WO2019190007A1 - Access security management system for access control equipment on basis of blockchain sharing of biometric authentication log data - Google Patents

Access security management system for access control equipment on basis of blockchain sharing of biometric authentication log data Download PDF

Info

Publication number
WO2019190007A1
WO2019190007A1 PCT/KR2018/010923 KR2018010923W WO2019190007A1 WO 2019190007 A1 WO2019190007 A1 WO 2019190007A1 KR 2018010923 W KR2018010923 W KR 2018010923W WO 2019190007 A1 WO2019190007 A1 WO 2019190007A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
biometric
time
information
access control
Prior art date
Application number
PCT/KR2018/010923
Other languages
French (fr)
Korean (ko)
Inventor
유미영
이재형
강민구
Original Assignee
옥타코 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 옥타코 주식회사 filed Critical 옥타코 주식회사
Publication of WO2019190007A1 publication Critical patent/WO2019190007A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Definitions

  • the present invention generally relates to a technique for access management using biometric authentication and blockchain for medical equipment, dangerous equipment, expensive equipment, and the like.
  • the present invention is configured as an access control device by installing a biometric module in medical equipment, dangerous equipment, expensive equipment, etc., and access is granted after sharing the biometric access record for these devices with a block computer on a blockchain.
  • the present invention relates to a technology that can effectively and reliably perform access control on an access control device by determining that a risk of abnormal use is high and generating a security warning when an item incompatible with a real-time status of a user is detected.
  • An object of the present invention is to provide a technology for access management using biometric authentication and blockchain in general for medical equipment, dangerous equipment, expensive equipment and the like.
  • an object of the present invention is to install the biometric authentication module in medical equipment, dangerous equipment, expensive equipment, etc. to configure access control equipment and share the biometric access records for these devices with the administrator computer on the blockchain, and then access the user. If an incompatible item is detected, the risk of abnormal use is judged to be high, and a security warning is issued to provide a technology that can effectively and reliably control access to access control equipment.
  • the present invention for achieving the above object is an access security management system for a plurality of access control equipment, in response to an access attempt to obtain accessor biometric information through a biometric sensor and accessor biometric information in advance registered reference biometrics
  • the device access is allowed and the biometric authentication log data including the device identification information, access location information, and access time information is generated in connection with the access attempt.
  • a plurality of access control equipment 100 for sharing log data in real time It is installed on the administrator's computer, and through the blockchain processing, the plurality of access control equipment 100 and the biometric log data 200 are shared in real time, and the real-time status information regarding the time-specific location of the plurality of access permission users is obtained and On the basis of the blockchain sharing of biometric log data for access control type devices, including; security management agent unit 300 for generating a security alert when a non-compatible item is found by analyzing and comparing authentication log data and real-time status information.
  • This paper presents an access security management system.
  • the access security management system is installed in a mobile terminal carried by the access authorization user, and cooperates with the clock module and the geographical location acquisition module embedded in the mobile terminal to provide a real-time status of the time-based location of the access authorization user. It may be configured to further include; status reporting agent unit 400 to obtain information and provide to the security management agent unit 300 through wired and wireless communication.
  • the access control device 100 includes a biometric information acquisition unit 110 for obtaining biometric information of an accessor through a biometric sensor in response to an access attempt;
  • a reference storage unit 120 which receives and stores biometric information of an access permission user registered in advance for the access control type device;
  • the accessor biometric information obtained through the biometric information acquisition unit is compared with the reference biometric information stored in the reference storage unit, and the accessor biometric information is authenticated.
  • the biometric authentication is successful, the device access is allowed.
  • a biometric authentication unit 130 Location time identification unit 140 for obtaining geographic location information and time information for the access control device; Equipment identification information indicating unique identification information for the access control device in relation to the access attempt, access location information indicating the geographical position information obtained from the location time identification unit 140 at the time of the access attempt, location time at the time of the access attempt
  • a log information manager 150 for generating biometric log data 200 including access time information indicating time information obtained from the identification unit 140;
  • Blockchain equipment processing unit 160 for performing the blockchain processing according to a predetermined schedule to share the biometric log data 200 with other access control equipment 100 and the security management agent 300 in real time; Can be configured.
  • the security management agent unit 300 the user status management unit 310 for obtaining real-time status information regarding the time-by-hour position of the plurality of access permission users;
  • a blockchain server processor 320 performing blockchain processing according to a preset schedule to share the plurality of access control equipment 100 and the biometric log data 200 in real time; Analyze the biometric log data 200 of the access control devices and the real-time status information of the access permission users according to the distance between the device access location and the access permission user location and the corresponding time interval according to the preset mobility criteria
  • a log data analyzer 330 for determining whether there is an incompatible item; It may be configured to include; security risk warning notification unit 340 for generating a security warning according to the abnormal use risk in case of finding an incompatible item.
  • According to the present invention has an advantage that can effectively achieve the use control for medical equipment, dangerous equipment, expensive equipment and the like.
  • the software process detects incompatible items and incompatible with the real-time status of the access authorization security warning The immediate onset of these benefits provides an effective and reliable control of abnormal use of these equipment.
  • FIG. 1 is a view showing the overall configuration of an access security management system of an access control device according to the present invention.
  • Figure 2 is a flow chart showing the overall process of the access security management system of access control equipment according to the present invention.
  • FIG. 3 is a block diagram showing the internal functional configuration of the access control equipment in the present invention.
  • FIG. 4 is a block diagram showing the internal functional configuration of the security management agent unit in the present invention.
  • FIG. 5 is a flowchart illustrating an operation process of a security management agent unit in the present invention.
  • FIG. 1 is a view showing the overall configuration of an access security management system of an access control device according to the present invention.
  • the access security management system is configured as an access control device by installing a biometric module on medical equipment, dangerous equipment, expensive equipment, and the like, and a user who has been previously granted access to the access control device 100.
  • the security management agent unit 300 monitors whether the access control is properly performed as well as blocking access to the other people 501 and only the access to the 401.
  • the status report agent 400 may be further provided to secure the status information of the access permission user 401 in real time by the security management agent 300.
  • the access control device 100 is characterized in that the biometric sensor 110, for example, a fingerprint sensor or an iris sensor is provided.
  • the biosensor 110 is preferably installed integrally integrated into the access control equipment 100.
  • the access control device 100 determines whether to grant the access when someone attempts to access the device. Requesting biometric information (eg, fingerprint, iris, etc.) from an accessor to obtain biometric biometric information through the biometric sensor 110, and biometric authentication processing to compare the obtained biometric biometric information with reference biometric information previously registered Perform If the biometric authentication succeeds, the device access is allowed, while if the biometric authentication fails, the device access is rejected.
  • biometric information eg, fingerprint, iris, etc.
  • the access control device 100 generates a record associated with the access attempt if there is. That is, after generating the biometric log data 200 including the device identification information (equipment unique identification information), the access location information (geographic location information), the access time information (time stamp) in response to the access attempt, the blockchain Through the processing, the biometric log data 200 is shared in real time. The biometric log data 200 is generated asynchronously in the individual access control equipment 100, the biometric log data 200 generated by the various access control equipment 100 through the blockchain processing is not only collected. As well as the plurality of access control equipment 100 and the security management agent 300 is shared.
  • the security management agent unit 300 is installed in the form of dedicated software on the manager computer 301 and compares the access information generated from the access control device 100 with the security information against the status information of the access permission users 401. Monitor if it exists. To this end, the security management agent unit 300 receives the biometric log data 200 collected by the plurality of access control devices 100 through a blockchain process in real time in a shared manner. In addition, the security management agent unit 300 obtains real-time status information about the time location of the plurality of access users 401.
  • the security management agent unit 300 checks whether the incompatible items exist by comparing the biometric log data 200 and the real-time status information of the access users 401, and if it finds incompatible items, Security alerts to help administrators recognize them immediately.
  • the incompatible item in the present invention conceptually considers whether an access attempt is made to the access control device 100 in a place where the access user 401 cannot physically exist when considering the geographical location information and the time information. To check.
  • the present invention is characterized in that it shares the biometric log data 200 for the access control devices 100 in real time using a blockchain and monitors a security threat for an access attempt based thereon.
  • a block chain generally has the concept of a public digital transaction book where transaction information generated on a network is replicated and distributed as many as the number of nodes shared among network participants.
  • Blockchain technology is currently being actively applied around the cryptocurrency, in the present invention, the access control device 100 generates the biometric log data 200 for the access attempt security management agent 300
  • the plurality of access control devices 100 and the security management agent unit 300 participate in the digital ledger management of the blockchain as a peer.
  • the status reporting agent unit 400 is installed and implemented in the form of an app (APP) on a mobile terminal carried by the access permission users 401, for example, a watch module and a geographical location acquisition module (eg, embedded in the mobile terminal). GPS module) to obtain real-time status information on the time-by-hour position of the corresponding access permission user 401, respectively, and provide the security management agent 300 through wired and wireless communication.
  • APP app
  • a mobile terminal carried by the access permission users 401
  • a watch module and a geographical location acquisition module (eg, embedded in the mobile terminal).
  • GPS module to obtain real-time status information on the time-by-hour position of the corresponding access permission user 401, respectively, and provide the security management agent 300 through wired and wireless communication.
  • the security management agent 300 acquires real-time status information of the access permission users 401 through the status reporting agent 400, but is not necessarily limited thereto. It is also possible to use the manual or authorized user's computer login record of the authorized user (401).
  • FIG. 2 is a flow chart showing the overall process of the access security management system of the access control device according to the present invention.
  • Step S100 First, a plurality of access control equipment 100 performs biometric authentication using biometric sensor 110 installed for each user's access attempt.
  • the access control device 100 obtains accessor biometric information through the biometric sensor 110 and authenticates the accessor biometric information in comparison with reference biometric information registered in advance. It is to check whether the person who attempts to access the access control device 100 is a person who has previously registered as a person who has been granted access to the device through biometric information, for example, a fingerprint or an iris.
  • the access control device 100 receives the biometric information about the access permission user 401 from the manager computer 301, for example, and registers it.
  • the registered biometric information is referred to as 'reference biometric information'.
  • reference biometric information and accessor biometric information obtained through the biometric sensor 110 at that time are preferably stored in an encrypted form in an internal memory space of the access control device 100.
  • Steps S110 to S130 The access control device 100 checks whether the biometric authentication is successful for the accessor biometric information, and if the biometric authentication fails, the access control device 100 is preferably used. It informs the accessor of the biometric failure and denies access to the device. For example, an authentication failure is displayed in a form in which an error message is largely displayed on a display panel provided in the access control device 100. On the other hand, if the biometric authentication is successful, the access control device 100 allows the device access.
  • the access control device 100 generates biometric log data 200 for the device access attempt.
  • the biometric log data 200 includes device identification information indicating unique identification information of the access control device 100, access location information indicating geographical location information of the access control device 100 at the time of an access attempt, and access. It includes access time information indicating time information at the time of attempt.
  • the information configuration of the biometric log data 200 is for effectively assisting security threat monitoring by the security management agent 300.
  • Steps S140 and S150 A plurality of access control devices 100 and a plurality of access control devices 100 and the security management agent 300 perform blockchain processing according to a preset schedule (for example, a 10 minute period). Collect the bio-authentication log data 200, which are generated separately, and share them in real time.
  • a preset schedule for example, a 10 minute period
  • Step S160 Meanwhile, the security management agent unit 300 obtains real-time status information regarding the time-based location of the access permission users 401. It may be obtained through the status reporting agent 400 or may be obtained by another path, for example, by a manual log of a responsible employee or a computer login record of an authorized user 401.
  • Steps S170 to S190 The security management agent 300 compares the biometric log data 200 of the access control devices 100 and the real-time status information of the access permission users 401 to be incompatible with each other. If it is found that the risk of something abnormal use is determined to raise a security warning. In other words, when analyzing the geographic location information and time information identified from these information, if the access attempt is made to the access control device 100 where the access user 401 cannot physically exist, the security threat is threatened. To judge that there is.
  • FIG. 2 it is assumed that an unauthorized user 501 uses a hacking technique to steal biometric information of an access user 401 and attempt to access a specific access control device 100.
  • the access control device 100 may determine that the access attempt is normal based on the biometric information, and allow the access.
  • the security management agent unit 300 may identify that there is a security threat to the access because the nominal access permission user 401 knows the current location.
  • the access control device 100 includes a biometric information acquisition unit 110, a reference storage unit 120, a biometric authentication unit 130, a location time identification unit 140, and a log information management unit. 150, the blockchain equipment processing unit 160 is configured.
  • the biometric information acquisition unit 110 is a module for obtaining biometric information of a user through biometric sensors such as a fingerprint sensor and an iris sensor.
  • biometric sensors such as a fingerprint sensor and an iris sensor.
  • a guide message is provided through a display screen to obtain biometric information from a corresponding accessor through a biometric sensor.
  • the reference storage unit 120 is a module that provides a storage space for receiving and storing biometric information of an access permission user registered in advance for the corresponding access control device.
  • the biometric authentication unit 130 compares the accessor biometric information previously obtained through the biometric information acquisition unit 110 with reference biometric information previously stored in the reference storage unit 120 to access the biometric information of the accessor to the device. Whether or not it is the authorized user 401 is authenticated. As a result of the authentication process, when the biometric authentication is successful, the device access to the access control device 100 is allowed.
  • the location time identification unit 140 obtains geographic location information and time information on the access control device 100. It can be implemented by including a GPS module and a clock module inside the equipment, or by using a time stamp set by the moving path and the receiver after externally transmitting a test packet.
  • the log information manager 150 generates biometric log data 200 in connection with an attempt to access the corresponding device.
  • log data is generated whenever there is an access attempt, regardless of the success or failure of biometric authentication.
  • the biometric log data 200 includes device identification information indicating unique identification information of the access control type device, access location information indicating geographic location information obtained from the location time identification unit 140 at the time of access attempt, and access point of time. It may be configured to include the access time information indicating the time information obtained from the location time identification unit 140.
  • the blockchain equipment processing unit 160 is a component that performs blockchain processing on the access control equipment 100 side according to a preset schedule. Through the blockchain process, the access control device 100 shares the biometric log data 200 with other access control device 100 and the security management agent 300 in real time.
  • the security management agent unit 300 includes a user status management unit 310, a blockchain server processing unit 320, a log data analysis unit 330, and a security risk warning notification unit 340. It is configured by.
  • the user status management unit 310 obtains real-time status information regarding the time-by-hour position of the access permission users 401. It is preferable that the user status management unit 310 obtains real-time status information of the access users 401 through the status reporting agent 400, but is not necessarily limited thereto.
  • the blockchain server processing unit 320 is a component that performs blockchain processing on the security management agent 300 according to a preset schedule. Through the blockchain processing, the security management agent 300 receives the biometric log data 200 from a plurality of access control equipment 100 in a real time sharing format.
  • the log data analysis unit 330 analyzes the biometric log data 200 of the access control devices 100 and the real-time status information of the access permission users, and the distance between the device access location and the access permission user location according to time, and the corresponding. In preparation for the time interval, it is determined whether there is an incompatible item according to a preset mobility criterion. When analyzing the geographic location information and time information identified in these information, if the access user 401 attempts to access the access control device 100 where the user himself cannot physically exist, it is determined that there is a security threat. will be.
  • FIG. 2 it is assumed that an unauthorized user 501 uses a hacking technique to steal biometric information of an access user 401 and attempt to access a specific access control device 100.
  • the access control device 100 may determine that the access attempt is normal based on the biometric information, and allow the access.
  • the security management agent unit 300 may identify that there is a security threat to the access because the nominal access permission user 401 knows the current location.
  • the security risk warning notification unit 340 When the security risk warning notification unit 340 finds an incompatible item, it generates a security warning according to an abnormal use risk and assists the administrator to immediately recognize and perform a corresponding action accordingly.
  • FIG. 5 is a flowchart illustrating an operation process of the security management agent 300 in the present invention.
  • Step S210 The blockchain server processing unit 320 performs blockchain processing according to a preset schedule, thereby controlling access control devices 100 and biometric log data 200 (equipment identification information, access location information, and access). Time information) in real time.
  • Step S220 The log data analysis unit 330 analyzes the biometric log data 200 of the access control devices 100 and the real-time status information of the access permission users 401, and the device access position and time by time. Prepare for correlation of access user location. That is, for each time zone, the access control type device 100 is located and the access permission users 401 are prepared for the location.
  • Step S230 The log data analyzer 330 determines whether there are incompatible items according to a preset mobility criterion in preparation for the distance between the equipment access location and the access permission user location and the corresponding time interval. That is, the access control device 100 to determine the location of the access control device 100 and the access permission user 401 around the time when the access attempt has occurred, the access permission user 401 himself This is to check whether or not an access attempt has been made to the access control device 100 where it cannot exist physically.
  • the log data analysis unit 330 determines that the unauthorized use of the unauthorized user 501 attempts to access the access control device 100 has a high risk of abnormal use. In this case, the possibility of a security threat cannot be ignored, so take appropriate action.
  • the security risk warning notification unit 340 may generate a security warning according to the abnormal use risk, and the security management agent 300 may directly control the access control device 100 to stop the operation of the device. .
  • the present invention may be embodied in the form of computer readable codes on a computer readable nonvolatile recording medium.
  • Such nonvolatile recording media include various types of storage devices, such as hard disks, SSDs, CD-ROMs, NAS, magnetic tapes, web disks, cloud disks, etc., and code is distributed in a plurality of networked storage devices. Forms that are implemented and executed may also be implemented.
  • the present invention may be implemented in the form of a computer program stored in a medium in combination with hardware to execute a specific procedure.

Abstract

The present invention relates to a technique which can effectively and securely control access to access control equipment by providing a biometric authentication module to medical equipment, dangerous equipment, expensive equipment, and the like, configuring same as access control equipment, sharing, with an administrator computer, a biometric authentication access record of the equipment via blockchain, then determining the risk of an abnormal use to be high, if an item that is not consistent with the realtime status of an access-permitted user is detected, and generating a security warning. According to the present invention, use of the medical equipment, dangerous equipment, expensive equipment, and the like can be effectively controlled. Also, according to the present invention, by sharing with the administrator computer via blockchain in realtime, the biometric authentication access record of the medical equipment, dangerous equipment, expensive equipment, and the like, an item that is not consistent with the realtime status of the access-permitted user can be detected via software processing, and a security warning can be immediately generated, thereby effectively and securely controlling an abnormal use of the equipment.

Description

접근통제형 장비를 위한 생체인증 로그데이터의 블록체인 공유 기반의 액세스 보안관리 시스템Access security management system based on blockchain sharing of biometric log data for access control equipment
본 발명은 일반적으로 의료장비, 위험장비, 고가장비 등에 대해 생체인증과 블록체인을 이용하여 액세스 관리하는 기술에 관한 것이다.The present invention generally relates to a technique for access management using biometric authentication and blockchain for medical equipment, dangerous equipment, expensive equipment, and the like.
더욱 상세하게는, 본 발명은 의료장비, 위험장비, 고가 장비 등에 생체인증 모듈을 설치하여 접근통제형 장비로 구성하고 이들 장비에 대한 생체인증 접근 기록을 블록체인으로 관리자 컴퓨터와 공유한 후에 접근허가 사용자의 실시간 현황과 양립 불가능한 항목이 검출되면 비정상 사용 위험이 높은 것으로 판단하고 보안 경고를 발생시킴으로써 접근통제형 장비에 대한 접근 통제를 효과적이면서도 확실하게 수행할 수 있는 기술에 관한 것이다.More specifically, the present invention is configured as an access control device by installing a biometric module in medical equipment, dangerous equipment, expensive equipment, etc., and access is granted after sharing the biometric access record for these devices with a block computer on a blockchain. The present invention relates to a technology that can effectively and reliably perform access control on an access control device by determining that a risk of abnormal use is high and generating a security warning when an item incompatible with a real-time status of a user is detected.
일반적으로 의료장비, 위험장비, 고가장비 등에 대해서는 병원이나 기업에서 담당 직원과 책임 관리자에 대해서만 제한적으로 접근을 허용하고 있다. 하지만, 이러한 접근 제한은 현실적으로는 사내 복무 규정이나 관리 대장에 의존하여 이루어지고 있으며 물리적인 수단으로 보조하더라도 해당 구역에 보안 직원을 배치하거나 자물쇠를 걸어두는 정도에 불과하다.In general, medical equipment, hazardous equipment, and expensive equipment have limited access to staff and responsible managers in hospitals and corporations. However, such access restrictions are, in reality, relied on in-house service regulations or administrative directors, and even by physical means, security officers or lockouts can be placed in the area.
이런 상황에서는 누군가 허가받지 않는 사람이 이들 장비를 사용하더라도 관리자가 그 사실을 곧바로 알아채지 못하며 심지어 담당 직원이 면밀하게 점검하지 않는다면 영원히 드러나지 않을 수도 있다. 이처럼 종래에는 의료장비, 위험장비, 고가장비 등에 대한 보안 관리가 불완전하였다. 사람들이 규정대로 행동할 때에는 제대로 관리되고 있는 것처럼 보이지만, 규정을 지키지 않는 사람들이 나타나면 적절히 대응하지 못하는 무기력한 것이었다.In such a situation, even if an unauthorized person uses these devices, the manager may not immediately notice the facts and may not be revealed forever unless the staff is closely inspected. As described above, security management of medical equipment, dangerous equipment, and expensive equipment is incomplete. When people acted according to regulations, they seemed to be well managed, but when people who didn't follow the rules appeared, they were helpless.
그에 따라, 이러한 장비에 대한 접근 관리 체계를 기술적으로 구축함으로써 실효성있는 접근 통제 및 모니터링이 이루어지도록 함으로써 종래기술의 문제점을 해결할 수 있는 기술이 요망된다.Accordingly, there is a demand for a technology that can solve the problems of the prior art by enabling effective access control and monitoring by technically establishing an access management system for such equipment.
본 발명의 목적은 일반적으로 의료장비, 위험장비, 고가장비 등에 대해 생체인증과 블록체인을 이용하여 액세스 관리하는 기술을 제공하는 것이다.An object of the present invention is to provide a technology for access management using biometric authentication and blockchain in general for medical equipment, dangerous equipment, expensive equipment and the like.
특히, 본 발명의 목적은 의료장비, 위험장비, 고가 장비 등에 생체인증 모듈을 설치하여 접근통제형 장비로 구성하고 이들 장비에 대한 생체인증 접근 기록을 블록체인으로 관리자 컴퓨터와 공유한 후에 접근허가 사용자의 실시간 현황과 양립 불가능한 항목이 검출되면 비정상 사용 위험이 높은 것으로 판단하고 보안 경고를 발생시킴으로써 접근통제형 장비에 대한 접근 통제를 효과적이면서도 확실하게 수행할 수 있는 기술을 제공하는 것이다.In particular, an object of the present invention is to install the biometric authentication module in medical equipment, dangerous equipment, expensive equipment, etc. to configure access control equipment and share the biometric access records for these devices with the administrator computer on the blockchain, and then access the user. If an incompatible item is detected, the risk of abnormal use is judged to be high, and a security warning is issued to provide a technology that can effectively and reliably control access to access control equipment.
상기의 목적을 달성하기 위한 본 발명은 다수의 접근통제형 장비를 위한 액세스 보안관리 시스템으로서, 액세스 시도에 대응하여 생체 센서를 통해 접근자 생체정보를 획득하고 접근자 생체정보를 미리 등록된 레퍼런스 생체정보와 대비하는 생체 인증에 성공하는 경우에 기기 액세스를 허용 처리하며 액세스 시도에 관련하여 장비식별 정보, 접근위치 정보, 접근시간 정보를 포함하는 생체인증 로그데이터를 생성하며 블록체인 처리를 통하여 생체인증 로그데이터를 실시간으로 공유하는 복수의 접근통제형 장비(100); 관리자 컴퓨터에 설치되며, 블록체인 처리를 통해 복수의 접근통제형 장비(100)와 생체인증 로그데이터(200)를 실시간으로 공유하고 복수의 접근허가 사용자의 시간별 위치에 관한 실시간 현황정보를 획득하며 생체인증 로그데이터와 실시간 현황정보를 대비 분석하여 양립 불가능 항목을 발견하면 보안 경고를 발생시키는 보안관리 에이전트부(300);를 포함하여 구성되는 접근통제형 장비를 위한 생체인증 로그데이터의 블록체인 공유 기반의 액세스 보안관리 시스템을 제시한다.The present invention for achieving the above object is an access security management system for a plurality of access control equipment, in response to an access attempt to obtain accessor biometric information through a biometric sensor and accessor biometric information in advance registered reference biometrics In case of successful biometric authentication against information, the device access is allowed and the biometric authentication log data including the device identification information, access location information, and access time information is generated in connection with the access attempt. A plurality of access control equipment 100 for sharing log data in real time; It is installed on the administrator's computer, and through the blockchain processing, the plurality of access control equipment 100 and the biometric log data 200 are shared in real time, and the real-time status information regarding the time-specific location of the plurality of access permission users is obtained and On the basis of the blockchain sharing of biometric log data for access control type devices, including; security management agent unit 300 for generating a security alert when a non-compatible item is found by analyzing and comparing authentication log data and real-time status information. This paper presents an access security management system.
이때, 본 발명에 따른 액세스 보안관리 시스템은, 접근허가 사용자가 휴대하는 모바일 단말에 설치되며, 모바일 단말에 내장된 시계 모듈과 지리적 위치획득 모듈과 협조 동작하여 접근허가 사용자의 시간별 위치에 관한 실시간 현황정보를 획득하여 유무선 통신을 통해 보안관리 에이전트부(300)로 제공하는 현황보고 에이전트부(400);를 더 포함하여 구성될 수 있다.At this time, the access security management system according to the present invention is installed in a mobile terminal carried by the access authorization user, and cooperates with the clock module and the geographical location acquisition module embedded in the mobile terminal to provide a real-time status of the time-based location of the access authorization user. It may be configured to further include; status reporting agent unit 400 to obtain information and provide to the security management agent unit 300 through wired and wireless communication.
본 발명에서 접근통제형 장비(100)는, 액세스 시도에 대응하여 생체 센서를 통해 접근자의 생체 정보를 획득하는 생체정보 획득부(110); 해당 접근통제형 장비에 대해 미리 등록된 접근허가 사용자의 생체 정보를 미리 제공받아 저장하는 레퍼런스 저장부(120); 생체정보 획득부를 통해 획득된 접근자 생체정보를 레퍼런스 저장부에 저장되어 있는 레퍼런스 생체정보와 대비하여 접근자 생체정보를 인증 처리하고, 그 인증 처리 결과 생체 인증에 성공하는 경우에는 기기 액세스를 허용 처리하는 생체인증 처리부(130); 해당 접근통제형 장비에 대한 지리적 위치정보 및 시간 정보를 획득하는 위치시간 식별부(140); 액세스 시도에 관련하여 해당 접근통제형 장비에 대한 고유 식별정보를 나타내는 장비식별 정보, 액세스 시도 시점에 위치시간 식별부(140)로부터 획득된 지리적 위치정보를 나타내는 접근위치 정보, 액세스 시도 시점에 위치시간 식별부(140)로부터 획득된 시간 정보를 나타내는 접근시간 정보를 포함하는 생체인증 로그데이터(200)를 생성하는 로그정보 관리부(150); 미리 설정된 스케쥴에 따라 블록체인 처리를 수행하여 생체인증 로그데이터(200)를 다른 접근통제형 장비(100) 및 보안관리 에이전트부(300)와 실시간으로 공유하는 블록체인 장비처리부(160);를 포함하여 구성될 수 있다.In the present invention, the access control device 100 includes a biometric information acquisition unit 110 for obtaining biometric information of an accessor through a biometric sensor in response to an access attempt; A reference storage unit 120 which receives and stores biometric information of an access permission user registered in advance for the access control type device; The accessor biometric information obtained through the biometric information acquisition unit is compared with the reference biometric information stored in the reference storage unit, and the accessor biometric information is authenticated. When the biometric authentication is successful, the device access is allowed. A biometric authentication unit 130; Location time identification unit 140 for obtaining geographic location information and time information for the access control device; Equipment identification information indicating unique identification information for the access control device in relation to the access attempt, access location information indicating the geographical position information obtained from the location time identification unit 140 at the time of the access attempt, location time at the time of the access attempt A log information manager 150 for generating biometric log data 200 including access time information indicating time information obtained from the identification unit 140; Blockchain equipment processing unit 160 for performing the blockchain processing according to a predetermined schedule to share the biometric log data 200 with other access control equipment 100 and the security management agent 300 in real time; Can be configured.
또한, 보안관리 에이전트부(300)는, 복수의 접근허가 사용자의 시간별 위치에 관한 실시간 현황정보를 획득하는 사용자 현황관리부(310); 미리 설정된 스케쥴에 따라 블록체인 처리를 수행하여 복수의 접근통제형 장비(100)와 생체인증 로그데이터(200)를 실시간으로 공유하는 블록체인 서버처리부(320); 접근통제형 장비들의 생체인증 로그데이터(200)와 접근허가 사용자들의 실시간 현황정보를 분석하여 시간 별로 장비 접근 위치와 접근허가 사용자 위치의 이격 정도 및 해당 시간 간격을 대비하여 미리 설정된 이동가능성 기준에 따라 양립 불가능 항목이 있는지 여부를 판단하는 로그데이터 분석부(330); 양립 불가능한 항목을 발견하는 경우에 비정상 사용 위험에 따른 보안 경고를 발생시키는 보안위험 경고알림부(340);를 포함하여 구성될 수 있다.In addition, the security management agent unit 300, the user status management unit 310 for obtaining real-time status information regarding the time-by-hour position of the plurality of access permission users; A blockchain server processor 320 performing blockchain processing according to a preset schedule to share the plurality of access control equipment 100 and the biometric log data 200 in real time; Analyze the biometric log data 200 of the access control devices and the real-time status information of the access permission users according to the distance between the device access location and the access permission user location and the corresponding time interval according to the preset mobility criteria A log data analyzer 330 for determining whether there is an incompatible item; It may be configured to include; security risk warning notification unit 340 for generating a security warning according to the abnormal use risk in case of finding an incompatible item.
본 발명에 따르면 의료장비, 위험장비, 고가장비 등에 대한 사용 통제를 효과적으로 달성할 수 있는 장점이 있다.According to the present invention has an advantage that can effectively achieve the use control for medical equipment, dangerous equipment, expensive equipment and the like.
또한, 본 발명에 따르면 의료장비, 위험장비, 고가장비 등에 대한 생체인증 접근 기록을 블록체인을 통해 관리자 컴퓨터로 실시간 공유함으로써 소프트웨어 처리를 통해 접근허가 사용자의 실시간 현황과 양립 불가능한 항목을 검출하여 보안 경고를 즉시 발생시킴으로써 이들 장비에 대한 비정상 사용을 효과적이면서도 확실하게 통제할 수 있는 장점이 있다.In addition, according to the present invention, by sharing the biometric access records for medical equipment, dangerous equipment, expensive equipment, etc. to the administrator computer through the blockchain in real time, the software process detects incompatible items and incompatible with the real-time status of the access authorization security warning The immediate onset of these benefits provides an effective and reliable control of abnormal use of these equipment.
도 1은 본 발명에 따른 접근통제형 장비의 액세스 보안관리 시스템의 전체 구성을 나타내는 도면.1 is a view showing the overall configuration of an access security management system of an access control device according to the present invention.
도 2는 본 발명에 따른 접근통제형 장비의 액세스 보안관리 시스템의 전체 프로세스를 나타내는 순서도.Figure 2 is a flow chart showing the overall process of the access security management system of access control equipment according to the present invention.
도 3은 본 발명에서 접근통제형 장비의 내부 기능적 구성을 나타내는 블록도.Figure 3 is a block diagram showing the internal functional configuration of the access control equipment in the present invention.
도 4는 본 발명에서 보안관리 에이전트부의 내부 기능적 구성을 나타내는 블록도.Figure 4 is a block diagram showing the internal functional configuration of the security management agent unit in the present invention.
도 5는 본 발명에서 보안관리 에이전트부의 동작 프로세스를 나타내는 순서도.5 is a flowchart illustrating an operation process of a security management agent unit in the present invention.
이하에서는 도면을 참조하여 본 발명을 상세하게 설명한다.Hereinafter, with reference to the drawings will be described in detail the present invention.
도 1은 본 발명에 따른 접근통제형 장비의 액세스 보안관리 시스템의 전체 구성을 나타내는 도면이다.1 is a view showing the overall configuration of an access security management system of an access control device according to the present invention.
도 1을 참조하면, 액세스 보안관리 시스템은 의료장비, 위험장비, 고가 장비 등에 생체인증 모듈을 설치하여 접근통제형 장비로 구성하고, 이들 접근통제형 장비(100)에 대해 미리 접근을 허가받은 사용자(401)만 액세스 허용하고 그 외의 사람들(501)에 대해서는 액세스를 차단할 뿐만 아니라 이러한 접근 통제가 제대로 이루어지고 있는지 여부를 보안관리 에이전트부(300)가 모니터링한다. 이때, 접근허가 사용자(401)에 대한 현황정보를 실시간으로 보안관리 에이전트부(300)가 확보하기 위하여 현황보고 에이전트부(400)가 더 구비될 수 있다.Referring to FIG. 1, the access security management system is configured as an access control device by installing a biometric module on medical equipment, dangerous equipment, expensive equipment, and the like, and a user who has been previously granted access to the access control device 100. The security management agent unit 300 monitors whether the access control is properly performed as well as blocking access to the other people 501 and only the access to the 401. In this case, the status report agent 400 may be further provided to secure the status information of the access permission user 401 in real time by the security management agent 300.
먼저, 접근통제형 장비(100)는 생체 센서(110), 예컨대 지문 센서나 홍채 센서가 구비된 것이 특징이다. 이때, 생체 센서(110)는 접근통제형 장비(100)에 기구적으로 일체로 내장 설치되는 것이 바람직하다. 이러한 생체 센서(110)를 이용하여 접근통제형 장비(100)는 누군가가 장비를 사용하려고 액세스를 시도하는 경우에 당해 액세스를 허가할지 여부를 판단한다. 접근자에게 생체 정보(예: 지문, 홍채 등)를 요구하여 생체 센서(110)를 통해 접근자 생체정보를 획득하고 그 획득한 접근자 생체정보를 미리 등록해둔 레퍼런스 생체정보와 대비하는 생체 인증 처리를 수행한다. 생체 인증에 성공하는 경우에 기기 액세스를 허용 처리하는 반면, 생체 인증에 실패하는 경우에는 기기 액세스를 거절 처리한다.First, the access control device 100 is characterized in that the biometric sensor 110, for example, a fingerprint sensor or an iris sensor is provided. At this time, the biosensor 110 is preferably installed integrally integrated into the access control equipment 100. Using the biometric sensor 110, the access control device 100 determines whether to grant the access when someone attempts to access the device. Requesting biometric information (eg, fingerprint, iris, etc.) from an accessor to obtain biometric biometric information through the biometric sensor 110, and biometric authentication processing to compare the obtained biometric biometric information with reference biometric information previously registered Perform If the biometric authentication succeeds, the device access is allowed, while if the biometric authentication fails, the device access is rejected.
또한, 접근통제형 장비(100)는 액세스 시도가 있는 경우에 그에 관련된 기록을 생성한다. 즉, 액세스 시도에 대응하여 장비식별 정보(장비 고유식별 정보), 접근위치 정보(지리적 위치 정보), 접근시간 정보(타임스탬프)를 포함하는 생체인증 로그데이터(200)를 생성한 후에, 블록체인 처리를 통하여 생체인증 로그데이터(200)를 실시간으로 공유한다. 생체인증 로그데이터(200)는 개별 접근통제형 장비(100)에서 비동기적으로 발생하는데, 블록체인 처리를 통하여 여러 접근통제형 장비(100)에서 생성된 생체인증 로그데이터(200)가 취합될 뿐만 아니라 다수의 접근통제형 장비(100) 및 보안관리 에이전트부(300)와 공유된다.In addition, the access control device 100 generates a record associated with the access attempt if there is. That is, after generating the biometric log data 200 including the device identification information (equipment unique identification information), the access location information (geographic location information), the access time information (time stamp) in response to the access attempt, the blockchain Through the processing, the biometric log data 200 is shared in real time. The biometric log data 200 is generated asynchronously in the individual access control equipment 100, the biometric log data 200 generated by the various access control equipment 100 through the blockchain processing is not only collected. As well as the plurality of access control equipment 100 and the security management agent 300 is shared.
보안관리 에이전트부(300)는 관리자 컴퓨터(301)에 전용 소프트웨어의 형태로 설치되며, 접근통제형 장비(100)에서 발생하는 액세스 정보를 접근허가 사용자들(401)의 현황정보와 대비하여 보안 위협이 존재하는지 모니터링한다. 이를 위해, 보안관리 에이전트부(300)는 블록체인 처리를 통해 복수의 접근통제형 장비(100)에서 취합된 생체인증 로그데이터(200)를 공유 방식으로 실시간으로 제공받는다. 또한, 보안관리 에이전트부(300)는 복수의 접근허가 사용자들(401)의 시간별 위치에 관한 실시간 현황정보를 획득한다. The security management agent unit 300 is installed in the form of dedicated software on the manager computer 301 and compares the access information generated from the access control device 100 with the security information against the status information of the access permission users 401. Monitor if it exists. To this end, the security management agent unit 300 receives the biometric log data 200 collected by the plurality of access control devices 100 through a blockchain process in real time in a shared manner. In addition, the security management agent unit 300 obtains real-time status information about the time location of the plurality of access users 401.
그리고 나서, 보안관리 에이전트부(300)는 생체인증 로그데이터(200)와 접근허가 사용자들(401)의 실시간 현황정보를 대비 분석함으로써 양립 불가능 항목이 존재하는지 확인하며, 양립 불가능 항목을 발견하면 바람직하게는 보안 경고를 발생시켜 관리자가 그 즉시 인지하도록 보조한다. 본 발명에서 양립 불가능 항목은 개념적으로는 지리적 위치 정보와 시간 정보를 고려할 때에 접근허가 사용자(401) 본인이 물리적으로 존재할 수 없는 곳에서 접근통제형 장비(100)에 대한 액세스 시도가 발생하였는지 여부를 체크하는 것이다.Then, the security management agent unit 300 checks whether the incompatible items exist by comparing the biometric log data 200 and the real-time status information of the access users 401, and if it finds incompatible items, Security alerts to help administrators recognize them immediately. The incompatible item in the present invention conceptually considers whether an access attempt is made to the access control device 100 in a place where the access user 401 cannot physically exist when considering the geographical location information and the time information. To check.
이처럼 본 발명은 블록체인을 이용하여 접근통제형 장비들(100)에 대한 생체인증 로그데이터(200)를 실시간으로 공유하고 그에 기초하여 액세스 시도에 대한 보안 위협을 모니터링하는 점이 특징이다.As described above, the present invention is characterized in that it shares the biometric log data 200 for the access control devices 100 in real time using a blockchain and monitors a security threat for an access attempt based thereon.
블록체인(block chain)은 일반적으로는 네트워크 상에서 발생된 거래 정보가 네트워크 참여자들 간에 공유되는 노드 수만큼 복제되어 분산 저장되는 공개 디지털 거래 장부라는 개념을 갖는다. 블록체인 기술은 현재는 암호화폐를 중심으로 활발하게 적용되고 있는데, 본 발명에서는 접근통제형 장비들(100)이 액세스 시도에 대한 생체인증 로그데이터(200)를 생성하여 보안관리 에이전트부(300)로 취합 및 공유해주는 데에 블록체인 기술을 활용하려고 한다. 그에 따라, 본 발명에 따르면 다수의 접근통제형 장비들(100)과 보안관리 에이전트부(300)가 피어(peer)로서 블록체인의 디지털 원장 관리에 참여한다.A block chain generally has the concept of a public digital transaction book where transaction information generated on a network is replicated and distributed as many as the number of nodes shared among network participants. Blockchain technology is currently being actively applied around the cryptocurrency, in the present invention, the access control device 100 generates the biometric log data 200 for the access attempt security management agent 300 We will use blockchain technology to collect and share data. Accordingly, according to the present invention, the plurality of access control devices 100 and the security management agent unit 300 participate in the digital ledger management of the blockchain as a peer.
현황보고 에이전트부(400)는 접근허가 사용자들(401)가 휴대하는 모바일 단말에 예컨대 앱(APP)의 형태로 설치 및 구현되며, 모바일 단말에 내장되어 있는 시계 모듈과 지리적 위치획득 모듈(예: GPS 모듈)과 협조 동작하여 각각 그 해당하는 접근허가 사용자(401)의 시간별 위치에 관한 실시간 현황정보를 획득하여 유무선 통신을 통해 보안관리 에이전트부(300)로 제공한다. The status reporting agent unit 400 is installed and implemented in the form of an app (APP) on a mobile terminal carried by the access permission users 401, for example, a watch module and a geographical location acquisition module (eg, embedded in the mobile terminal). GPS module) to obtain real-time status information on the time-by-hour position of the corresponding access permission user 401, respectively, and provide the security management agent 300 through wired and wireless communication.
한편, 본 발명에서는 보안관리 에이전트부(300)가 현황보고 에이전트(400)를 통해 접근허가 사용자들(401)의 실시간 현황정보를 획득하는 것이 바람직한데, 반드시 여기에 한정되는 것은 아니다. 담당 직원의 수작업 혹은 접근허가 사용자들(401)의 컴퓨터 로그인 기록을 통하는 방식도 가능하다.Meanwhile, in the present invention, it is preferable that the security management agent 300 acquires real-time status information of the access permission users 401 through the status reporting agent 400, but is not necessarily limited thereto. It is also possible to use the manual or authorized user's computer login record of the authorized user (401).
도 2는 본 발명에 따른 접근통제형 장비의 액세스 보안관리 시스템의 전체 프로세스를 나타내는 순서도이다.2 is a flow chart showing the overall process of the access security management system of the access control device according to the present invention.
단계 (S100) : 먼저, 다수의 접근통제형 장비(100)가 사용자의 액세스 시도에 대해 각자 설치된 생체 센서(110)를 이용하여 생체 인증을 수행한다. 접근통제형 장비(100)는 생체 센서(110)를 통해 접근자 생체정보를 획득하고 이를 미리 등록되어 있는 레퍼런스 생체정보와 대비하여 접근자 생체정보를 인증한다. 접근통제형 장비(100)에 대해 액세스 시도를 한 사람이 해당 장비에 접근 허가를 받은 사람이라고 미리 등록해둔 사람이 맞는지 여부를 생체 정보, 예컨대 지문이나 홍채 등을 통해 확인하는 것이다.Step S100: First, a plurality of access control equipment 100 performs biometric authentication using biometric sensor 110 installed for each user's access attempt. The access control device 100 obtains accessor biometric information through the biometric sensor 110 and authenticates the accessor biometric information in comparison with reference biometric information registered in advance. It is to check whether the person who attempts to access the access control device 100 is a person who has previously registered as a person who has been granted access to the device through biometric information, for example, a fingerprint or an iris.
한편, 접근통제형 장비(100)는 예컨대 관리자 컴퓨터(301)로부터 접근허가 사용자(401)에 대한 생체 정보를 제공받아 이를 등록해둔다. 본 명세서에서는 이렇게 등록된 생체 정보를 '레퍼런스 생체정보(reference biometric information)'이라고 부른다. 생체 정보 보안을 위하여 레퍼런스 생체정보 및 그때그때 생체 센서(110)를 통해 획득되는 접근자 생체정보는 접근통제형 장비(100)의 내부 메모리 공간에 암호화된 형태로 저장되는 것이 바람직하다.On the other hand, the access control device 100 receives the biometric information about the access permission user 401 from the manager computer 301, for example, and registers it. In this specification, the registered biometric information is referred to as 'reference biometric information'. For biometric information security, reference biometric information and accessor biometric information obtained through the biometric sensor 110 at that time are preferably stored in an encrypted form in an internal memory space of the access control device 100.
단계 (S110 ~ S130) : 접근통제형 장비(100)는 접근자 생체정보에 대해 생체 인증에 성공했는지 여부를 확인하고, 만일 생체 인증에 실패하는 경우에는 바람직하게는 접근통제형 장비(100)을 통해 생체 인증 실패를 접근자에게 알리고 기기 액세스를 거부한다. 예를 들어 접근통제형 장비(100)에 마련된 디스플레이 패널에 에러 메세지가 크게 표시되는 형태로 인증 실패를 표시한다. 반면, 생체 인증에 성공하였다면 접근통제형 장비(100)는 기기 액세스를 허용한다.Steps S110 to S130: The access control device 100 checks whether the biometric authentication is successful for the accessor biometric information, and if the biometric authentication fails, the access control device 100 is preferably used. It informs the accessor of the biometric failure and denies access to the device. For example, an authentication failure is displayed in a form in which an error message is largely displayed on a display panel provided in the access control device 100. On the other hand, if the biometric authentication is successful, the access control device 100 allows the device access.
그리고 나서, 접근통제형 장비(100)는 기기 액세스 시도에 대한 생체인증 로그데이터(200)를 생성한다. 생체인증 로그데이터(200)는 해당 접근통제형 장비(100)에 대한 고유 식별정보를 나타내는 장비식별 정보, 액세스 시도 시점의 해당 접근통제형 장비(100)의 지리적 위치정보를 나타내는 접근위치 정보, 액세스 시도 시점의 시간 정보를 나타내는 접근시간 정보를 포함하여 이루어진다. 이와 같은 생체인증 로그데이터(200)의 정보 구성은 보안관리 에이전트부(300)에 의한 보안 위협 모니터링을 효과적으로 보조하기 위한 것이다.Then, the access control device 100 generates biometric log data 200 for the device access attempt. The biometric log data 200 includes device identification information indicating unique identification information of the access control device 100, access location information indicating geographical location information of the access control device 100 at the time of an access attempt, and access. It includes access time information indicating time information at the time of attempt. The information configuration of the biometric log data 200 is for effectively assisting security threat monitoring by the security management agent 300.
단계 (S140, S150) : 미리 설정된 스케쥴(예: 10분 주기)에 따라 다수의 접근통제형 장비(100)와 보안관리 에이전트부(300)가 블록체인 처리를 수행함으로써 여러 접근통제형 장비(100)에서 개별적으로 생성된 생체인증 로그데이터(200)를 취합하고 실시간으로 공유한다.Steps S140 and S150: A plurality of access control devices 100 and a plurality of access control devices 100 and the security management agent 300 perform blockchain processing according to a preset schedule (for example, a 10 minute period). Collect the bio-authentication log data 200, which are generated separately, and share them in real time.
단계 (S160) : 한편, 보안관리 에이전트부(300)는 접근허가 사용자들(401)의 시간별 위치에 관한 실시간 현황정보를 획득한다. 현황보고 에이전트(400)를 통해 획득할 수도 있고 다른 경로, 예컨대 담당 직원의 수작업 혹은 접근허가 사용자(401)의 컴퓨터 로그인 기록에 의해 획득할 수도 있다.Step S160: Meanwhile, the security management agent unit 300 obtains real-time status information regarding the time-based location of the access permission users 401. It may be obtained through the status reporting agent 400 or may be obtained by another path, for example, by a manual log of a responsible employee or a computer login record of an authorized user 401.
단계 (S170 ~ S190) : 보안관리 에이전트부(300)는 접근통제형 장비들(100)의 생체인증 로그데이터(200)와 접근허가 사용자들(401)의 실시간 현황정보를 대비 분석하여 양립 불가능 항목을 발견하면 무언가 비정상 사용 위험이 높은 것으로 판단하여 보안 경고를 발생시킨다. 즉, 이들 정보에서 파악되는 지리적 위치 정보와 시간 정보를 대비하여 분석할 때에 접근허가 사용자(401) 본인이 물리적으로 존재할 수 없는 곳에서 접근통제형 장비(100)에 대한 액세스 시도가 발생하였다면 보안 위협이 있다고 판단하는 것이다. Steps S170 to S190: The security management agent 300 compares the biometric log data 200 of the access control devices 100 and the real-time status information of the access permission users 401 to be incompatible with each other. If it is found that the risk of something abnormal use is determined to raise a security warning. In other words, when analyzing the geographic location information and time information identified from these information, if the access attempt is made to the access control device 100 where the access user 401 cannot physically exist, the security threat is threatened. To judge that there is.
도 2에서 비허가 사용자(501)가 해킹 기법을 활용하여 접근허가 사용자(401)의 생체 정보를 도용하고 특정의 접근통제형 장비(100)에 대해 액세스를 시도한 경우를 가정한다. 접근통제형 장비(100)는 생체 정보에 의해서는 해당 액세스 시도가 정상이라고 판단하고 액세스를 허용할 수 있다. 하지만, 보안관리 에이전트부(300)는 그 명목상의 접근허가 사용자(401)가 현재 위치를 알고 있기 때문에 해당 액세스에 보안 위협이 있다는 것을 식별할 수 있다.In FIG. 2, it is assumed that an unauthorized user 501 uses a hacking technique to steal biometric information of an access user 401 and attempt to access a specific access control device 100. The access control device 100 may determine that the access attempt is normal based on the biometric information, and allow the access. However, the security management agent unit 300 may identify that there is a security threat to the access because the nominal access permission user 401 knows the current location.
도 3은 본 발명에서 접근통제형 장비(100)의 내부 기능적 구성을 나타내는 블록도이다. 도 3을 참조하면, 본 발명에서 접근통제형 장비(100)는 생체정보 획득부(110), 레퍼런스 저장부(120), 생체인증 처리부(130), 위치시간 식별부(140), 로그정보 관리부(150), 블록체인 장비처리부(160)를 포함하여 구성된다.3 is a block diagram showing the internal functional configuration of the access control device 100 in the present invention. Referring to FIG. 3, in the present invention, the access control device 100 includes a biometric information acquisition unit 110, a reference storage unit 120, a biometric authentication unit 130, a location time identification unit 140, and a log information management unit. 150, the blockchain equipment processing unit 160 is configured.
이하에서는, 접근통제형 장비(100)를 구성하는 각 기능성 구성요소에 대해서 구체적으로 살펴본다.Hereinafter, each functional component constituting the access control device 100 will be described in detail.
먼저, 생체정보 획득부(110)는 지문 센서, 홍채 센서 등과 같은 생체 센서를 통하여 사용자의 생체 정보를 획득하는 모듈이다. 접근통제형 장비(100)에 대한 액세스 시도가 들어오는 경우에 디스플레이 화면을 통해 안내 메세지를 제공하여 생체 센서를 통해 해당 접근자로부터 생체 정보를 획득한다.First, the biometric information acquisition unit 110 is a module for obtaining biometric information of a user through biometric sensors such as a fingerprint sensor and an iris sensor. When an access attempt for the access control device 100 is received, a guide message is provided through a display screen to obtain biometric information from a corresponding accessor through a biometric sensor.
레퍼런스 저장부(120)는 해당 접근통제형 장비에 대해 미리 등록된 접근허가 사용자의 생체 정보를 미리 제공받아 저장하기 위한 스토리지 공간을 제공하는 모듈이다.The reference storage unit 120 is a module that provides a storage space for receiving and storing biometric information of an access permission user registered in advance for the corresponding access control device.
생체인증 처리부(130)는 생체정보 획득부(110)를 통해 앞서 획득된 접근자 생체정보를 레퍼런스 저장부(120)에 미리 저장해둔 레퍼런스 생체정보와 대비함으로써 접근자 생체정보가 해당 장비에 대한 접근허가 사용자(401)의 것인지 여부를 인증 처리한다. 그 인증 처리 결과, 생체 인증에 성공하는 경우에는 해당 접근통제형 장비(100)에 대한 기기 액세스를 허용 처리한다.The biometric authentication unit 130 compares the accessor biometric information previously obtained through the biometric information acquisition unit 110 with reference biometric information previously stored in the reference storage unit 120 to access the biometric information of the accessor to the device. Whether or not it is the authorized user 401 is authenticated. As a result of the authentication process, when the biometric authentication is successful, the device access to the access control device 100 is allowed.
위치시간 식별부(140)는 해당 접근통제형 장비(100)에 대한 지리적 위치정보 및 시간 정보를 획득한다. 장비 내부에 GPS 모듈과 시계 모듈을 구비하는 방식으로 구현할 수도 있고, 테스트 패킷을 외부 전송한 후 이동 경로 및 수신자가 설정하는 타임스탬프를 활용하는 방식으로 구현할 수도 있다.The location time identification unit 140 obtains geographic location information and time information on the access control device 100. It can be implemented by including a GPS module and a clock module inside the equipment, or by using a time stamp set by the moving path and the receiver after externally transmitting a test packet.
로그정보 관리부(150)는 해당 장비에 대한 액세스 시도에 관련하여 생체인증 로그데이터(200)를 생성한다. 바람직하게는 생체 인증의 성공 또는 실패에 무관하게 액세스 시도가 있을 때마다 로그데이터를 생성한다. 생체인증 로그데이터(200)는 해당 접근통제형 장비에 대한 고유 식별정보를 나타내는 장비식별 정보, 액세스 시도 시점에 위치시간 식별부(140)로부터 획득된 지리적 위치정보를 나타내는 접근위치 정보, 액세스 시도 시점에 위치시간 식별부(140)로부터 획득된 시간 정보를 나타내는 접근시간 정보를 포함하여 구성될 수 있다.The log information manager 150 generates biometric log data 200 in connection with an attempt to access the corresponding device. Preferably, log data is generated whenever there is an access attempt, regardless of the success or failure of biometric authentication. The biometric log data 200 includes device identification information indicating unique identification information of the access control type device, access location information indicating geographic location information obtained from the location time identification unit 140 at the time of access attempt, and access point of time. It may be configured to include the access time information indicating the time information obtained from the location time identification unit 140.
블록체인 장비처리부(160)는 미리 설정된 스케쥴에 따라 블록체인 처리를 접근통제형 장비(100) 측에서 수행하는 구성요소이다. 블록체인 처리를 통하여 접근통제형 장비(100)는 생체인증 로그데이터(200)를 다른 접근통제형 장비(100) 및 보안관리 에이전트부(300)와 실시간으로 공유하게 된다.The blockchain equipment processing unit 160 is a component that performs blockchain processing on the access control equipment 100 side according to a preset schedule. Through the blockchain process, the access control device 100 shares the biometric log data 200 with other access control device 100 and the security management agent 300 in real time.
도 4는 본 발명에서 보안관리 에이전트부(300)의 내부 기능적 구성을 나타내는 블록도이다. 도 4를 참조하면, 본 발명에서 보안관리 에이전트부(300)는 사용자 현황관리부(310), 블록체인 서버처리부(320), 로그데이터 분석부(330), 보안위험 경고알림부(340)를 포함하여 구성된다.4 is a block diagram showing the internal functional configuration of the security management agent 300 in the present invention. Referring to FIG. 4, in the present invention, the security management agent unit 300 includes a user status management unit 310, a blockchain server processing unit 320, a log data analysis unit 330, and a security risk warning notification unit 340. It is configured by.
이하에서는, 보안관리 에이전트부(300)를 구성하는 각 기능성 구성요소에 대해서 구체적으로 살펴본다.Hereinafter, each functional component constituting the security management agent unit 300 will be described in detail.
먼저, 사용자 현황관리부(310)는 접근허가 사용자들(401)의 시간별 위치에 관한 실시간 현황정보를 획득한다. 사용자 현황관리부(310)가 현황보고 에이전트(400)를 통해 접근허가 사용자들(401)의 실시간 현황정보를 획득하는 것이 바람직하지만 반드시 여기에 한정되는 것은 아니다.First, the user status management unit 310 obtains real-time status information regarding the time-by-hour position of the access permission users 401. It is preferable that the user status management unit 310 obtains real-time status information of the access users 401 through the status reporting agent 400, but is not necessarily limited thereto.
블록체인 서버처리부(320)는 미리 설정된 스케쥴에 따라 블록체인 처리를 보안관리 에이전트부(300) 측에서 수행하는 구성요소이다. 블록체인 처리를 통하여 보안관리 에이전트부(300)는 생체인증 로그데이터(200)를 복수의 접근통제형 장비(100)로부터 실시간 공유 형식으로 제공받는다.The blockchain server processing unit 320 is a component that performs blockchain processing on the security management agent 300 according to a preset schedule. Through the blockchain processing, the security management agent 300 receives the biometric log data 200 from a plurality of access control equipment 100 in a real time sharing format.
로그데이터 분석부(330)는 접근통제형 장비들(100)의 생체인증 로그데이터(200)와 접근허가 사용자들의 실시간 현황정보를 분석하여 시간 별로 장비 접근 위치와 접근허가 사용자 위치의 이격 정도 및 해당 시간 간격을 대비하여 미리 설정된 이동가능성 기준에 따라 양립 불가능 항목이 있는지 여부를 판단한다. 이들 정보에서 파악되는 지리적 위치 정보와 시간 정보를 분석할 때에 접근허가 사용자(401) 본인이 물리적으로 존재할 수 없는 곳에서 접근통제형 장비(100)에 대한 액세스 시도가 발생하였다면 보안 위협이 있다고 판단하는 것이다. The log data analysis unit 330 analyzes the biometric log data 200 of the access control devices 100 and the real-time status information of the access permission users, and the distance between the device access location and the access permission user location according to time, and the corresponding. In preparation for the time interval, it is determined whether there is an incompatible item according to a preset mobility criterion. When analyzing the geographic location information and time information identified in these information, if the access user 401 attempts to access the access control device 100 where the user himself cannot physically exist, it is determined that there is a security threat. will be.
도 2에서 비허가 사용자(501)가 해킹 기법을 활용하여 접근허가 사용자(401)의 생체 정보를 도용하고 특정의 접근통제형 장비(100)에 대해 액세스를 시도한 경우를 가정한다. 접근통제형 장비(100)는 생체 정보에 의해서는 해당 액세스 시도가 정상이라고 판단하고 액세스를 허용할 수 있다. 하지만, 보안관리 에이전트부(300)는 그 명목상의 접근허가 사용자(401)가 현재 위치를 알고 있기 때문에 해당 액세스에 보안 위협이 있다는 것을 식별할 수 있다.In FIG. 2, it is assumed that an unauthorized user 501 uses a hacking technique to steal biometric information of an access user 401 and attempt to access a specific access control device 100. The access control device 100 may determine that the access attempt is normal based on the biometric information, and allow the access. However, the security management agent unit 300 may identify that there is a security threat to the access because the nominal access permission user 401 knows the current location.
보안위험 경고알림부(340)는 양립 불가능한 항목을 발견하는 경우에 비정상 사용 위험에 따른 보안 경고를 발생시켜 관리자가 그 즉시 인지하고 그에 따른 대응 조치를 수행할 수 있도록 보조한다.When the security risk warning notification unit 340 finds an incompatible item, it generates a security warning according to an abnormal use risk and assists the administrator to immediately recognize and perform a corresponding action accordingly.
도 5는 본 발명에서 보안관리 에이전트부(300)의 동작 프로세스를 나타내는 순서도이다.5 is a flowchart illustrating an operation process of the security management agent 300 in the present invention.
단계 (S200) : 먼저, 사용자 현황관리부(310)가 접근허가 사용자들(401)이 소지하는 현황보고 에이전트부(400)로부터 접근허가 사용자들(401)의 시간별 위치에 관한 실시간 현황정보를 획득한다. Step (S200): First, the user status management unit 310 obtains real-time status information regarding the hourly position of the access users 401 from the status report agent 400 possessed by the access permission users 401. .
단계 (S210) : 블록체인 서버처리부(320)는 미리 설정된 스케쥴에 따라 블록체인 처리를 수행함으로써 접근통제형 장비들(100)과 생체인증 로그데이터(200)(장비식별 정보, 접근위치 정보, 접근시간 정보)를 실시간으로 공유한다.Step S210: The blockchain server processing unit 320 performs blockchain processing according to a preset schedule, thereby controlling access control devices 100 and biometric log data 200 (equipment identification information, access location information, and access). Time information) in real time.
단계 (S220) : 로그데이터 분석부(330)는 접근통제형 장비들(100)의 생체인증 로그데이터(200)와 접근허가 사용자들(401)의 실시간 현황정보를 분석하여 시간 별로 장비 접근 위치 및 접근허가 사용자 위치의 상관 관계를 대비한다. 즉, 시간대별로 접근통제형 장비(100)는 어디에 위치하였고 접근허가 사용자들(401)은 어디에 위치하였는지를 대비하는 것이다.Step S220: The log data analysis unit 330 analyzes the biometric log data 200 of the access control devices 100 and the real-time status information of the access permission users 401, and the device access position and time by time. Prepare for correlation of access user location. That is, for each time zone, the access control type device 100 is located and the access permission users 401 are prepared for the location.
단계 (S230) : 로그데이터 분석부(330)는 장비 접근 위치와 접근허가 사용자 위치의 이격 정도 및 해당 시간 간격을 대비하여 미리 설정된 이동가능성 기준에 따라 양립 불가능한 항목이 있는지 여부를 판단한다. 즉, 접근통제형 장비(100)에 대해 액세스 시도가 발생하였을 시점을 중심으로 해당 접근통제형 장비(100)와 해당 접근허가 사용자(401)가 어디에 위치하였는지를 파악하고, 접근허가 사용자(401) 본인이 물리적으로 존재할 수 없는 곳에서 접근통제형 장비(100)에 대한 액세스 시도가 발생한 것은 아닌지 확인하는 것이다.Step S230: The log data analyzer 330 determines whether there are incompatible items according to a preset mobility criterion in preparation for the distance between the equipment access location and the access permission user location and the corresponding time interval. That is, the access control device 100 to determine the location of the access control device 100 and the access permission user 401 around the time when the access attempt has occurred, the access permission user 401 himself This is to check whether or not an access attempt has been made to the access control device 100 where it cannot exist physically.
단계 (S240 ~ S260) : 위 확인 결과, 양립 불가능 항목을 발견하지 못한 경우에는 보안 위협이라고 볼만한 사항을 별달리 발견하지 못한 것이기에 특별한 조치를 취하지 않을 수 있다.Steps (S240 ~ S260): If the above check does not find an incompatible item, it may not take special measures because it has not found anything that is considered a security threat.
반면, 양립 불가능 항목을 발견한 경우에는 로그데이터 분석부(330)는 비허가 사용자(501)가 접근통제형 장비(100)에 접근 시도한 비정상 사용 위험이 높은 것으로 판단한다. 이 때에는 보안 위협의 가능성을 무시할 수 없는 상황이므로 적절한 조치를 취한다. 예를 들어, 보안위험 경고알림부(340)는 비정상 사용 위험에 따른 보안 경고를 발생시키고, 보안관리 에이전트부(300)가 접근통제형 장비(100)를 직접 제어하여 기기 작동을 중지시킬 수도 있다.On the other hand, when incompatible items are found, the log data analysis unit 330 determines that the unauthorized use of the unauthorized user 501 attempts to access the access control device 100 has a high risk of abnormal use. In this case, the possibility of a security threat cannot be ignored, so take appropriate action. For example, the security risk warning notification unit 340 may generate a security warning according to the abnormal use risk, and the security management agent 300 may directly control the access control device 100 to stop the operation of the device. .
한편, 본 발명은 컴퓨터가 읽을 수 있는 비휘발성 기록매체에 컴퓨터가 읽을 수 있는 코드의 형태로 구현되는 것이 가능하다. 이러한 비휘발성 기록매체로는 다양한 형태의 스토리지 장치가 존재하는데 예컨대 하드디스크, SSD, CD-ROM, NAS, 자기테이프, 웹디스크, 클라우드 디스크 등이 있고 네트워크로 연결된 다수의 스토리지 장치에 코드가 분산 저장되고 실행되는 형태도 구현될 수 있다. 또한, 본 발명은 하드웨어와 결합되어 특정의 절차를 실행시키기 위하여 매체에 저장된 컴퓨터프로그램의 형태로 구현될 수도 있다.Meanwhile, the present invention may be embodied in the form of computer readable codes on a computer readable nonvolatile recording medium. Such nonvolatile recording media include various types of storage devices, such as hard disks, SSDs, CD-ROMs, NAS, magnetic tapes, web disks, cloud disks, etc., and code is distributed in a plurality of networked storage devices. Forms that are implemented and executed may also be implemented. In addition, the present invention may be implemented in the form of a computer program stored in a medium in combination with hardware to execute a specific procedure.

Claims (5)

  1. 다수의 접근통제형 장비를 위한 액세스 보안관리 시스템으로서,Access security management system for multiple access control equipment,
    액세스 시도에 대응하여 생체 센서를 통해 접근자 생체정보를 획득하고 상기 접근자 생체정보를 미리 등록된 레퍼런스 생체정보와 대비하는 생체 인증에 성공하는 경우에 기기 액세스를 허용 처리하며 상기 액세스 시도에 관련하여 장비식별 정보, 접근위치 정보, 접근시간 정보를 포함하는 생체인증 로그데이터를 생성하며 블록체인 처리를 통하여 상기 생체인증 로그데이터를 실시간으로 공유하는 복수의 접근통제형 장비(100);In response to the access attempt, the accessor biometric information is acquired through the biometric sensor, and if the biometric authentication succeeds in comparing the accessor biometric information with a pre-registered reference biometric information, the device access is allowed to be processed. A plurality of access control type devices 100 generating biometric log data including equipment identification information, access location information, and access time information and sharing the biometric log data in real time through a blockchain process;
    관리자 컴퓨터에 설치되며, 블록체인 처리를 통해 상기 복수의 접근통제형 장비(100)와 상기 생체인증 로그데이터(200)를 실시간으로 공유하고 복수의 접근허가 사용자의 시간별 위치에 관한 실시간 현황정보를 획득하며 상기 생체인증 로그데이터와 상기 실시간 현황정보를 대비 분석하여 양립 불가능 항목을 발견하면 보안 경고를 발생시키는 보안관리 에이전트부(300);It is installed on the administrator computer, and through the blockchain processing to share the plurality of access control type device 100 and the biometric log data 200 in real time and obtain the real-time status information on the time-by-hour location of the plurality of access permission users A security management agent 300 for generating a security alert when the biometric log data and the real-time status information are compared and found to be incompatible with each other;
    를 포함하여 구성되는 접근통제형 장비를 위한 생체인증 로그데이터의 블록체인 공유 기반의 액세스 보안관리 시스템.Access security management system based on blockchain sharing of biometric log data for access control devices, including.
  2. 청구항 1에 있어서,The method according to claim 1,
    접근허가 사용자가 휴대하는 모바일 단말에 설치되며, 상기 모바일 단말에 내장된 시계 모듈과 지리적 위치획득 모듈과 협조 동작하여 접근허가 사용자의 시간별 위치에 관한 실시간 현황정보를 획득하여 유무선 통신을 통해 상기 보안관리 에이전트부(300)로 제공하는 현황보고 에이전트부(400);It is installed in the mobile terminal carried by the access permission user, and cooperates with the clock module and the geographic location acquisition module embedded in the mobile terminal to obtain real-time status information regarding the time-based location of the access permission user through the wired / wireless communication. Status reporting agent unit 400 provided to the agent unit 300;
    를 더 포함하여 구성되는 접근통제형 장비를 위한 생체인증 로그데이터의 블록체인 공유 기반의 액세스 보안관리 시스템.Access security management system based on the blockchain sharing of biometric log data for access control equipment further comprising.
  3. 청구항 1 또는 청구항 2에 있어서,The method according to claim 1 or 2,
    상기 접근통제형 장비(100)는,The access control equipment 100,
    액세스 시도에 대응하여 생체 센서를 통해 접근자의 생체 정보를 획득하는 생체정보 획득부(110);A biometric information acquisition unit 110 for obtaining biometric information of an accessor through a biometric sensor in response to an access attempt;
    해당 접근통제형 장비에 대해 미리 등록된 접근허가 사용자의 생체 정보를 미리 제공받아 저장하는 레퍼런스 저장부(120);A reference storage unit 120 which receives and stores biometric information of an access permission user registered in advance for the access control type device;
    상기 생체정보 획득부를 통해 획득된 접근자 생체정보를 상기 레퍼런스 저장부에 저장되어 있는 레퍼런스 생체정보와 대비하여 상기 접근자 생체정보를 인증 처리하고, 그 인증 처리 결과 생체 인증에 성공하는 경우에는 기기 액세스를 허용 처리하는 생체인증 처리부(130);The accessor biometric information obtained through the biometric information acquisition unit is compared with the reference biometric information stored in the reference storage unit, and the accessor biometric information is authenticated. When the biometric authentication is successful, the device is accessed. Biometric processing unit 130 for allowing the processing;
    해당 접근통제형 장비에 대한 지리적 위치정보 및 시간 정보를 획득하는 위치시간 식별부(140);Location time identification unit 140 for obtaining geographic location information and time information for the access control device;
    상기 액세스 시도에 관련하여 해당 접근통제형 장비에 대한 고유 식별정보를 나타내는 장비식별 정보, 상기 액세스 시도 시점에 상기 위치시간 식별부(140)로부터 획득된 지리적 위치정보를 나타내는 접근위치 정보, 상기 액세스 시도 시점에 상기 위치시간 식별부(140)로부터 획득된 시간 정보를 나타내는 접근시간 정보를 포함하는 생체인증 로그데이터(200)를 생성하는 로그정보 관리부(150);The device identification information indicating the unique identification information of the access control device in relation to the access attempt, the access location information indicating the geographical location information obtained from the location time identification unit 140 at the time of the access attempt, the access attempt A log information management unit 150 generating biometric log data 200 including access time information indicating time information obtained from the location time identification unit 140 at a time point;
    미리 설정된 스케쥴에 따라 블록체인 처리를 수행하여 상기 생체인증 로그데이터(200)를 다른 접근통제형 장비(100) 및 상기 보안관리 에이전트부(300)와 실시간으로 공유하는 블록체인 장비처리부(160);A blockchain equipment processing unit 160 for performing blockchain processing according to a preset schedule to share the biometric log data 200 with other access control equipment 100 and the security management agent 300 in real time;
    를 포함하여 구성되는 것을 특징으로 하는 접근통제형 장비를 위한 생체인증 로그데이터의 블록체인 공유 기반의 액세스 보안관리 시스템.Access security management system based on the blockchain sharing of biometric log data for access control equipment, characterized in that comprising a.
  4. 청구항 3에 있어서,The method according to claim 3,
    상기 보안관리 에이전트부(300)는,The security management agent unit 300,
    복수의 접근허가 사용자의 시간별 위치에 관한 실시간 현황정보를 획득하는 사용자 현황관리부(310);A user status management unit 310 for obtaining real-time status information regarding a time-based location of a plurality of access permission users;
    미리 설정된 스케쥴에 따라 블록체인 처리를 수행하여 상기 복수의 접근통제형 장비(100)와 상기 생체인증 로그데이터(200)를 실시간으로 공유하는 블록체인 서버처리부(320);A blockchain server processor 320 for performing blockchain processing according to a predetermined schedule to share the plurality of access control equipment 100 and the biometric log data 200 in real time;
    상기 접근통제형 장비들의 생체인증 로그데이터(200)와 상기 접근허가 사용자들의 실시간 현황정보를 분석하여 시간 별로 장비 접근 위치와 접근허가 사용자 위치의 이격 정도 및 해당 시간 간격을 대비하여 미리 설정된 이동가능성 기준에 따라 양립 불가능 항목이 있는지 여부를 판단하는 로그데이터 분석부(330);Based on the biometric log data 200 of the access control devices and the real-time status information of the access permission users by analyzing the separation degree of the device access location and the access user location by time and the preset mobility possibility in preparation for the corresponding time interval Log data analysis unit 330 to determine whether there is an incompatible item according to;
    를 포함하여 구성되는 것을 특징으로 하는 접근통제형 장비를 위한 생체인증 로그데이터의 블록체인 공유 기반의 액세스 보안관리 시스템.Access security management system based on the blockchain sharing of biometric log data for access control equipment, characterized in that comprising a.
  5. 청구항 4에 있어서,The method according to claim 4,
    상기 보안관리 에이전트부(300)는,The security management agent unit 300,
    상기 양립 불가능한 항목을 발견하는 경우에 비정상 사용 위험에 따른 보안 경고를 발생시키는 보안위험 경고알림부(340);A security risk warning notification unit 340 for generating a security warning according to an abnormal use risk when the incompatible item is found;
    를 더 포함하여 구성되는 것을 특징으로 하는 접근통제형 장비를 위한 생체인증 로그데이터의 블록체인 공유 기반의 액세스 보안관리 시스템.Access security management system based on the blockchain sharing of biometric log data for access control equipment further comprising a.
PCT/KR2018/010923 2018-03-30 2018-09-17 Access security management system for access control equipment on basis of blockchain sharing of biometric authentication log data WO2019190007A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020180037774A KR101868589B1 (en) 2018-03-30 2018-03-30 access security system based on blockchain processing of biometrics logs for access control equipments
KR10-2018-0037774 2018-03-30

Publications (1)

Publication Number Publication Date
WO2019190007A1 true WO2019190007A1 (en) 2019-10-03

Family

ID=62767796

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2018/010923 WO2019190007A1 (en) 2018-03-30 2018-09-17 Access security management system for access control equipment on basis of blockchain sharing of biometric authentication log data

Country Status (2)

Country Link
KR (1) KR101868589B1 (en)
WO (1) WO2019190007A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110933091A (en) * 2019-12-03 2020-03-27 丁奇娜 Block chain communication node verification method and device and electronic equipment
CN112069548A (en) * 2020-08-14 2020-12-11 深圳市盛龙信息科技有限公司 Logistics monitoring method, system and storage medium for agricultural product trading market
WO2021095926A1 (en) * 2019-11-11 2021-05-20 전자부품연구원 Complex iot device and sharing service providing method using same, and method for recognizing external information through blockchain application and providing information

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102209178B1 (en) * 2018-07-17 2021-01-29 이윤경 Method for preserving and utilizing genome and genome information
KR102562723B1 (en) * 2018-07-20 2023-08-03 재단법인 포항산업과학연구원 Safety work system and method applying blockchain in a closed space
US10944547B2 (en) 2018-08-10 2021-03-09 International Business Machines Corporation Secure environment device management
KR102021082B1 (en) * 2018-10-22 2019-11-04 주식회사 라인웍스 System and method for detecting network anomaly using the block-chain based index
KR102185258B1 (en) 2019-04-25 2020-12-01 신한대학교 산학협력단 In vitro diagnostic equipment based on block chain technology and remote operating method of the equipment
KR102308222B1 (en) * 2019-10-07 2021-09-30 현대엔지니어링 주식회사 Equipment Authentication System
KR102233468B1 (en) * 2019-11-25 2021-03-29 주식회사 스마트엠투엠 Blockchain-based security hub platform for enhancing security of habor infrastructure
KR102615244B1 (en) 2020-04-07 2023-12-19 한국전자통신연구원 Apparatus and method for recommending user's privacy control

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110038562A (en) * 2009-10-08 2011-04-14 최운호 System for tracking and securing container and logistics using biometric identification card and csd
KR101763827B1 (en) * 2016-04-07 2017-08-02 주식회사 라이프시맨틱스 System, method and program for transmitting health data by block-chain
KR101780635B1 (en) * 2016-04-28 2017-09-21 주식회사 코인플러그 Method for creating, registering, revoking certificate information and server using the same
KR20180006338A (en) * 2016-07-08 2018-01-17 김만이 Method and system for managing payment and document computing using identifiable tags and artificial intelligence
KR101837168B1 (en) * 2017-04-18 2018-03-09 주식회사 코인플러그 Method for approving the use of credit card by using token id based on blockchain and server using the same

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100948502B1 (en) * 2007-10-08 2010-03-23 프롬투정보통신(주) Access Control of portable and non-portable devices with File System Filter Driver

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110038562A (en) * 2009-10-08 2011-04-14 최운호 System for tracking and securing container and logistics using biometric identification card and csd
KR101763827B1 (en) * 2016-04-07 2017-08-02 주식회사 라이프시맨틱스 System, method and program for transmitting health data by block-chain
KR101780635B1 (en) * 2016-04-28 2017-09-21 주식회사 코인플러그 Method for creating, registering, revoking certificate information and server using the same
KR20180006338A (en) * 2016-07-08 2018-01-17 김만이 Method and system for managing payment and document computing using identifiable tags and artificial intelligence
KR101837168B1 (en) * 2017-04-18 2018-03-09 주식회사 코인플러그 Method for approving the use of credit card by using token id based on blockchain and server using the same

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021095926A1 (en) * 2019-11-11 2021-05-20 전자부품연구원 Complex iot device and sharing service providing method using same, and method for recognizing external information through blockchain application and providing information
CN110933091A (en) * 2019-12-03 2020-03-27 丁奇娜 Block chain communication node verification method and device and electronic equipment
CN112069548A (en) * 2020-08-14 2020-12-11 深圳市盛龙信息科技有限公司 Logistics monitoring method, system and storage medium for agricultural product trading market

Also Published As

Publication number Publication date
KR101868589B1 (en) 2018-06-18

Similar Documents

Publication Publication Date Title
WO2019190007A1 (en) Access security management system for access control equipment on basis of blockchain sharing of biometric authentication log data
CN109729180B (en) Whole system intelligent community platform
US9953151B2 (en) System and method identifying a user to an associated device
White et al. Cooperating security managers: A peer-based intrusion detection system
US20210084062A1 (en) Method and Apparatus for Network Fraud Detection and Remediation Through Analytics
US6353385B1 (en) Method and system for interfacing an intrusion detection system to a central alarm system
EP2175426B1 (en) Security system, security method and recording medium storing security program
US9117076B2 (en) System and method for detecting potential threats by monitoring user and system behavior associated with computer and network activity
US7028018B2 (en) Cooperative biometrics abnormality detection system (C-BAD)
KR100899471B1 (en) Method and system for securing a computer network and personal identification device used therein for controlling access to network components
US6219439B1 (en) Biometric authentication system
EP2087690B1 (en) Secure access to a protected network resource within a restricted area
KR101097235B1 (en) Safety network system for solitude oldster and service providing method thereof
CN111935165B (en) Access control method, device, electronic device and medium
EP1643459B1 (en) Authentication system using biometric information
US20130013548A1 (en) System and method for providing configurable security monitoring utilizing an integrated information system
US20130042298A1 (en) System and method for generating trust among data network users
KR102024142B1 (en) A access control system for detecting and controlling abnormal users by users’ pattern of server access
WO2015099607A1 (en) An integrated access control and identity management system
EP3105699A1 (en) Method and apparatus for authenticating security system users and unlocking selected feature sets
EP3142079B1 (en) Identity assurance
CN108337235B (en) Method and system for executing security operation by using security device
KR102188775B1 (en) Method and system for remotely controlling client terminals using face recognition and face recognition terminal
KR20180023125A (en) Integrated access control system based on video analysis
JP2003109129A (en) Device, system and method for managing passage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18911542

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 18911542

Country of ref document: EP

Kind code of ref document: A1