WO2006065029A1 - Procede de service securise de donnee - Google Patents

Procede de service securise de donnee Download PDF

Info

Publication number
WO2006065029A1
WO2006065029A1 PCT/KR2005/004110 KR2005004110W WO2006065029A1 WO 2006065029 A1 WO2006065029 A1 WO 2006065029A1 KR 2005004110 W KR2005004110 W KR 2005004110W WO 2006065029 A1 WO2006065029 A1 WO 2006065029A1
Authority
WO
WIPO (PCT)
Prior art keywords
security
data
access
report
management object
Prior art date
Application number
PCT/KR2005/004110
Other languages
English (en)
Inventor
Du-Jin Hwang
Original Assignee
Onsoftel. Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Onsoftel. Co., Ltd. filed Critical Onsoftel. Co., Ltd.
Publication of WO2006065029A1 publication Critical patent/WO2006065029A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Definitions

  • the present invention relates to a security service method of a data, and in particular to a security service method of a data implemented through an event alarm in which when a certain access is attempted to a file, a folder or a drive including a specific data (security data) set by a security manager, the access is reported to the security manager, so that an authentication is performed with respect to the access in real time.
  • a security service is referred to a service for guaranteeing a stable security of a data stored in a computer with respect to a non-authenticated access by others.
  • the security service is basically designed to check whether a data stored in a computer is illegally used or damaged and to prevent a computer access from a non-authenticated user.
  • a security service method of a data comprising a report means setting step in which a security data of a corresponding management object computer set by a security manager is stored together with a report means data; an access detection step in which the security server detects whether an access is attempted to a security data stored in each management object computer; a report step in which when the access is detected, the security server reports the security data access to the security manager terminal using the report means data; and a measurement step in which when an accident occurrence report with respect to the security data access is received from the security manager terminal, the access of a corresponding management object computer is processed.
  • the security service method of a data according to the present invention has the following effects.
  • the access with respect to a certain data is reported to a security manager through a short message service, an e-mail service, a messenger, a telephone call, etc.
  • Figure 1 is a view illustrating the construction of a system for implementing a security service method of a data according to an embodiment of the present invention
  • Figure 2 is a schematic flow chart of a security service method of a data according to an embodiment of the present invention.
  • Figure 3 is a detailed flow chart of a report means setting step of Figure 2;
  • Figure 4 is a detailed flow chart of a report and authentication step of Figure 2;
  • Figure 5 is a detailed flow chart of a measurement step of Figure 2.
  • Figures 6 and 7 are screen example views of the steps of Figure 3.
  • the security service method of a data comprises a report means setting step in which a security data of a corresponding management object computer set by a security manager is stored together with a report means data; an access detection step in which the security server detects whether an access is attempted to a security data stored in each management object computer; a report step in which when the access is detected, the security server reports the security data access to the security manager terminal using the report means data; and a measurement step in which when an accident occurrence report with respect to the security data access is received from the security manager terminal, the access of a corresponding management object computer is processed.
  • Figure 1 is a view illustrating the construction of a system for implementing a security service method of a data according to an embodiment of the present invention.
  • the system according to the present invention includes a security manager terminal 10, a security server 30, networks 20, 22 and 24 for connecting the security server and the security manager terminal, a management object computer 50, an external computer 60, and various servers 32, 34, 36 and 38 for reporting an access to a security data to the security manager.
  • the security manager terminal 10 receives a report of a security data access from the security server 30 and transmits an accident occurrence report with respect to the access to the security data to the security server 30.
  • the security manager terminal 10 may be a common telephone set 12 which receives a security data access report from the security server 30 through a public telephone network 24, a cellular phone 14 and a PDA (personal data adaptor) (wireless terminal) 16 which receive a security data access report from the security server through a mobile communication network 20, and a computer 18 which receives a security data access report from the security server through an internet network 22.
  • a public telephone network 24
  • a cellular phone 14 and a PDA (personal data adaptor) (wireless terminal) 16
  • PDA personal data adaptor
  • wireless terminal wireless terminal
  • the external terminal 60 may be a computer which may access a management object computer 50 through the internet network 22 as a terminal of a person who accesses the management object computer 50 storing a security data.
  • the security server 30 is provided with a database 30a formed of a security manager data, a report means data and a security data which needs a security.
  • the security server 30 may be a separate server which has a security service function according to a preferred embodiment of the present invention or may be a server configured by providing a commercial server with the security service function according to an embodiment of the present invention, with the commercial server being conventionally provided at an internet portal site, a bank, a company, an internet game company, etc. which are connected through the internet.
  • the mail server 32 is a server operating together with the security server 30 for transmitting an access message with respect to the security data created by the security server 30 to an e-mail address of the security manager through the internet network 22.
  • the short message service server 38 is a server operating together with the security server 30 for transmitting a short message service on an access with respect to the security data created by the security server to a telephone number of the security manager through the mobile communication network 20.
  • the ARS server 36 is a server operating together with the security server 30 for reporting an access voice message with respect to the security data created by the security server 30 to a telephone number of the security manager through the public telephone network 24 or the mobile communication network 20 based on a telephone call voice.
  • the messenger server 34 is a server operating together with the security server 30 for transmitting an access message with respect to the security data created by the security server 30 to an internet protocol (IP) connected with a messenger e-mail address of the security manager through the internet network 22.
  • IP internet protocol
  • the security manager data stored in the database 30a may be formed of a security manager name, a security manager working department, a telephone number and an internet protocol.
  • the report means data may be formed of at least one among a cellular phone number, a telephone number of a PDA, an e-mail address used for a messenger, an e-mail address, and a telephone number of a common telephone.
  • the security data may be formed of an IP of a management object computer, a file, a folder or a disk drive which stores a security data, an encoded password, and an IP which may access the management object computer.
  • a report means for reporting an access of the security data such as a wireless terminal of a cellular phone, a PDA, etc., an e-mail, a messenger, a voice telephone, etc.
  • a data with respect to each report means for example a telephone number such as 010-111-1111 in the case of a wireless terminal, an e-mail address such as xxxxxx@hotmail.com used for a messenger in the case of the messenger, an e-mail address such as xxxxxx@onsoftel.com in the case of the e-mail, and a telephone number of a common telephone or a cellular phone may be further set.
  • the management object computer 50 may be the computer connected through the network such as Ethernet in a certain region and may be the objects of the security management managed by the security server 30.
  • the management object computers 50 have their inherent IPs.
  • Figure 2 is a schematic flow chart of a security service method according to an embodiment of the present invention.
  • the security service method includes a report means setting step SlOO, an access detection step S200, a report and authentication step S300, and a measurement step S400.
  • a security data of a corresponding object computer (for example, 50a) set by a security manager is stored in the database 30a of the security server 30 together with the report means data.
  • the security manager accesses the management object computer 50a, registers a security manager data, sets a data related with a security service transmission of the security data such as a report means data, and a security data according to an embodiment of the present invention, transmits the data related thereto to the security server 30 and stores in the database 30a.
  • Figure 3 is a detailed flow chart of a report means setting step of Figure 2.
  • the security manager accesses a corresponding management object computer 50a and sets a report means using a key pad based on a security manager interface provided in the security server or a security manager interface provided with a built-in application program.
  • a folder, a file or a corresponding disk drive which stores a specific data which needs a security is selected on the initial screen of the security manager interface, and an encryption is performed by inputting the password so that an authentication can be performed when a certain access is attempted to the selected folder, file or disk drive in a step SI lO.
  • OS so that it is possible to freely select a folder, a file or a disk drive.
  • connection or disconnection to/from the management object computer 50a may be selected with respect to each security manager.
  • the data of the security manager may be formed of a name of a security manager, a security manager working department and telephone number, and a security manager computer IP.
  • a telephone number may be used in the case that the security manager terminal 10 is the wireless terminal 14, 16, and an e-mail address may be used in the case that it is the messenger, and the telephone number of the common telephone 12 or the cellular phone 14 may be used in the case that it is an e-mail address and a voice telephone.
  • step S200 it is judged whether the security server 30 detects the access to the folder, the file or the disk drive which stores the security data of each management object computer 50 or not after the report means setting data are stored in the database 30a of the security server 30.
  • the security server 30 does not allow the above access for thereby previously preventing the access to the security data.
  • the security server 30 In the case that the security server 30 is disconnected from the management object computer 50, when the management object computer 50 is accessed, the authentication is not performed in the security server for thereby preventing the access, so that it is impossible to access a corresponding folder or file. [72] In the report and authentication step S300, when an access to the security data is detected, the security server 30 reports the above access to the security manager and asks the access to input a password, so that the inputted password is compared with the password stored in the database.
  • Figure 4 is a detailed flow chart of the report and authentication step of Figure 2.
  • the report and authentication step S300 is formed of a report step and an authentication step.
  • the report step may be formed of a report means determination step
  • the authentication step may be formed of a password input step S352, and a password judgment step S354.
  • the report means determination step S312 determines a report means with respect to the access to the security data with reference to the database 30a in the security server 30. [77] In the case that the report means are set in multiple numbers in the report means setting step SlOO, multiple report means are determined. [78] In the preferred embodiments of the present invention, as the report means, it is assumed that one cellular phone 14 having a telephone number of 010-111-1111 is set. [79] In the message creation step S322, S332, S342, the message for reporting the access to the set security data is created.
  • the report means in the embodiment of the present invention is the cellular phone 14, it is preferred that the message for reporting the access of the security data is created in the form of the short message.
  • the report means is an e-mail
  • the message is created in the form of the e-mail
  • the security data is created in the form of the messenger message.
  • the created message is reported to the security manager through the report means determined in the report means determination step S312.
  • the report means is the cellular phone 14 having a telephone number of 101-111-1111, the short message is transmitted to the cellular phone 14 of 010-111-1111.
  • the short message may be transmitted to the security manager using the short message server 38 operating together with the security server 70 through the mobile communication network 20.
  • the report means id an e-mail
  • the e-mail may be transmitted to the security manager through the internet network 22 using the mail server 32 operating together with the security server 30.
  • the report means is a messenger
  • the messenger message may be transmitted to the security manager through the internet network 22 using the messenger server 34 operating together with the security server 30.
  • the report means is formed of a voice telephone
  • the report means is determined to be the voice telephone in the report means determination step S312
  • a voice message is created in the message creation step, and in the message creation step, a telephone call is made to the cellular phone 14 or the common telephone 12 using the
  • the ARS server 36 for thereby transmitting a voice message.
  • the voice message may be transmitted to the security manager through the public telephone network 24 and the mobile communication network 10 using the ARS server 36 operating together with the security server 30.
  • the password input step S352 of the authentication step the terminal of the accessing IP of the security data is asked to input the password in the security server
  • the password judgment step S354 it is judged whether the password transmitted from the security server 30 is matched with the password stored in the database 30a.
  • the measurement step S400 of Figure 2 it is judged whether the access to the security data is authenticated or not, and a certain measurement is performed as a result of the authentication.
  • Figure 5 is a detailed flow chart of the measurement step of Figure 2.
  • the measurement step S400 may be formed of a report measurement step and an authentication step.
  • the report measurement step includes an accident occurrence judgment step S412, an accident occurrence report step S414, and a computer end step
  • the authentication step includes an approval judgment step S422, an access permission step S424, and an access blockage step S426.
  • the accident occurrence judgment step S412 it is judged whether the security manager, who received the message from the security server 30, is attempting an access or not.
  • the access is judged to be a non- authenticated access, so that an accident occurrence report may be performed to the security server 30 using the security manager terminal 10 which received the message in a step S424.
  • the security server 30, which received the accident occurrence turns off by force the management object computer 50 to which a non- authenticated access is attempted in a step S426, so that the access except for the security manager is blocked.
  • the access to the security data is permitted, so that it is possible to open the security data in a step S424.
  • the access to the security data is blocked, so that it is impossible to open the security data in a step S426.
  • the measurement step S400 may further include a step for collecting and tracing the data of illegal users, and a step for reporting the illegal users to a government organ such as a cyber terror response center or requesting an investigation.
  • the access when an access is attempted to a certain data set by a security manager, the access is reported to the security manager, so that the access is judged to be authenticated or not in real time.
  • the access with respect to a certain data is reported to a security manager through a short message service, an e-mail service, a messenger, a telephone call, etc.
  • a corresponding computer having the data is turned off by force for thereby stably protecting the data.
  • a connection of a security service connected through a computer network is disconnected, when an authentication is not obtained from a security server, an access to a specific data is substantially blocked.
  • security manager terminal common telephone, cellular phone, PDA, computer, mobile communication network, internet network, public telephone network

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention a trait à un procédé de service sécurisé d'une donnée, ledit procédé comprenant une étape d'établissement de moyen de rapport dans lequel une donnée sécurisée d'un ensemble d'ordinateurs objets de gestion correspondant établi par un gestionnaire de sécurité est mémorisée avec une donnée de moyen de rapport; une étape de détection d'accès lors de laquelle le serveur de sécurité détermine s'il y a eu une tentative d'accès à la donnée sécurisée dans chaque ordinateur d'objets de gestion; une étape de rapport lors de laquelle lorsque l'accès est déterminé, le serveur de sécurité rapporte l'accès à la donnée sécurisée au terminal de gestion de sécurité utilisant la donnée de moyen de rapport; et une étape de mesure lors de laquelle un rapport de survenance d'accident par rapport à l'accès à la donnée sécurisée est reçu en provenance du terminal de gestion de sécurité, l'accès d'un ordinateur d'exécution de gestion correspondant est traité.
PCT/KR2005/004110 2004-12-14 2005-12-03 Procede de service securise de donnee WO2006065029A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2004-0105688 2004-12-14
KR1020040105688A KR100708453B1 (ko) 2004-12-14 2004-12-14 데이터의 보안 서비스 방법

Publications (1)

Publication Number Publication Date
WO2006065029A1 true WO2006065029A1 (fr) 2006-06-22

Family

ID=36588053

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2005/004110 WO2006065029A1 (fr) 2004-12-14 2005-12-03 Procede de service securise de donnee

Country Status (2)

Country Link
KR (1) KR100708453B1 (fr)
WO (1) WO2006065029A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100981301B1 (ko) * 2007-12-18 2010-09-10 한국전자통신연구원 개인용 컴퓨터에서 보호정보의 외부유출을 실용적으로방지하는 방법 및 그 장치
KR100985857B1 (ko) * 2007-12-24 2010-10-08 한국전자통신연구원 휴대 단말기의 민감 정보 유출을 탐지 및 차단하는 장치 및방법
KR101482903B1 (ko) * 2014-02-06 2015-01-15 (주)누스코 데이터 유출 방지 방법, 서버 장치, 및 클라이언트 장치

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4757533A (en) * 1985-09-11 1988-07-12 Computer Security Corporation Security system for microcomputers
EP0999490A2 (fr) * 1998-11-05 2000-05-10 Fujitsu Limited Appareil de contrôle de sécurité basé sur un journal d'accès et méthode correspondante
US20030061166A1 (en) * 2001-09-26 2003-03-27 Masahiro Saito Security management apparatus, security management method, and security management program
JP2003242109A (ja) * 2002-02-15 2003-08-29 Nippon Telegr & Teleph Corp <Ntt> 認証アクセス制御サーバ装置と、ゲートウェイ装置と、認証アクセス制御方法と、ゲートウェイ制御方法と、認証アクセス制御プログラム及びそのプログラムを記録した記録媒体と、ゲートウェイ制御プログラム及びそのプログラムを記録した記録媒体

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100320119B1 (ko) * 1999-09-30 2002-01-10 김형태 아이디 도용 감지 시스템 및 방법, 그 프로그램 소스를기록한 기록매체
KR100286904B1 (ko) * 1999-10-20 2001-04-16 남궁종 분산 pc 보안관리 시스템 및 방법
KR20010078840A (ko) * 2001-04-17 2001-08-22 유성경 컴퓨터저장매체를 통한 정보유출을 감시하는 보안시스템
JP2003030008A (ja) 2001-07-13 2003-01-31 Net Seeds Corp ネットワークセキュリティシステム
KR20030043900A (ko) * 2003-05-16 2003-06-02 정구집 부정사용자의 접속을 사용접속환경정보를 이용하여탐지하는 방법

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4757533A (en) * 1985-09-11 1988-07-12 Computer Security Corporation Security system for microcomputers
EP0999490A2 (fr) * 1998-11-05 2000-05-10 Fujitsu Limited Appareil de contrôle de sécurité basé sur un journal d'accès et méthode correspondante
US20030061166A1 (en) * 2001-09-26 2003-03-27 Masahiro Saito Security management apparatus, security management method, and security management program
JP2003242109A (ja) * 2002-02-15 2003-08-29 Nippon Telegr & Teleph Corp <Ntt> 認証アクセス制御サーバ装置と、ゲートウェイ装置と、認証アクセス制御方法と、ゲートウェイ制御方法と、認証アクセス制御プログラム及びそのプログラムを記録した記録媒体と、ゲートウェイ制御プログラム及びそのプログラムを記録した記録媒体

Also Published As

Publication number Publication date
KR100708453B1 (ko) 2007-04-18
KR20060067179A (ko) 2006-06-19

Similar Documents

Publication Publication Date Title
Pell et al. Your secret stingray's no secret anymore: The vanishing government monopoly over cell phone surveillance and its impact on national security and consumer privacy
US9203837B2 (en) Network security and fraud detection system and method
US9832184B2 (en) Controls and administration of privileged accounts system
CN101473331B (zh) 用户认证方法、用户认证系统及用户认证装置
TWI474668B (zh) 網點之判斷與阻擋之方法
JP3902574B2 (ja) 個人情報管理システム、個人情報管理方法及びそのプログラム
CN102299910B (zh) 借助于电话鉴别的防攻击系统
CN106295423A (zh) 一种数据展示方法及客户端
CN109981677A (zh) 一种授信管理方法及装置
WO2006065029A1 (fr) Procede de service securise de donnee
KR20080085648A (ko) 통신 메커니즘을 갖춘 계정 도용 방지 시스템
EP1986151A1 (fr) A data-processing system, method and computer program product for providing a service to a service requester
Chen et al. Security and usability
Bhatt et al. Study of Indian Banks Websites for Cyber Crime Safety Mechanism
JP2012515977A (ja) 電話番号コード、認可コードおよびソース識別コードによって確立されるサイバー犯罪検出防止方法およびシステム
CN101523374B (zh) 发行隐私
CN107426163A (zh) 一种加密的方法及装置
KR100447806B1 (ko) 이벤트 알림을 통한 보안 서비스 방법
CN107113308A (zh) 鉴权方法和接入设备
Nair et al. Intrusion detection in Bluetooth enabled mobile phones
JP2001211479A (ja) データ通信システム
KR100639375B1 (ko) 이동통신 단말기를 이용한 인터넷 계정정보 접근 통보시스템 및 그 방법
CN105897768A (zh) 用户与智能硬件关联方法及装置、解除关联方法及装置
CN101753314A (zh) 采用电话限制服务器内的帐户操作的另路保安系统和方法
JP2005227993A (ja) ネットワークシステムのアクセス認証方法

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS (EPO FORM 1205A DATED 03.09.2007)

122 Ep: pct application non-entry in european phase

Ref document number: 05821336

Country of ref document: EP

Kind code of ref document: A1