KR20230139965A - Method and device for delivering notification information about security threats - Google Patents

Abstract

A method of delivering notification information about a security threat of the present invention receives as input information about at least one action performed by a user to access a security device, and based on the at least one action, generates information on the security device. A judgment related to a security threat may be made, and notification information based on the judgment may be displayed to the user.

Description

{Method and device for delivering notification information about security threats}

This disclosure provides a method and device for delivering notification information about security threats.

Recently developed security solutions have been developed mainly by developers and researchers, so they have the problem of being difficult for general users to use or access. Additionally, in the case of mobile and IoT (Internet of Things) devices, it is difficult to directly apply conventional PC and server-based security solutions due to the limited user interface.

In addition, non-face-to-face services such as large-scale telecommuting have recently been on the rise, and as a result, the general public is frequently using security services, but there are many inconveniences due to lack of convenience when using security services.

Accordingly, there is a need to develop an authentication system to improve security convenience for the general public.

The present invention provides a method and device for delivering notification information about security threats.

The problem to be solved by the present invention is not limited to the problems mentioned above, and other problems and advantages of the present invention that are not mentioned can be understood through the following description and can be understood more clearly by the embodiments of the present invention. It will be. In addition, it can be seen that the problems and advantages to be solved by the present invention can be realized by the means and combinations thereof indicated in the patent claims.

As a technical means for achieving the above-described technical problem, a first aspect of the present disclosure is a method of delivering notification information about a security threat, including information about at least one action performed by a user to access a security device. receiving as input; Based on the at least one action, performing a determination related to a security threat occurring in the security device; and displaying notification information based on the determination to the user.

Additionally, in the displaying step, the notification information may be displayed using a visual display device or an audible display device included in the security device.

Additionally, the displaying step may display the notification information based on at least one of the color of light displayed on the visual display device, the brightness level of light, and the blinking speed of light.

In addition, the displaying step may display the notification information based on at least one of the intensity of the voice output from the auditory display device, the period of the voice, and the frequency of the voice.

A second aspect of the present disclosure is a device for delivering notification information about a security threat, comprising: a memory storing at least one program; and a processor that performs an operation by executing the at least one program, the processor receiving as input information about at least one action performed by a user to access the security device, and the at least one program Based on the behavior, a judgment related to a security threat occurring in the security device may be made, and notification information based on the judgment may be displayed to the user.

A third aspect of the present disclosure may provide a computer-readable recording medium recording a program for executing the method according to the first aspect on a computer.

According to the problem-solving means of the present disclosure described above, the security server can obtain the user's personal information from a module in which the user's personal information is stored and allow the user to access the security device. Accordingly, the user can access the security device without directly performing a separate authentication procedure.

In addition, according to another problem-solving method of the present disclosure, the security server can generate authentication requirements for the user to access the security device based on information about a plurality of actions performed by the user. Accordingly, even if the user does not directly perform a separate authentication procedure, he or she may be permitted to access the security device if he or she performs a series of actions that satisfy the authentication requirements.

In addition, according to another problem-solving method of the present disclosure, the security server can effectively display notification information about security threats occurring in a security device to the user.

In addition, according to another problem-solving means of the present disclosure, the security server generates a security threat scenario based on information about at least one action performed by the user, and provides a security threat scenario to the user to access the security device based on the security threat scenario. Authentication methods can be recommended.

1 is a diagram illustrating an authentication system capable of accessing a security device according to an embodiment.
Figure 2 is a diagram illustrating how a security server determines whether to authenticate according to an embodiment.
Figure 3 is a diagram illustrating how a security server determines whether to authenticate according to an embodiment.
Figure 4 is a flowchart showing an authentication method for a user to access a security device according to an embodiment.
FIG. 5 is a diagram illustrating derivation of first information based on information about a plurality of actions performed by a user according to an embodiment.
FIG. 6 is a diagram illustrating a security server according to an embodiment generating authentication requirements based on first information.
Figure 7 is a flowchart of a method for delivering notification information about a security threat according to an embodiment.
FIG. 8 is a diagram illustrating displaying notification information based on a judgment related to a security threat according to an embodiment.
FIG. 9 is a flowchart illustrating a method for responding to security threats that occur when a user accesses a security device according to an embodiment.
FIG. 10 is a diagram illustrating recommending an authentication method for accessing a security device to a user based on a security threat scenario according to an embodiment.
Figure 11 shows an example of a block diagram of a security server.

The advantages and features of the present invention and methods for achieving them will become clear by referring to the embodiments described in detail together with the accompanying drawings. However, the present invention is not limited to the embodiments presented below, but may be implemented in various different forms, and should be understood to include all conversions, equivalents, and substitutes included in the spirit and technical scope of the present invention. . The embodiments presented below are provided to ensure that the disclosure of the present invention is complete and to fully inform those skilled in the art of the scope of the invention. In describing the present invention, if it is determined that a detailed description of related known technologies may obscure the gist of the present invention, the detailed description will be omitted.

The terms used in this application are only used to describe specific embodiments and are not intended to limit the invention. Singular expressions include plural expressions unless the context clearly dictates otherwise. In this application, terms such as “comprise” or “have” are intended to designate the presence of features, numbers, steps, operations, components, parts, or combinations thereof described in the specification, but are not intended to indicate the presence of one or more other features. It should be understood that this does not exclude in advance the possibility of the existence or addition of elements, numbers, steps, operations, components, parts, or combinations thereof.

Some embodiments of the present disclosure may be represented by functional block configurations and various processing steps. Some or all of these functional blocks may be implemented in various numbers of hardware and/or software configurations that perform specific functions. For example, the functional blocks of the present disclosure may be implemented by one or more microprocessors, or may be implemented by circuit configurations for certain functions. Additionally, for example, functional blocks of the present disclosure may be implemented in various programming or scripting languages. Functional blocks may be implemented as algorithms running on one or more processors. Additionally, the present disclosure may employ prior art for electronic environment setup, signal processing, and/or data processing, etc. Terms such as “mechanism,” “element,” “means,” and “configuration” will be used broadly. It can be done and is not limited to mechanical and physical configurations.

Additionally, connection lines or connection members between components shown in the drawings merely exemplify functional connections and/or physical or circuit connections. In an actual device, connections between components may be represented by various replaceable or additional functional connections, physical connections, or circuit connections.

Hereinafter, the present disclosure will be described in detail with reference to the attached drawings.

1 is a diagram illustrating an authentication system capable of accessing a security device according to an embodiment.

The authentication system 1000 capable of accessing a security device according to an embodiment may include a security server 100, a user device 110, and a security device 120. Meanwhile, only components related to one embodiment are shown in the authentication system 1000 capable of accessing the security device shown in FIG. 1. Accordingly, it is obvious to those skilled in the art that the authentication system 1000 capable of accessing a security device may further include other general-purpose components in addition to the components shown in FIG. 1. Meanwhile, the security server 100 and the security device 120 may correspond to independent configurations as shown in FIG. 1, but are not limited thereto, and the security server 100 is a configuration included in the security device 120. It may apply to .

The security server 100, user device 110, and security device 120 may communicate using a network. For example, networks include Local Area Network (LAN), Wide Area Network (WAN), Value Added Network (VAN), mobile radio communication network, satellite communication network, and their It is a comprehensive data communication network that includes mutual combinations and allows each network constituent shown in Figure 1 to communicate smoothly with each other, and may include wired Internet, wireless Internet, and mobile wireless communication networks. In addition, wireless communications include, for example, wireless LAN (Wi-Fi), Bluetooth, Bluetooth low energy, ZigBee, WFD (Wi-Fi Direct), UWB (ultra wideband), and infrared communications (IrDA). Data Association), NFC (Near Field Communication), etc., but are not limited to these.

When a user attempts to access the security device 120, the security server 100 may determine whether the user has completed authentication to access the security device 120. If it is determined that the user has completed authentication, the security server 100 may allow the user to access the security device 120.

The user device 110 and the security device 120 include smartphones, tablet PCs, PCs, smart TVs, mobile phones, personal digital assistants (PDAs), laptops, media players, micro servers, global positioning system (GPS) devices, and electronic devices. It may be, but is not limited to, book terminals, digital broadcasting terminals, navigation devices, kiosks, MP3 players, digital cameras, home appliances, devices equipped with cameras, and other mobile or non-mobile computing devices.

Figure 2 is a diagram illustrating how a security server determines whether to authenticate according to an embodiment.

The user device 110 according to one embodiment may include a module in which the user's personal information is stored. For example, the module in which the user's personal information is stored may include at least one of a (Near Field Communication) module, an RFID (Radio-Frequency Identification) module, and a USIM (Universal Subscriber Identity Module) module, but is not limited thereto. .

The security server 100 according to one embodiment may include an authentication determination module 210 that determines whether the user is an authenticated user who can access the security device 120. For example, the authentication determination module 210 may obtain the user's personal information from a module in which the user's personal information is stored and determine whether to authenticate the user based on the user's personal information. If it is determined that the user has completed authentication, the security server 100 may allow the user to access the security device 120.

Referring to FIG. 2, the user device 110 may include a USIM module 200, and the USIM module 200 may include the user's personal information. The authentication determination module 210 of the security server 100 may obtain the user's personal information from the USIM module 200 and determine whether to authenticate the user based on the user's personal information. If it is determined that the user has completed authentication, the user of the user device 110 is allowed to access the security device 120.

Figure 3 is a diagram illustrating how a security server determines whether to authenticate according to an embodiment.

The user device 110 according to one embodiment may include a module in which the user's personal information is stored and a module in which the user's location information is stored. For example, the module in which the user's personal information is stored may include at least one of a (Near Field Communication) module, an RFID (Radio-Frequency Identification) module, and a USIM (Universal Subscriber Identity Module) module, but is not limited thereto. . Additionally, for example, the module in which the user's location information is stored may correspond to a Global Positioning System (GPS) module, but is not limited thereto.

The security server 100 according to one embodiment may include an authentication determination module 320 that determines whether the user is an authenticated user who can access the security device 120.

Referring to FIG. 3, the user device 110 may include an NFC module 300, and the NFC module 300 may include the user's personal information. Additionally, the user device 110 may include a GPS module 310, and the GPS module 310 may include the user's location information. Additionally, the authentication determination module 320 of the security server 100 can obtain the user's personal information from the NFC module 300 and the user's location information from the GPS module 310. The authentication determination module 320 may determine whether to authenticate based on the user's personal information and the user's location information. For example, the authentication determination module 320 determines that the user can access the security device 120 based on the user's personal information, and includes the user's location in the preset location accessible to the security device 120. If confirmed, the user of the user device 110 may be permitted to access the secure device 120.

Meanwhile, the security server 100 may use a method of determining user authentication using slides, tabs, keystrokes, etc. along with the method described above in FIGS. 2 and 3.

In addition, as described above, the security server 100 determines whether the user is an authenticated user who can access the security device 120 based on the user's personal information or the user's location information included in the user device 110. can be determined, but is not limited to this. In one embodiment, the security server 100 may generate authentication requirements for the user to access the security device 120 based on information about a plurality of actions performed by the user, and a user who satisfies the authentication requirements may be generated. may be permitted to access the security device 120.

Alternatively, in one embodiment, the security server 100 may determine whether the user has been authenticated using both the authentication method described above with reference to FIGS. 2 and 3 and the authentication method described later with reference to FIGS. 4 and 6 below.

Figure 4 is a flowchart showing an authentication method for a user to access a security device according to an embodiment.

Referring to FIG. 4, in step 410, the security server 100 may receive information about a plurality of actions performed by the user as input.

In step 420, the security server 100 may derive first information including content information, time information, and location information of the action performed by the user for at least one action among a plurality of actions.

FIG. 5 is a diagram illustrating derivation of first information based on information about a plurality of actions performed by a user according to an embodiment.

Referring to FIG. 5, the security server 100 may obtain information about a plurality of actions performed by the user through at least one user terminal or at least one sensor included in the security server 100. It is not limited to this.

For example, referring to FIG. 5, the security server 100 displays 'an alarm ringing at 8 o'clock in the user's house and the user turning off the alarm', 'an act of the user turning on the TV at 8:10 in the user's home'. ' and 'the act of the user turning on the laptop at 8:30 in the user's home' can be obtained.

The security server 100 may derive content information, time information, and location information of the actions performed by the user for each of the plurality of actions performed by the user. For example, for 'the alarm rings at 8 o'clock in the user's home and the user turns off the alarm,' 'alarm off/8 o'clock/user's home' can be derived in the order of content information, time information, and location information. there is. Similarly, for 'the act of the user turning on the TV at 8:10 in the user's home', 'turning on the TV/8:10/user's home' can be derived, and 'the user turning on the TV at 8:00 in the user's home' can be derived. For the ‘act of turning on the laptop at 30 minutes’, ‘turning on the laptop / 8:30 / user’s home’ can be derived. Finally, the security server 100 may derive first information 510 including content information, time information, and location information derived for each of a plurality of actions performed by the user.

Returning to FIG. 4, in step 430, the security server 100 may generate authentication requirements for accessing the security device based on the first information.

FIG. 6 is a diagram illustrating a security server according to an embodiment generating authentication requirements based on first information.

In one embodiment, the security server 100 may utilize a profiling technique to generate authentication requirements for accessing the security device from the first information.

For example, the security server 100 is between 8:00 and 8:30 from the first information 510 including content information, time information, and location information derived for each of a plurality of actions performed by the user. An authentication requirement 600 can be created in which authentication is completed only when the user turns off the alarm, turns on the TV, or turns on the laptop in the user's home.

In one embodiment, the security server 100 may generate authentication requirements by performing reinforcement learning using the first information as learning data.

Or, for example, the security server 100 may derive second information about the order in which a plurality of actions were performed and create authentication requirements based on the first information and the second information. For example, the security server 100 includes first information 510 and 'the alarm rings at 8 o'clock in the user's home and the user turns off the alarm', 'the user turns on the TV at 8:10 in the user's home'. Based on the second information about the sequence between the 'action of turning on the laptop' and 'the action of the user turning on the laptop at 8:30 at the user's home', an alarm is set at the user's home between 8:00 and 8:30. You can create an authentication requirement that the actions of turning off the TV, turning on the TV, and turning on the laptop must be performed sequentially to complete authentication.

Meanwhile, the method of generating authentication requirements based on the first information or the second information is not limited to the above-described examples, and authentication requirements can be created in various ways.

Meanwhile, the security server 100 can effectively deliver notification information about security threats that occur in the process of the user accessing the security device 120 to the user.

Figure 7 is a flowchart of a method for delivering notification information about a security threat according to an embodiment.

Referring to FIG. 7, in step 710, the security server 100 may receive as input information about at least one action performed by the user to access the security device.

In step 720, the security server 100 may make a determination related to a security threat occurring in the security device based on at least one action.

In step 730, the security server 100 may display notification information based on the judgment to the user.

In one embodiment, the security server 100 may display notification information using a visual display device or an audible display device included in the security device 120. For example, a visual display device may correspond to a light emitting diode (LED) that emits light of a specific color, but is not limited thereto and applies to any device that can visually deliver notification information based on judgment related to security threats to the user. can do.

Additionally, in one embodiment, the security server 100 may display notification information based on at least one of the color of light displayed on the visual display device, the brightness level of the light, and the blinking speed of the light.

FIG. 8 is a diagram illustrating displaying notification information based on a judgment related to a security threat according to an embodiment.

For example, referring to FIG. 8, the security server 100 may receive personal information including a resident registration number from the user as input in order to access the security device 120. The security server 100 may determine that there is a security threat of personal information leakage if the user enters personal information including the resident registration number, and may send notification information based on this judgment through a visual display device included in the security device 120. It can be displayed using .

Alternatively, in one embodiment, the security server 100 may display notification information based on at least one of the intensity of the voice output from the auditory display device, the period of the voice, and the frequency of the voice. For example, an auditory display device may correspond to a speaker, but is not limited thereto and may correspond to any device that can audibly transmit notification information based on a judgment related to a security threat to the user.

Alternatively, in one embodiment, the security server 100 may display notification information in the form of text, graphs, or charts using a visual display device.

Meanwhile, the security server 100 can create a security threat scenario in response to security threats that occur in the process of the user accessing the security device 120, and recommend a new authentication method to the user based on the security threat scenario. You can.

Figure 9 is according to one embodiment. This is a diagram showing a flowchart of a method to respond to security threats that occur when a user accesses a security device.

Referring to FIG. 9, in step 910, the security server 100 may receive as input information about at least one action performed by the user to access the security device.

In step 920, the security server 100 may generate a security threat scenario for at least one action.

For example, the security server 100 may derive first information including content information, time information, and location information of the action performed by the user for at least one action, and detect security threats based on the first information. Scenarios can be created. The method by which the security server 100 derives the first information is as shown in FIG. 5 described above, and the security server 100 may generate a security threat scenario based on at least one of content information, time information, and location information. .

In one embodiment, the security server 100 may generate a security threat scenario by performing reinforcement learning using the first information as learning data.

In step 930, the security server 100 may recommend an authentication method for accessing the security device to the user based on the security threat scenario.

FIG. 10 is a diagram illustrating recommending an authentication method for accessing a security device to a user based on a security threat scenario according to an embodiment.

For example, referring to FIG. 10, in order to access the security device 120 and conduct a video conference, the security server 100 requests that the user provide personal information including the resident registration number at the user's home at 9 a.m. Information about the ‘entered action’ can be received as input. The security server 100 may create a security threat scenario based on 'entering personal information including resident registration number' corresponding to the content information of the action performed by the user. For example, the security server 100 may create a security threat scenario in which personal information including resident registration number may be leaked, and accordingly, the security server 100 may transmit notification information to change the recall meeting authentication method. You can. For example, the security server 100 may recommend an authentication method by setting an ID and password.

Figure 11 shows an example of a block diagram of a security server.

Referring to FIG. 11, the security server 1100 may include a communication unit 1110, a processor 1120, and a DB 1130. In the security server 1100 of FIG. 11, only components related to the embodiment are shown. Accordingly, those skilled in the art can understand that other general-purpose components may be included in addition to the components shown in FIG. 11.

The communication unit 1110 may include one or more components that enable wired/wireless communication with the security server 1100. For example, the communication unit 1110 may include at least one of a short-range communication unit (not shown), a mobile communication unit (not shown), and a broadcast receiver (not shown).

The DB 1130 is hardware that stores various data processed within the security server 1100, and can store programs for processing and control of the processor 1120.

The DB 1130 is a random access memory (RAM) such as dynamic random access memory (DRAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), CD- It may include ROM, Blu-ray or other optical disk storage, a hard disk drive (HDD), a solid state drive (SSD), or flash memory. The processor 1120 controls the overall operation of the security server 1100. For example, the processor 1120 can generally control the input unit (not shown), display (not shown), communication unit 1110, DB 1130, etc. by executing programs stored in the DB 1130. The processor 1120 can control the operation of the security server 1100 by executing programs stored in the DB 1130.

The processor 1120 includes application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), controllers, and microcontrollers. It may be implemented using at least one of micro-controllers, microprocessors, and other electrical units for performing functions.

Various embodiments of the present disclosure may be implemented as software (eg, a program) including one or more instructions stored in a storage medium that can be read by a machine. For example, the processor of the device may call at least one instruction among one or more instructions stored from a storage medium and execute it. This allows the device to be operated to perform at least one function according to the at least one instruction called. The one or more instructions may include code generated by a compiler or code that can be executed by an interpreter. A storage medium that can be read by a device may be provided in the form of a non-transitory storage medium. Here, 'non-transitory' only means that the storage medium is a tangible device and does not contain signals (e.g. electromagnetic waves). This term refers to cases where data is stored semi-permanently in the storage medium. There is no distinction between temporary storage cases.

According to one embodiment, methods according to various embodiments of the present disclosure may be included and provided in a computer program product. Computer programs and products are commodities and can be traded between sellers and buyers. The computer program product may be distributed in the form of a machine-readable storage medium (e.g. compact disc read only memory (CD-ROM)) or through an application store (e.g. Play StoreTM) or between two user devices. It may be distributed in person or online (e.g., downloaded or uploaded). In the case of online distribution, at least part of the computer program product may be at least temporarily stored or temporarily created in a machine-readable storage medium, such as the manufacturer's server, the server of an application store, or the memory of a relay server.

Additionally, in this specification, “unit” may be a hardware component such as a processor or circuit, and/or a software component executed by the hardware component such as a processor.

The scope of this embodiment is indicated by the patent claims described later rather than the detailed description above, and should be interpreted to include all changes or modified forms derived from the meaning and scope of the claims and their equivalent concepts.

Claims (6)

In a method of delivering notification information about security threats,
Receiving as input information about at least one action performed by the user to access the secure device;
Based on the at least one action, performing a determination related to a security threat occurring in the security device; and
displaying notification information based on the determination to the user;
How to include . According to claim 1,
The steps indicated above are:
A method of displaying the notification information using a visual display device or an audible display device included in the security device. According to claim 2,
The steps indicated above are:
A method of displaying the notification information based on at least one of a color of light displayed on the visual display device, a degree of brightness of light, and a flashing speed of light. According to claim 2,
The steps indicated above are:
A method of displaying the notification information based on at least one of the intensity of the voice output from the auditory display device, the period of the voice, and the frequency of the voice. A computer-readable recording medium recording a program for executing the method of claim 1 on a computer. In a device that delivers notification information about security threats,
a memory in which at least one program is stored; and
A processor that performs calculations by executing the at least one program,
The processor,
Receiving as input information about at least one action performed by the user to access the security device,
Based on the at least one action, perform a determination related to a security threat occurring in the security device,
Apparatus for displaying notification information based on the determination to the user.