WO2015182842A1 - Method for controlling information registration and query for protecting private information - Google Patents

Method for controlling information registration and query for protecting private information Download PDF

Info

Publication number
WO2015182842A1
WO2015182842A1 PCT/KR2014/012525 KR2014012525W WO2015182842A1 WO 2015182842 A1 WO2015182842 A1 WO 2015182842A1 KR 2014012525 W KR2014012525 W KR 2014012525W WO 2015182842 A1 WO2015182842 A1 WO 2015182842A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
registration
segments
key value
query
Prior art date
Application number
PCT/KR2014/012525
Other languages
French (fr)
Inventor
Byung Chul Lee
Original Assignee
Byung Chul Lee
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020140144151A external-priority patent/KR20150136975A/en
Application filed by Byung Chul Lee filed Critical Byung Chul Lee
Publication of WO2015182842A1 publication Critical patent/WO2015182842A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • the present invention relates to a method for registering and managing information, which is capable of preventing a hacker from recovering private information using only a table although the hacker invades a database and steals the table including information, and of systematically controlling persons who intend to check private information.
  • resident registration numbers have been conveniently used in business, such as government's administration service, transaction using financial institutions, etc.
  • the resident registration number has been coded in only several digits so that date of birth and sex of a corresponding person can be easily checked. Accordingly, a person who tries to make bad use of a resident registration number may use the resident registration number for illegal purposes if he or she has only to additionally obtain some pieces of external information.
  • Such a problem is not inherent in only the resident registration number. For example, a person who is engaged in a financial institution may easily check a corresponding bank and a corresponding branch office of a corresponding area based on only numbers written in an account number used in a financial institution. The reason for this is that the account number is assigned according to a systematic rule.
  • FIG. 1 is a diagram illustrating a configuration for private information storage and query using a conventional relationship database.
  • the relationship database In the relationship database, the remaining pieces of information are exposed if any piece of information is exposed because a relationship has been established between DB tables. Furthermore, it is difficult to monitor information spill from the relationship database because each of applications for queries is included in each process in an application module form. If a specific process is modified but the modified process is not associated with the monitoring transaction log, a danger that information spill may not be detected or prevented is increased. In general, information exposure needs to be detected or prevented in advance because it is generated when private information is downloaded in a lump. In this case, the above application is a program that may be easily decompiled, such as Java.
  • FIGS. 2(a) and 2(b) illustrate private information stored in DB tables.
  • FIG. 2(a) illustrates an example in which all pieces of private information, such as names, resident registration numbers, addresses, telephone numbers, account numbers, IDs, passwords, and biometric information are stored in a single table in a lump.
  • FIG. 2(b) illustrates an example in which the type of parameter is sorted under the concept of a relationship database and parameters, such as a name, a resident registration number, an address, a telephone number, an account number, an ID, a password, and biometric information are stored in different tables according to the parameters.
  • a danger of private information spill is not reduced although pieces of private information are sorted and stored in different tables of a relationship database as in FIG. 2(b) as well as in FIG. 2(a). If a hacker invades the database and steals a table from the database, the hacker may steal all pieces of private information through a relationship established between data included in the table. Furthermore, although the database is encrypted, a danger of information spill still remains because a hacker s ability to decrypt a password is being advanced.
  • the private information is a concept that includes a variety of types of biomass data (e.g., a fingerprint, the iris, a gene, the lines of the palm, a face (or a facial shape), veinprint, lips wrinkles, and voice) in addition to information, such as numerical and alphabetical information and symbols.
  • a fingerprint may be stored in an image form and used, or an image of a fingerprint may be digitalized or a relationship between the image of the fingerprint and a table in which resident registration numbers and names are stored may be set up and used.
  • Such personal biomass data cannot be changed in lifetime. Once the biomass data is spilled, a corresponding person may not use his or her biomass data in lifetime.
  • biomass data has been encrypted, it is only a matter of time before a hacker decrypts the biomass data if such a database itself is hacked.
  • Korean Patent No. 10-1220992 entitled System for Management of Client Address Information in the Electronic Commerce and Method Thereof the system receives information about the detailed address of a customer from a customer s terminal connected to the system through the Internet, generates a unique address number corresponding to the received information, and stores and manages the generated unique address number and the corresponding detailed address information in separated databases, thereby effectively preventing information about the detailed address of a customer from being easily spilled externally due to a hacker or a malicious program.
  • Korean Patent Application Publication No. 10-2013-0049623 entitled “Data Distribution Store System and Method Thereof” discloses a data distribution store system and method in which the original data is distributed and stored in a plurality of nodes and is also encrypted and stored, thereby increasing availability and security.
  • Korean Patent No. 10-0788278 entitled “Data Storing System and Method for De-identification of Information” discloses a data storing system and method for separating information to be stored into ID data, that is, header information that is a basis for confirming an identity, and PD data, that is, body information other than the ID data and storing the ID data and the PD data, for the anonymity of information.
  • An object of the present invention is to provide a method of controlling the registration and query of private information, which is capable of fundamentally blocking a conventional danger of private information spill from the outside and previously controlling a private information spill attempt by an internal user.
  • a unique customer number is assigned to private information to be registered (i.e., registration information).
  • the customer number is automatically generated as a random number and is uniquely designated to each piece of private information.
  • the information elements of all pieces of registration information are fragmented to a maximum extent. For example, a full name may be divided into a family name and a given name, a resident registration number or a social security number may be divided into former digits and latter digits, a telephone number may be divided into dialing code and latter digit numbers, and an ID and a password may be divided based on a proper (or specific) boundary.
  • Biometric information may be divided into several segments with various shapes. Each of the information elements may be divided in accordance with various criteria. It will be advantageous to achieve the object of the present invention if an information element is fragmented into a plurality of small segments to a maximum extent.
  • Registration information means private information to be registered or already registered private information.
  • Such registration information includes a plurality of “information elements”. For example, assuming that [Hong Gil-dong, 888-8888, 550101-1177xxx, xx Street, Sillim-dong, Gwanak-gu, Seoul, Korea] is registration information, “Hong Gil-dong (a full name)”, “888-8888 (a telephone number)”, “550101-1177xxx (a resident registration number)”, and “xx Street, Sillim-dong, Gwanak-gu, Seoul, Korea (an address)” included in the registration information may correspond to respective information elements.
  • the registration information is assigned I(X).
  • “I” means registration information
  • “X” means an information element included in the registration information “I”.
  • a “segment” means each of fragmented pieces when each information element is fragmented in accordance with a specific rule as described above.
  • the full name “Hong Gil-dong” may be divided into a “Hong” segment and a “Gil-dong” segment.
  • the resident registration number “550101-1177xxx” may be divided into a “550101” segment and a “1177xxx” segment.
  • the address “xx Street, Sillim-dong, Gwanak-gu, Seoul, Korea” may be divided into a “Seoul” segment, a “Gwanak-gu” segment, a “Sillim-dong” segment, and a “xxx Street” segment.
  • the telephone number “888-8888” may be divided into an “888” segment and an “8888” segment.
  • the information elements divided as described above are stored in different tables between which a relationship has not been established within a database.
  • the information element is stored in the table along with each key value calculated from previously allocated customer information using a specific formula.
  • Each key value is calculated using a different formula for each information element, thereby further increasing security.
  • the information element is stored under a specific parameter name, and the key value is stored under a specific index number. In this step, both an information element of registration information and a key value associated with the information element are stored in a table of a database.
  • a table preferably may be given a name that is to a maximum extent not related to information stored in the table so that contents stored in the table are unable to be reasoned from the name.
  • a parameter preferably may be given a name that is to a maximum extent not related to the contents of the parameter so that the meaning of the stored parameter (i.e., an information element) is unable to be reasoned from the name.
  • fake (or false) records may be randomly mixed with and put in the records of data tables (i.e., tables between which a relationship has not been established and that are fragmented).
  • a management program searches for information elements fragmented into and stored in respective tables and fetches the retrieved information elements. Furthermore, when registering information elements, the management program fetches a key value stored under the index number of each information element and calculates a customer number by performing inverse operation on the key value using a specific formula that is used when the information element is registered. The management program searches for all information elements corresponding to the customer number, combines all the information elements, and outputs the combined information elements as a result of the query.
  • Information is fragmented (divided) to a maximum extent, and pieces of fragmented information are stored in different tables between which a relationship has not been established.
  • a key value is a random number not a serial number and is generated using encryption or check digits.
  • a decoding program independent from the encoding program is used.
  • the decoding program integrates and controls the production and query of information in order to block (or prevent) an information spill attempt by an internal user not having rights or having invalid rights.
  • the hacker is unable to recover private information (including biomass data, such as a fingerprint, the iris, and a facial shape) using only the table.
  • private information including biomass data, such as a fingerprint, the iris, and a facial shape
  • an application server or an application attempted to prevent the use of private information.
  • private information is checked and used at many places of the application, the time when control is performed or a place that needs to be controlled may be missed when the application is updated, and great expense (e.g., separate equipment and a separate program) is required to control the use of the private information.
  • access to private information by an intruder who does not have rights or who has invalid rights can be fundamentally blocked because a program configured to decode the private information controls and manages such pieces of private information synthetically and systematically.
  • a first step the hacker needs to hack a private information coding program written in obfuscated code that is not easy to decompile and to check a private information table name included in the private information coding program through decompiling
  • a third step the hacker connects a decoding program to tables fetched from the database and produces private information.
  • a hacker will not produce private information by collecting only tables of a database in accordance with an embodiment of the present invention. If a security manager detects an attempt of hacker, he can change the encoding or check digit rules in obfuscated code. Periodic changing of the rule and updating the data tables of private data are recommended.
  • FIG. 1 is a diagram illustrating a configuration for private information storage and query using a conventional relationship database
  • FIG. 2 is an exemplary diagram illustrating two types of private information stored in a DB table in a conventional method
  • FIG. 3 is a configuration illustrating a basic concept of private information storage (or registration) and use (or query) in accordance with an embodiment of the present invention
  • FIG. 4 is a flowchart illustrating a process performed when information is registered
  • FIG. 5a illustrates tables in which registration information is stored and parameter names
  • FIG. 5b illustrates a concept of segmenting a fingerprint image
  • FIG. 6 is a flowchart illustrating a process is performed when information is queried.
  • FIG. 3 is a diagram illustrating a basic concept of the present invention.
  • the exposure of information through an application server is prepared for by encoding and decoding information separately using a process of registering information and a process of using (or querying) information.
  • a registration information production module 30 reproduces (i.e., encodes) the input information in the form of information for registration and stores the reproduced (or encoded) information in a database 40.
  • private information e.g., a name, a resident registration number, an address, a telephone number, and biomass data, such as a fingerprint or the iris
  • a registration information production module 30 reproduces (i.e., encodes) the input information in the form of information for registration and stores the reproduced (or encoded) information in a database 40.
  • the private information is fragmented into some segments.
  • Specific fake (or false) information not related to the private information is generated and inserted into each of the segments.
  • the private information into which the fake (or false) information has been inserted as described above is stored in the database 40.
  • the registration information production module writes the input information in the form of a program that cannot be decompiled. Furthermore, any private information table stored in the database has no relationship set up, and such fake (or false) information is included in each table. Accordingly, a hacker is unable to assemble pieces of private information.
  • a query information production module 70 fetches information about a related table from the database 40, reproduces (i.e., decodes) the fetched information, and provides the reproduced (or decoded) information to the information user 50.
  • the query information production module 70 writes the fetched information in the form of a program that is unable to be decompiled.
  • the application 20, 60 is not a problem in the present system although the application is easily decompiled because it is based on a web.
  • a private information conversion rule including biomass data may be regularly changed and stored again. Furthermore, security can be further enhanced because a fake (or false) information production module is separately managed. The spill of private information can be prevented and blocked by always monitoring only a query program generally. Furthermore, if a symptom of hacking occurs, a private information storage rule is changed and stored again.
  • FIG. 4 is a flowchart illustrating a process performed when information is registered.
  • the process of FIG. 4 has been illustrated as being performed by a management program automated within a management system, but the prevent invention is not limited thereto.
  • the process may be performed by an application installed on a client terminal other than the management system or may be performedbasedonaweborinathirdpartysystem.
  • a person who registers registration information inputs registration information I(X) and requests the registration information I(X) to be registered at step 100.
  • the person may input the name, resident registration number, address, and telephone number of a customer, that is, registration information and biomass data of a customer, on a screen of a specific application.
  • a customer number corresponding to the customer is automatically generated in the form of random numbers and is allocated to the input registration information I(X) at step 200.
  • the customer number should not be generated in the form of a serial number as in the prior art, but must be randomly generated.
  • each information element X is fragmented into segments X1, X2, ..., Xn in accordance with a specific rule at step 300.
  • content that forms information elements such as a name, a resident registration number, an address, and a telephone number, is fragmented into the segments.
  • segments are generated by fragmenting an image of a fingerprint into a plurality of regions with diversity of shapes as illustrated in FIG. 5b.
  • the separated data is stored with fake data in different tables without relations.
  • biomass data may be separated according to a specific rule not different shapes and stored in different data tables without relations. Any sequence does not appear in the data tables.
  • each of the segments X1, X2, ..., Xn is stored under the parameter name var of each table that has been previously allocated to each segment at step 500.
  • a table in which a segment will be stored is determined. For example, a “Family Name” segment may have been determined to be stored in a “youngsu and chulee” table, a “Given Name” segment may have been determined to be stored in a “seoul soedae” table, a “Former Digits of Resident Registration Number” segment may have been determined to be stored in a “jarzak” table, and a “Latter Digits of Resident Registration Number” segment may have been determined to be stored in a “yeonpil_ball” table. It may be seen that each of the tables has been given a quite different name from which the contents of an information element segment stored in each table are unable to be reasoned.
  • the key values (i.e., fake (or false) information) K1, K2, ..., Kn of the respective segments are calculated using a customer number, allocated to the registration information at step 200, at step 400.
  • the key values may be calculated using the customer number in accordance with various methods. In order to maximize the effects of the present invention, a complicated formula that may not be predicted may be used.
  • a value calculated by substituting a specific numerical value in accordance with a specific calculation formula for the customer number randomly generated at step 200 may be used as a key value of a corresponding information element within a corresponding table. For example, assuming that a customer number is 376543 and a formula is [(customer numberx3)-7]/1.346, it results in 839243.6849925705. In order to further enhance security, a value of specific digits down to some places of the decimals in the numbers, for example, 6849925 may be determined to be a key value.
  • the index number may be calculated as follows. Specific numbers may be assigned to each family name, may be converted into number information in accordance with a specific formula, and may be determined to be a key value. For example, if a family name is “Kim”, a key value may be produced by assigning specific numbers “49763” to the family name and then inputting the specific numbers to a predetermined formula.
  • a method of determining a key value may be differently applied to each segment. It is recommended to change the key generating rule regularly and to update table data. In such a case, a decompiling possibility by a hacker can be further reduced.
  • the calculated key values are stored under the index numbers (Idx) of the respective segments at step 500. From FIG. 4, it may be seen that the segment X1 is stored under the parameter var1 of a table 1 and the key value K1 of the segment X1 is stored under the index Idx1.
  • FIG. 5a is a table structure illustrating a summary of the aforementioned contents.
  • a “Family Name” segment is stored in a “youngsu and chulee” table 51
  • a “Given Name” segment is stored in a “seoul soedae” table 52
  • a “Former Digits of Resident Registration Number” segment is stored in a “jarzak” table 53
  • a “Latter Digits of Resident Registration Number” segment is stored in a “yeonpil_ball” table 54.
  • the key values K1 to K4 are stored in the index numbers of the respective tables 51 to 54, and specific corresponding segments (i.e., a family name, a given name, and the former and latter digits of a resident registration number) are stored in the respective parameter names "youngsu”, “chhulee”, “busan”, and "pen” of the tables.
  • a key value that is, the index number of each table, may be set as a unique check digit. Furthermore, a primary key to which the check digit has been applied is separately stored.
  • the check digit is one of schemes for internally controlling information.
  • the easiest check digit may include a resident registration number and UPC (so-called barcode).
  • the final digit of the 13 digits of a resident registration number is filled with the remainder obtained by dividing a combination of 12 digits by a specific number (e.g., 11).
  • a variety of complicated check digit methods e.g., a mathematical method, such as log transform
  • Such methods may be used in the present invention. That is, a check digit is used to determine whether private information is false or not. In this case, information is unable to be produced by combining some tables if the principle that key values are configured is not checked although the tables are hacked.
  • Steps 300, 400, and 500 are applied to all the information elements of the registration information in the same manner. For example, such steps may be applied to an address, an ID, a telephone number, and an account number subsequent to the name and resident registration number of a specific person, and the results may be stored in and registered with corresponding tables.
  • FIG. 6 is a flowchart illustrating a process performed when registered information is used (or queried).
  • a management program fragments an information element X that forms the information into segments X1, X2, ..., Xn at step 700.
  • the name “Hong Gil-dong” may be divided into “Hong” and “Gil-dong”.
  • FIG. 6 illustrates an example in which the information is queried in the form of a description, and the method of FIG. 6 may also be applied to a resident registration number or a telephone number.
  • the management program searches corresponding tables for the fragmented segments X1, X2, ..., Xn of the information element at step 800.
  • the management program searches the “youngsu and chulee” table for “Hong” and searches the “seoul soedae” table for “Gil-dong”.
  • the management program reads the key value of each segment stored under the index number of each table and performs inverse operation on the read key value in accordance with a specific formula at step 900. That is, the management program previously stores the key value calculation formula of each segment used when information is registered and calculates a customer number assigned when the information is registered by substituting the key value calculation formula at step 1000 for the key value.
  • the management program After extracting all the information elements matched with the customer number at step 1100, the management program produces information by combining the extracted information elements and outputs the produced information as the final results at step 1200.

Abstract

Disclosed herein are a private information registration method and apparatus for fundamentally blocking a conventional danger of private information spill. In the present invention, an information element of private information to be registered (i.e., registration information) is fragmented into segments to a maximum extent, and the segments are stored in different tables in accordance with a specific method. The information element may be fragmented in the segments in accordance with various criteria. It is advantageous to achieve the object of the present invention if the information element is fragmented into a plurality of small segments to a maximum extent.

Description

METHOD FOR CONTROLLING INFORMATION REGISTRATION AND QUERY FOR PROTECTING PRIVATE INFORMATION
The present invention relates to a method for registering and managing information, which is capable of preventing a hacker from recovering private information using only a table although the hacker invades a database and steals the table including information, and of systematically controlling persons who intend to check private information.
In Korea, resident registration numbers have been conveniently used in business, such as government's administration service, transaction using financial institutions, etc. The resident registration number has been coded in only several digits so that date of birth and sex of a corresponding person can be easily checked. Accordingly, a person who tries to make bad use of a resident registration number may use the resident registration number for illegal purposes if he or she has only to additionally obtain some pieces of external information. Such a problem is not inherent in only the resident registration number. For example, a person who is engaged in a financial institution may easily check a corresponding bank and a corresponding branch office of a corresponding area based on only numbers written in an account number used in a financial institution. The reason for this is that the account number is assigned according to a systematic rule.
Prior to modern information society, resident registration numbers, account numbers, and employee identification numbers were needed to be determined in accordance with specific rules and systems because a person might easily process business only when he or she was able to manually check the characteristics and/or systems of the numbers. At the present time, that is, in the information age, such regular and systematic numbers are no longer required. The reason for this is that an information system, such as a computer, has only to read a corresponding number and provide only required information to a person who requires the information.
FIG. 1 is a diagram illustrating a configuration for private information storage and query using a conventional relationship database. In the relationship database, the remaining pieces of information are exposed if any piece of information is exposed because a relationship has been established between DB tables. Furthermore, it is difficult to monitor information spill from the relationship database because each of applications for queries is included in each process in an application module form. If a specific process is modified but the modified process is not associated with the monitoring transaction log, a danger that information spill may not be detected or prevented is increased. In general, information exposure needs to be detected or prevented in advance because it is generated when private information is downloaded in a lump. In this case, the above application is a program that may be easily decompiled, such as Java.
In a conventional method, such as that of FIG. 1, private information stored in DB tables has forms illustrated in FIGS. 2(a) and 2(b). FIG. 2(a) illustrates an example in which all pieces of private information, such as names, resident registration numbers, addresses, telephone numbers, account numbers, IDs, passwords, and biometric information are stored in a single table in a lump. FIG. 2(b) illustrates an example in which the type of parameter is sorted under the concept of a relationship database and parameters, such as a name, a resident registration number, an address, a telephone number, an account number, an ID, a password, and biometric information are stored in different tables according to the parameters.
A danger of private information spill is not reduced although pieces of private information are sorted and stored in different tables of a relationship database as in FIG. 2(b) as well as in FIG. 2(a). If a hacker invades the database and steals a table from the database, the hacker may steal all pieces of private information through a relationship established between data included in the table. Furthermore, although the database is encrypted, a danger of information spill still remains because a hacker s ability to decrypt a password is being advanced.
In this case, the private information is a concept that includes a variety of types of biomass data (e.g., a fingerprint, the iris, a gene, the lines of the palm, a face (or a facial shape), veinprint, lips wrinkles, and voice) in addition to information, such as numerical and alphabetical information and symbols. For example, a fingerprint may be stored in an image form and used, or an image of a fingerprint may be digitalized or a relationship between the image of the fingerprint and a table in which resident registration numbers and names are stored may be set up and used. Such personal biomass data cannot be changed in lifetime. Once the biomass data is spilled, a corresponding person may not use his or her biomass data in lifetime. If a database itself in which biomass data is stored is spilled, a serious and national disturbance including various crimes may occur. Although biomass data has been encrypted, it is only a matter of time before a hacker decrypts the biomass data if such a database itself is hacked.
Some types of prior arts related to various conventional methods for protecting private information are introduced below.
In Korean Patent No. 10-1220992 entitled System for Management of Client Address Information in the Electronic Commerce and Method Thereof , the system receives information about the detailed address of a customer from a customer s terminal connected to the system through the Internet, generates a unique address number corresponding to the received information, and stores and manages the generated unique address number and the corresponding detailed address information in separated databases, thereby effectively preventing information about the detailed address of a customer from being easily spilled externally due to a hacker or a malicious program.
Korean Patent Application Publication No. 10-2013-0049623 entitled "Data Distribution Store System and Method Thereof" discloses a data distribution store system and method in which the original data is distributed and stored in a plurality of nodes and is also encrypted and stored, thereby increasing availability and security.
Korean Patent No. 10-0788278 entitled "Data Storing System and Method for De-identification of Information" discloses a data storing system and method for separating information to be stored into ID data, that is, header information that is a basis for confirming an identity, and PD data, that is, body information other than the ID data and storing the ID data and the PD data, for the anonymity of information.
An object of the present invention is to provide a method of controlling the registration and query of private information, which is capable of fundamentally blocking a conventional danger of private information spill from the outside and previously controlling a private information spill attempt by an internal user.
In accordance with an embodiment of the present invention, a unique customer number is assigned to private information to be registered (i.e., registration information). The customer number is automatically generated as a random number and is uniquely designated to each piece of private information. Furthermore, the information elements of all pieces of registration information are fragmented to a maximum extent. For example, a full name may be divided into a family name and a given name, a resident registration number or a social security number may be divided into former digits and latter digits, a telephone number may be divided into dialing code and latter digit numbers, and an ID and a password may be divided based on a proper (or specific) boundary. Biometric information may be divided into several segments with various shapes. Each of the information elements may be divided in accordance with various criteria. It will be advantageous to achieve the object of the present invention if an information element is fragmented into a plurality of small segments to a maximum extent.
Terms used herein are described below. “Registration information” means private information to be registered or already registered private information. Such registration information includes a plurality of “information elements”. For example, assuming that [Hong Gil-dong, 888-8888, 550101-1177xxx, xx Street, Sillim-dong, Gwanak-gu, Seoul, Korea] is registration information, “Hong Gil-dong (a full name)”, “888-8888 (a telephone number)”, “550101-1177xxx (a resident registration number)”, and “xx Street, Sillim-dong, Gwanak-gu, Seoul, Korea (an address)” included in the registration information may correspond to respective information elements. In this specification, the registration information is assigned I(X). In this case, “I” means registration information, and “X” means an information element included in the registration information “I”. Furthermore, a “segment” means each of fragmented pieces when each information element is fragmented in accordance with a specific rule as described above. For example, the full name “Hong Gil-dong” may be divided into a “Hong” segment and a “Gil-dong” segment. The resident registration number “550101-1177xxx” may be divided into a “550101” segment and a “1177xxx” segment. The address “xx Street, Sillim-dong, Gwanak-gu, Seoul, Korea” may be divided into a “Seoul” segment, a “Gwanak-gu” segment, a “Sillim-dong” segment, and a “xxx Street” segment. The telephone number “888-8888” may be divided into an “888” segment and an “8888” segment.
The information elements divided as described above are stored in different tables between which a relationship has not been established within a database. When an information element is stored in a table, the information element is stored in the table along with each key value calculated from previously allocated customer information using a specific formula. Each key value is calculated using a different formula for each information element, thereby further increasing security. The information element is stored under a specific parameter name, and the key value is stored under a specific index number. In this step, both an information element of registration information and a key value associated with the information element are stored in a table of a database.
A relationship between tables is not established and also does not need to be established. Furthermore, a table preferably may be given a name that is to a maximum extent not related to information stored in the table so that contents stored in the table are unable to be reasoned from the name. Likewise, a parameter preferably may be given a name that is to a maximum extent not related to the contents of the parameter so that the meaning of the stored parameter (i.e., an information element) is unable to be reasoned from the name.
Furthermore, in order to further reduce a possibility of hacking, fake (or false) records may be randomly mixed with and put in the records of data tables (i.e., tables between which a relationship has not been established and that are fragmented).
All the segments of all the information elements of registration information are stored as described above.
When a query for confirming private information is received, a management program searches for information elements fragmented into and stored in respective tables and fetches the retrieved information elements. Furthermore, when registering information elements, the management program fetches a key value stored under the index number of each information element and calculates a customer number by performing inverse operation on the key value using a specific formula that is used when the information element is registered. The management program searches for all information elements corresponding to the customer number, combines all the information elements, and outputs the combined information elements as a result of the query.
(1) Information is fragmented (divided) to a maximum extent, and pieces of fragmented information are stored in different tables between which a relationship has not been established. A key value is a random number not a serial number and is generated using encryption or check digits.
(2) An encoding program written in obfuscated code and configured to small fragment encodes information and distributes the pieces of fragmented and encoded information into tables when registering the information. When a user needs the information, a decoding program independent from the encoding program is used.
- The hacking of an external intruder can be emasculated through the two items.
(3) The decoding program integrates and controls the production and query of information in order to block (or prevent) an information spill attempt by an internal user not having rights or having invalid rights.
Although the technical spirit of the present invention has been described above, a detailed configuration and operation of the present invention will become evident from the detailed description given in conjunction with the accompanying drawings.
In accordance with the present invention, although a hacker invades a database and steals a table, the hacker is unable to recover private information (including biomass data, such as a fingerprint, the iris, and a facial shape) using only the table. Furthermore, when an internal user tries to spill private information, the spill of the private information can be fundamentally blocked in a step of generating the private information. In the past system, an application server (or an application) attempted to prevent the use of private information. In this case, since private information is checked and used at many places of the application, the time when control is performed or a place that needs to be controlled may be missed when the application is updated, and great expense (e.g., separate equipment and a separate program) is required to control the use of the private information. In accordance with the present invention, access to private information by an intruder who does not have rights or who has invalid rights can be fundamentally blocked because a program configured to decode the private information controls and manages such pieces of private information synthetically and systematically.
If a hacker wants to obtain private information, he or she will have to experience the following steps.
(1) A first step: the hacker needs to hack a private information coding program written in obfuscated code that is not easy to decompile and to check a private information table name included in the private information coding program through decompiling
(2) A second step: the hacker has to secure required tables by hacking a database
(3) A third step: the hacker connects a decoding program to tables fetched from the database and produces private information.
A hacker will not produce private information by collecting only tables of a database in accordance with an embodiment of the present invention. If a security manager detects an attempt of hacker, he can change the encoding or check digit rules in obfuscated code. Periodic changing of the rule and updating the data tables of private data are recommended.
FIG. 1 is a diagram illustrating a configuration for private information storage and query using a conventional relationship database;
FIG. 2 is an exemplary diagram illustrating two types of private information stored in a DB table in a conventional method;
FIG. 3 is a configuration illustrating a basic concept of private information storage (or registration) and use (or query) in accordance with an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a process performed when information is registered;
FIG. 5a illustrates tables in which registration information is stored and parameter names;
FIG. 5b illustrates a concept of segmenting a fingerprint image; and
FIG. 6 is a flowchart illustrating a process is performed when information is queried.
FIG. 3 is a diagram illustrating a basic concept of the present invention.
The exposure of information through an application server is prepared for by encoding and decoding information separately using a process of registering information and a process of using (or querying) information.
When an information registrant 10 inputs private information (e.g., a name, a resident registration number, an address, a telephone number, and biomass data, such as a fingerprint or the iris) using an information registration application 20, a registration information production module 30 reproduces (i.e., encodes) the input information in the form of information for registration and stores the reproduced (or encoded) information in a database 40. In this case, when the input information is reproduced into the registration information, the private information is fragmented into some segments. Specific fake (or false) information not related to the private information is generated and inserted into each of the segments. The private information into which the fake (or false) information has been inserted as described above is stored in the database 40. In this case, the registration information production module writes the input information in the form of a program that cannot be decompiled. Furthermore, any private information table stored in the database has no relationship set up, and such fake (or false) information is included in each table. Accordingly, a hacker is unable to assemble pieces of private information.
When an information user 50 requests information query, by using an information use application 60, a query information production module 70 fetches information about a related table from the database 40, reproduces (i.e., decodes) the fetched information, and provides the reproduced (or decoded) information to the information user 50. In this case, the query information production module 70 writes the fetched information in the form of a program that is unable to be decompiled. Furthermore, the application 20, 60 is not a problem in the present system although the application is easily decompiled because it is based on a web.
In order to enhance security in producing registration information for such private information, a private information conversion rule including biomass data may be regularly changed and stored again. Furthermore, security can be further enhanced because a fake (or false) information production module is separately managed. The spill of private information can be prevented and blocked by always monitoring only a query program generally. Furthermore, if a symptom of hacking occurs, a private information storage rule is changed and stored again.
FIG. 4 is a flowchart illustrating a process performed when information is registered. The process of FIG. 4 has been illustrated as being performed by a management program automated within a management system, but the prevent invention is not limited thereto. For example, the process may be performed by an application installed on a client terminal other than the management system or may be performedbasedonaweborinathirdpartysystem.
Referring to FIG. 4, a person who registers registration information (e.g., a person responsible for customer care) inputs registration information I(X) and requests the registration information I(X) to be registered at step 100. For example, the person may input the name, resident registration number, address, and telephone number of a customer, that is, registration information and biomass data of a customer, on a screen of a specific application.
In this case, a customer number corresponding to the customer is automatically generated in the form of random numbers and is allocated to the input registration information I(X) at step 200. The customer number should not be generated in the form of a serial number as in the prior art, but must be randomly generated.
Thereafter, each information element X is fragmented into segments X1, X2, …, Xn in accordance with a specific rule at step 300. For example, content that forms information elements, such as a name, a resident registration number, an address, and a telephone number, is fragmented into the segments. In the case of biomass data, for example of a fingerprint, segments are generated by fragmenting an image of a fingerprint into a plurality of regions with diversity of shapes as illustrated in FIG. 5b. And the separated data is stored with fake data in different tables without relations. Very simplistically, biomass data may be separated according to a specific rule not different shapes and stored in different data tables without relations. Any sequence does not appear in the data tables.
Furthermore, each of the segments X1, X2, …, Xn is stored under the parameter name var of each table that has been previously allocated to each segment at step 500. A table in which a segment will be stored is determined. For example, a “Family Name” segment may have been determined to be stored in a “youngsu and chulee” table, a “Given Name” segment may have been determined to be stored in a “seoul soedae” table, a “Former Digits of Resident Registration Number” segment may have been determined to be stored in a “jarzak” table, and a “Latter Digits of Resident Registration Number” segment may have been determined to be stored in a “yeonpil_ball” table. It may be seen that each of the tables has been given a quite different name from which the contents of an information element segment stored in each table are unable to be reasoned.
Before the segments X1, X2, …, Xn are stored in the tables, the key values (i.e., fake (or false) information) K1, K2, …, Kn of the respective segments are calculated using a customer number, allocated to the registration information at step 200, at step 400. The key values may be calculated using the customer number in accordance with various methods. In order to maximize the effects of the present invention, a complicated formula that may not be predicted may be used.
For example, a value calculated by substituting a specific numerical value in accordance with a specific calculation formula for the customer number randomly generated at step 200 may be used as a key value of a corresponding information element within a corresponding table. For example, assuming that a customer number is 376543 and a formula is [(customer numberx3)-7]/1.346, it results in 839243.6849925705. In order to further enhance security, a value of specific digits down to some places of the decimals in the numbers, for example, 6849925 may be determined to be a key value.
For another example, the index number may be calculated as follows. Specific numbers may be assigned to each family name, may be converted into number information in accordance with a specific formula, and may be determined to be a key value. For example, if a family name is “Kim”, a key value may be produced by assigning specific numbers “49763” to the family name and then inputting the specific numbers to a predetermined formula.
A method of determining a key value may be differently applied to each segment. It is recommended to change the key generating rule regularly and to update table data. In such a case, a decompiling possibility by a hacker can be further reduced.
The calculated key values are stored under the index numbers (Idx) of the respective segments at step 500. From FIG. 4, it may be seen that the segment X1 is stored under the parameter var1 of a table 1 and the key value K1 of the segment X1 is stored under the index Idx1.
FIG. 5a is a table structure illustrating a summary of the aforementioned contents. Referring to FIG. 5, a “Family Name” segment is stored in a “youngsu and chulee” table 51, a “Given Name” segment is stored in a “seoul soedae” table 52, a “Former Digits of Resident Registration Number” segment is stored in a “jarzak” table 53, and a “Latter Digits of Resident Registration Number” segment is stored in a “yeonpil_ball” table 54.
The key values K1 to K4 are stored in the index numbers of the respective tables 51 to 54, and specific corresponding segments (i.e., a family name, a given name, and the former and latter digits of a resident registration number) are stored in the respective parameter names "youngsu", "chhulee", "busan", and "pen" of the tables.
In another embodiment, a key value, that is, the index number of each table, may be set as a unique check digit. Furthermore, a primary key to which the check digit has been applied is separately stored.
The check digit is one of schemes for internally controlling information. For example, the easiest check digit may include a resident registration number and UPC (so-called barcode). The final digit of the 13 digits of a resident registration number is filled with the remainder obtained by dividing a combination of 12 digits by a specific number (e.g., 11). A variety of complicated check digit methods (e.g., a mathematical method, such as log transform) that are difficult to decompile are practically used. Such methods may be used in the present invention. That is, a check digit is used to determine whether private information is false or not. In this case, information is unable to be produced by combining some tables if the principle that key values are configured is not checked although the tables are hacked.
Steps 300, 400, and 500 are applied to all the information elements of the registration information in the same manner. For example, such steps may be applied to an address, an ID, a telephone number, and an account number subsequent to the name and resident registration number of a specific person, and the results may be stored in and registered with corresponding tables.
FIG. 6 is a flowchart illustrating a process performed when registered information is used (or queried).
When a query questioner (e.g., a customer credit appraiser or a social worker) queries information in a name called Hong Gil-dong at step 600, a management program fragments an information element X that forms the information into segments X1, X2, …, Xn at step 700. In this case, the name “Hong Gil-dong” may be divided into “Hong” and “Gil-dong”. FIG. 6 illustrates an example in which the information is queried in the form of a description, and the method of FIG. 6 may also be applied to a resident registration number or a telephone number.
The management program searches corresponding tables for the fragmented segments X1, X2, …, Xn of the information element at step 800. In this case, the management program searches the “youngsu and chulee” table for “Hong” and searches the “seoul soedae” table for “Gil-dong”. Furthermore, the management program reads the key value of each segment stored under the index number of each table and performs inverse operation on the read key value in accordance with a specific formula at step 900. That is, the management program previously stores the key value calculation formula of each segment used when information is registered and calculates a customer number assigned when the information is registered by substituting the key value calculation formula at step 1000 for the key value.
After extracting all the information elements matched with the customer number at step 1100, the management program produces information by combining the extracted information elements and outputs the produced information as the final results at step 1200.

Claims (13)

  1. An information registration method for protecting private information, comprising:
    fragmenting an information element of registration information into two or more segments;
    calculating a key value, associated with each of the segments, from assigned customer information; and
    storing each of the segments of the fragmented information element in each of predetermined tables having a relationship not set up between the tables within a database along with the key value.
  2. The information registration method of claim 1, further comprising assigning a customer number that is a unique random number to the private information before fragmenting the information element of the registration information into the two or more segments,
    wherein when storing each of the segments in the table, the segment is stored under a predetermined variable name, and the key value of the segment is stored under a predetermined index number.
  3. The information registration method of claim 1, wherein the key value is calculated by substituting a formula, predetermined with respective to the segment, for the customer number.
  4. The information registration method of claim 1, wherein the key value is different for each of the segments of the information element.
  5. The information registration method of claim 1, wherein a fake (or false) record is randomly included in records of the table.
  6. A method of controlling queries of registration information registered using an information registration method of claims 1 to 4, the method comprising:
    when a query about the registration information using an information element stored in a table having a relationship not established within a database as a query word is received, fragmenting the information element into segments and searching a predetermined table for each of the segments;
    reading a key value of each segment stored under an index number of each table and calculating a customer number, assigned to the registration information when the registration information is registered, from the read key value;
    extracting all information elements matched with the customer number; and
    producing information by combining the extracted information elements and outputting the produced information as a result of the query.
  7. The method of claim 5, wherein the customer number is calculated by substituting a predetermined formula of claim 2 for the key value and performing inverse operation.
  8. An information registration and query method for protecting private information, comprising:
    fragmenting an information element of registration information into two or more segments;
    calculating a key value, associated with each of the segments, from assigned customer information;
    storing each of the segments of the fragmented information element in each of predetermined tables having a relationship not set up between the tables in a database along with the key value;
    when a query about the registration information using the information element stored in the table as a query word is received in order to query the registration information, fragmenting the information element into segments and searching a predetermined table for each of the segments;
    reading a key value of each segment stored under an index number of each table and calculating a customer number, assigned to the registration information when the registration information is registered, from the read key value;
    extracting all information elements matched with the customer number; and
    producing information by combining the extracted information elements and outputting the produced information as a result of the query.
  9. The information registration and query method of claim 8, further comprising assigning a customer number that is a unique random number to the private information before fragmenting the information element of the registration information into the two or more segments,
    wherein when storing each of the segments in the table, the segment is stored under a predetermined variable name, and the key value of the segment is stored under a predetermined index number.
  10. The information registration and query method of claim 8, wherein, in calculating a key value, the key value is calculated by substituting a formula, predetermined with respective to the segment, for the customer number.
  11. The information registration and query method of claim 8, wherein the key value is different for each of the segments of the information element.
  12. The information registration and query method of claim 8, wherein a fake (or false) record is randomly included in records of the table.
  13. The information registration and query method of claim 8, wherein in a process of performing inverse operation on the customer number, the customer number is calculated by substituting a predetermined formula of claim 2 for the key value and performing the inverse operation.
PCT/KR2014/012525 2014-05-28 2014-12-18 Method for controlling information registration and query for protecting private information WO2015182842A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20140064119 2014-05-28
KR10-2014-0064119 2014-05-28
KR1020140144151A KR20150136975A (en) 2014-05-28 2014-10-23 Information registration and query control method for the protection of private information
KR10-2014-0144151 2014-10-23

Publications (1)

Publication Number Publication Date
WO2015182842A1 true WO2015182842A1 (en) 2015-12-03

Family

ID=54699144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2014/012525 WO2015182842A1 (en) 2014-05-28 2014-12-18 Method for controlling information registration and query for protecting private information

Country Status (1)

Country Link
WO (1) WO2015182842A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6148342A (en) * 1998-01-27 2000-11-14 Ho; Andrew P. Secure database management system for confidential records using separately encrypted identifier and access request
US6253203B1 (en) * 1998-10-02 2001-06-26 Ncr Corporation Privacy-enhanced database
KR20100138291A (en) * 2009-06-25 2010-12-31 오은정 Individual information conversion method, system and service test method using the same
US20120163592A1 (en) * 2006-11-07 2012-06-28 Security First Corp. Systems and methods for distributing and securing data
US8626749B1 (en) * 2010-04-21 2014-01-07 Stan Trepetin System and method of analyzing encrypted data in a database in near real-time

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6148342A (en) * 1998-01-27 2000-11-14 Ho; Andrew P. Secure database management system for confidential records using separately encrypted identifier and access request
US6253203B1 (en) * 1998-10-02 2001-06-26 Ncr Corporation Privacy-enhanced database
US20120163592A1 (en) * 2006-11-07 2012-06-28 Security First Corp. Systems and methods for distributing and securing data
KR20100138291A (en) * 2009-06-25 2010-12-31 오은정 Individual information conversion method, system and service test method using the same
US8626749B1 (en) * 2010-04-21 2014-01-07 Stan Trepetin System and method of analyzing encrypted data in a database in near real-time

Similar Documents

Publication Publication Date Title
US11811927B2 (en) Confidential command, control, and communication center
US10530754B2 (en) Publicly readable blockchain registry of personally identifiable information breaches
KR102180508B1 (en) Secure transmission of sensitive data
US20100115591A1 (en) Method and system for authenticating users with optical code tokens
CN108134791A (en) A kind of data center's total management system login validation method
US20120173563A1 (en) Tokenization of multiple-field records
US20060265328A1 (en) Electronic information management system
CN106572076A (en) Web service access method, client side and server side
CN105512523B (en) The digital watermark embedding and extracting method of a kind of anonymization
US20050102291A1 (en) Apparatus and method providing distributed access point authentication and access control with validation feedback
CN106550357A (en) A kind of note method for managing security, device and terminal
WO2015182842A1 (en) Method for controlling information registration and query for protecting private information
CN1856782B (en) The method of safe certification service
Yao et al. Privacy information antistealing control method of medical system based on cloud computing
US7853581B2 (en) Data processing system for the processing of object data
Hariharasudan et al. A Review on Blockchain Based Identity Management System
JP2004355056A (en) Authentication system
KR20170018882A (en) Information registration and query control method for the protection of private information
KR102503471B1 (en) Service server capable of performing internet access management services according to grades and the operating method thereof
Chao et al. A secure identification access control scheme for accessing healthcare information systems
JPH11282670A (en) Network system utilizing computer individual identification information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14893279

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14893279

Country of ref document: EP

Kind code of ref document: A1