitting a personal information query corresponding to the extracted type of personal information to the terminal; Receiving personal information corresponding to the type of personal information extracted from the terminal
A safeguard for images that contain personal information. 13. The method of claim 12,
The type of personal information is,
At least one of phone number, name, resident registration number, email, passport number, driver's license number, alien registration number, credit card number, health insurance number and account number
A safeguard for images that contain personal information. 13. The method of claim 12,
The control unit is
generating a public key using the personal information included in the image, encrypting the image using the generated public key,
The public key is
Paired with a private key generated based on the personal information input by the user
A safeguard for images that contain personal information. 15. The method of claim 14,
The control unit is
Storing the type of personal information and the public key in metadata of an exchange image file format
A safeguard for images that contain personal information. 15. The method of claim 14,
The control unit is
generating a private key using the received personal information, and decrypting the encrypted image using the generated private key
A safeguard for images that contain personal information. 11. The method of claim 10,
The control unit is
The image is divided into a plurality of blocks, encryption is performed on each of the plurality of blocks using the personal information included in the image, and the type and block length information of the personal information are stored in metadata corresponding to the image. and performing decryption on each of the plurality of encrypted blocks using the received personal information and length information of the block.
A safeguard for images that contain personal information. 11. The method of claim 10,
The control unit is
Extracts a partial image in which personal information is located from the image, encrypts a partial image in which the personal information is located, stores the encrypted partial image and the remaining images, and uses the received personal information to encrypt the encrypted portion Decoding the image, and synthesizing the decoded partial image and the remaining image
A safeguard for images that contain personal information. an image acquisition unit including at least one of a camera and a scanner;
a display unit for displaying an image;
a storage unit for storing data; and
Obtaining a specific image that is any one of an image taken by the camera, an image scanned by the scanner, or an image stored in the storage unit, and encrypting the specific image using personal information included in the specific image, Storing the encrypted specific image in the storage unit, receiving input of personal information from a user, decrypting the encrypted specific image using the personal information input by the user, and displaying the decrypted specific image a control unit for controlling the display unit to
A safeguard for images that contain personal information. 20. The method of claim 19,
The control unit is
Storing the type of personal information included in the specific image together with the encrypted specific image,
When a display request for the specific image is received from the user, the type of personal information is extracted, a query of personal information corresponding to the extracted type of personal information is displayed, and the To receive input of personal information from users
A safeguard for images that contain personal information.

Images