KR102125848B1 - Method for controling physical security using mac address and system thereof - Google Patents

Abstract

One embodiment relates to a method and system for physical security control using a MAC address.

Description

METHOD FOR CONTROLING PHYSICAL SECURITY USING MAC ADDRESS AND SYSTEM THEREOF}

The following embodiments relate to a physical security control method and system using a MAC address.

In general, physical security refers to the physical protection of information, people, and facilities, and means security against all physical threats such as unauthorized or unauthorized access management, facility protection from natural disasters, and crime prevention management.

As the wireless infrastructure expands, vulnerabilities to internal and external information management and security increase. As wireless devices evolve, new security threats increase. This is why research and development for security systems are actively conducted.

The security system basically checks whether an accessor entering a specific space is an authorized person, or a user using a specific device is checking whether the person is authorized to use, or a wireless device possessed by an accessor entering a specific space The basic function is to reduce the security risk by checking in real time whether it is authorized equipment.

To this end, the security system must be able to implement various functions, and representative functions include access control to specific spaces and location positioning functions for resources. Particularly, functions related to positioning of an indoor position of an access person are generally used by analyzing data accessed by a mobile device owned by an access person, such as a wireless access point, in connection with the latter. When a mobile device possessed by an accessor transmits a packet signal to a wireless access point or the like, the wireless access point or the like sends a response signal in response to the packet signal, thereby using a principle in which the mobile device is connected to the wireless access point or the like, from the wireless access point or the like. This is a method of analyzing packets received from the mobile device.

However, this existing method is a physical security control method using simple data of an access terminal, and there is a disadvantage that it cannot efficiently respond to increasingly diverse and complex physical security threats.

Accordingly, there is a need for a security control system that can efficiently analyze various information of an accessor and an accessor's terminal and respond effectively to an intruder's physical security intrusion attempt.

The items described in the background art section are written to improve the understanding of the background of the invention, and may include matters that are not known to those skilled in the art to which this technology belongs.

The embodiments below were devised to solve the above-mentioned problems, and an embodiment provides a security control system capable of effectively responding to physical security intrusion attempts by analyzing various information of the accessor and the accessor terminal from various angles. It is aimed at.

The problems to be solved by one embodiment are not limited to the problems mentioned above, and other problems not mentioned will be clearly understood by a person skilled in the art from the following description.

An embodiment includes an operation of receiving access information, access terminal white list, and dangerous terminal information or input from a user; Receiving a MAC address of the access terminal from the MAC address extraction device; Determining an intrusion risk level of an access by analyzing a MAC address of the access terminal by using at least one of the access information, the access terminal white list, and the dangerous terminal information; Generating an intrusion danger warning according to the intrusion danger step of the access person; And outputting the intrusion danger warning to a user or transmitting it to a user terminal, wherein the intrusion danger warning includes at least one of identification information of the accessor, MAC address of the accessor terminal, the intrusion risk step, and a warning message. Physical security control method.

The intrusion risk step determining operation includes: checking whether the MAC address of the access terminal is included in the access terminal white list; Checking whether the MAC address of the access terminal matches the MAC address included in the access information when included in the access terminal white list; And determining the intrusion risk step as the first step or the second step according to the matching.

The step of determining the intrusion risk step may include determining whether the access terminal is a dangerous terminal by using the dangerous terminal information when it is not included in the white list of the access terminal; And determining the intrusion risk step as a third step or a fourth step according to whether the terminal is at risk.

The dangerous terminal checking operation uses the manufacturer identification information included in the MAC address of the access terminal to determine whether the manufacturer of the access terminal is a dangerous manufacturer.

Receiving location information of the access terminal from an access point device; Generating a machine learning model trained to determine abnormal signs of the terminal holder using the location information of the terminal; And inputting the location information of the access terminal into the machine learning model, analyzing the abnormal signs of the access, and generating abnormal sign detection information of the access, wherein the intrusion risk warning generation operation includes the access abnormality The intrusion danger warning including the symptom detection information is generated, and the anomaly detection information includes at least one of identification information of the entrant, an abnormal symptom danger step, and a warning message.

One embodiment is configured to control the communication unit or the user interface unit to receive access information, access terminal white list, and dangerous terminal information or to receive input from a user, and control the communication unit to control the communication unit, the MAC address of the access terminal from the MAC address extraction device (Mac Address ) Is configured to receive; A mac address analysis unit configured to analyze a MAC address of the access terminal by using at least one of the access information, the access terminal white list, and the dangerous terminal information to determine an intrusion risk level of the access; And an intrusion danger warning generating unit configured to generate an intrusion danger warning according to the intruder danger step, wherein the intrusion danger warning includes identification information of the access person, MAC address of the access terminal, and the intrusion risk step and warning message. It provides a physical security control device comprising at least one of the.

According to one embodiment as described above, it is possible to provide a security system capable of efficiently responding to an attempt of physical security intrusion by an accessor by analyzing various information of the accessor and the accessor terminal from various angles.

The effects of one embodiment are not limited to the effects mentioned above, and other effects not mentioned will be clearly understood by those skilled in the art from the following description.

1 is a diagram showing the configuration of a physical security control system according to an embodiment.
2 is a diagram illustrating a configuration of a physical security control device according to an embodiment.
3 is a diagram showing the configuration of a MAC address according to an embodiment.
4 is a flowchart illustrating a method for storing a white list of an access terminal according to an embodiment.
5 is a flowchart illustrating a method for storing dangerous terminal information according to an embodiment.
6 is a flowchart illustrating a physical security control method according to an embodiment.
7 is a flowchart illustrating a Mac address analysis method according to an embodiment.
8 is a flowchart illustrating an anomaly detection method according to an embodiment.
9 is a diagram showing the configuration of a user terminal according to an embodiment.

Hereinafter, embodiments will be described in detail with reference to the accompanying drawings. The same reference numerals in each drawing denote the same members. Various changes can be made to the embodiments described below. The examples described below are not intended to be limiting with respect to the embodiments, and should be understood to include all modifications, equivalents, or substitutes thereof.

The terms used in the examples are only used to describe specific examples, and are not intended to limit the examples. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this specification, terms such as “include” or “have” are intended to indicate that there are features, numbers, operations, operations, components, parts, or combinations thereof described in the specification, and one or more other features. It should be understood that the existence or addition possibilities of fields or numbers, operations, operations, components, parts or combinations thereof are not excluded in advance.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by a person skilled in the art to which the embodiment belongs. Terms, such as those defined in a commonly used dictionary, should be interpreted as having meanings consistent with meanings in the context of related technologies, and should not be interpreted as ideal or excessively formal meanings unless explicitly defined in the present application. Does not.

In addition, in the description with reference to the accompanying drawings, the same components are given the same reference numerals regardless of the reference numerals, and redundant descriptions thereof will be omitted. In describing the embodiments, when it is determined that detailed descriptions of related well-known technologies may unnecessarily obscure the subject matter of the embodiments, detailed descriptions thereof will be omitted.

1 is a diagram showing the configuration of a physical security control system 10 according to an embodiment.

Referring to FIG. 1, a physical security control system 10 according to an embodiment includes a door management device 11, an access point device 12, a MAC address extraction device 130, a physical security control device 100, and a user It includes a terminal 300.

The door management device 11 recognizes the access card of the access person, and checks whether the access person is allowed to enter the security space. When the access of the accessor is allowed, the door management device 11 opens the door, allowing the accessor to access the security space.

The door management device 11 generates visitor information and transmits it to the physical security control device 100. The access information of an embodiment may include identification information of an access, access time, access location, MAC address of the terminal possessed by the access.

The access point device 12 is wirelessly connected to the access terminal, which is the terminal possessed by the access, to generate location information of the access terminal. The location information of the access terminal of an embodiment may include a current location, a movement line, a movement time, etc. in a security space of the access terminal.

The access point device 12 is composed of a variety of wireless access points (Wireless Access Point), for example, the access point device 12 may be composed of Wi-Fi (Wifi), Bluetooth (Bluetooth) and the like.

The access point device 12 may confirm the location of the access terminal using various surveying techniques. As an example, the access point device 12 may use a triangulation technique to check the location of the access terminal. In this case, the access point device 12 may include at least three wireless access points.

The access point device 12 transmits the location information of the access terminal to the physical security control device 100.

The Mac address extracting device 13 extracts the Mac address of the access terminal. The MAC address is a unique number of the terminal used in the network, and the MAC address of the access terminal can be used as identification information of the access terminal. The configuration of the MAC address will be described in detail in FIG. 3 below.

The MAC address extraction device 13 may extract the Mac address of the access terminal in various ways. In one example, the MAC address extraction device 13 may access the access terminal using the access point device 12 to extract the MAC address of the access terminal.

The MAC address extraction device 13 transmits the MAC address of the access terminal to the physical security control device 100.

The physical security control device 100 receives and stores a white list of an access terminal from a user who is a security administrator. The white list of the access terminal in one embodiment is a MAC address of the access terminal allowed to access the secure space.

The physical security control device 100 receives and stores dangerous terminal information from a user who is a security manager. The dangerous terminal information of one embodiment is terminal information determined to be a dangerous terminal, for example, a terminal manufactured by a specific manufacturer, a terminal having a certain manufacturing date, a terminal equipped with a specific OS, a terminal installed with a specific program, etc. Can.

As another example, the physical security control device 100 may receive an access terminal white list or dangerous terminal information from an external device.

The physical security control device 100 receives the access information from the door management device 11 and the MAC address of the access terminal from the MAC address extraction unit 13. As another example, the physical security control device 100 may receive the user information directly from the user.

The physical security control device 100 analyzes the MAC address of the access terminal using at least one of the access information, the access terminal white list, and the dangerous terminal information, and determines an intrusion risk step of the access.

The physical security control device 100 generates an intrusion risk warning according to the determined intrusion risk step.

The intrusion risk warning of an embodiment is the alert information for each intrusion danger level of the entrant, and the intrusion risk alert may include the identification information of the entrant, the MAC address of the entrant terminal, the intrusion risk level, a warning message, and the like.

The physical security control device 100 receives location information of the access terminal from the access point device 12.

The physical security control device 100 analyzes the abnormal signs of the access by inputting the location information of the access terminal into the machine learning model.

The physical security control device 100 generates an intrusion danger warning including an abnormal sign of the entrant.

The physical security control device 100 outputs an intrusion risk warning to a user through a display device or transmits it to the user terminal 300 as a security manager terminal.

The detailed configuration and function of the physical security control device 100 will be described in detail in FIG. 2 below.

The physical security control device 100 includes, for example, a computer, an Ultra Mobile PC (UMPC), a workstation, a net-book, a PDA (Personal Digital Assistants), a portable computer, and a web tablet. , One of electronic devices such as a wireless phone, a mobile phone, a smart phone, and a portable multimedia player (PMP), all electronic devices capable of installing and executing applications related to an embodiment It may include. The electronic device may perform overall service operations, such as configuration of a service screen, data input, data transmission and reception, and data storage, under the control of an application.

The user terminal 300 is a terminal of the security manager, and outputs an intrusion danger warning received from the physical security control device 100 to the user through a display device.

In this way, the user can analyze the intrusion risk alert and respond to unauthorized intrusion of security space or leakage of security information.

The detailed configuration and function of the user terminal 300 will be described in detail in FIG. 9 below.

2 is a diagram illustrating the configuration of a physical security control device 100 according to an embodiment.

Referring to FIG. 2, in one embodiment, the physical security control device 100 includes a control unit 110, a MAC address analysis unit 120, an abnormality detection unit 130, an intrusion risk warning generation unit 140, and a user interface It includes a unit 150, a database unit 160, a communication unit 170, and a display unit 180.

Communication between various entities included in the physical security control device 100 may be performed through a wired/wireless network (not shown). Standard communication technologies and/or protocols may be used in the wired/wireless network.

The hardware configuration of the physical security control device 100 may be implemented in various ways. The MAC address analysis unit 120 and the abnormality detection unit 130 may be integrated, or the MAC address analysis unit 120 and the intrusion risk warning generation unit 140 may be integrated to configure hardware. As such, the hardware configuration of the physical security control device 100 is not limited to the description of the present specification, and may be implemented in various methods and combinations.

Before describing the components of the physical security control device 100, the MAC address of an embodiment will be described.

FIG. 3 is a diagram showing the configuration of the MAC address 20 according to an embodiment. Referring to FIG. 3, the MAC address 20 according to an embodiment includes manufacturer identification information 21 and a serial number 22. do.

The manufacturer identification information 21 is identification information of the manufacturer that manufactured the terminal, and the serial number 22 is identification information of the terminal itself.

The control unit 110 includes a MAC address analysis unit 120, an abnormality detection unit 130, an intrusion risk warning generation unit 140, a user interface unit 150 to perform various functions of the physical security control device 100, The database unit 160, the communication unit 170, and the display unit 180 are controlled.

In addition, the controller 110 may also be referred to as a processor, a controller, a microcontroller, a microprocessor, a microcomputer, etc., and the controller is hardware or firmware (firmware), software, or a combination thereof.

The control unit 110 controls the user interface unit 150, receives an access terminal white list from a user who is a security administrator, and stores the access terminal white list in the database unit 160. The white list of the access terminal in one embodiment is a MAC address of the access terminal allowed to access the secure space.

The control unit 110 controls the user interface unit 150 to receive dangerous terminal information from a user who is a security manager, and stores the dangerous terminal information in the database unit 160. The dangerous terminal information of one embodiment is terminal information determined to be a dangerous terminal, for example, a terminal manufactured by a specific manufacturer, a terminal having a certain manufacturing date, a terminal equipped with a specific OS, a terminal installed with a specific program, etc. Can.

As another example, the control unit 110 may control the communication unit 170 to receive the access terminal white list or dangerous terminal information from an external device.

The control unit 110 controls the communication unit 170 to receive the access information from the door management device 11 and the MAC address of the access terminal from the MAC address extraction unit 13. As another example, the control unit 110 may control the user interface unit 150 to receive access information from a user.

The MAC address analysis unit 120 analyzes the MAC address of the access terminal using at least one of the access information, the access terminal white list, and the dangerous terminal information, and determines an intrusion risk step of the access.

The intrusion risk step of an embodiment may be configured from the first step with the lowest intrusion risk to the fourth phase with the highest intrusion risk.

When the MAC address analysis unit 120 specifically describes a method of determining an intrusion risk level of an accessor, the MAC address analysis unit 120 first checks whether the MAC address of the accessor terminal is included in the accessor white list.

When the MAC address of the access terminal is included in the white list of the access terminal, the MAC address analysis unit 120 checks whether the MAC address of the access terminal matches the MAC address included in the access information. That is, the MAC address analyzer 120 checks whether the MAC address of the access terminal is the same as the MAC address included in the access information.

Here, the MAC address analyzer 120 may check whether the MAC address of one access terminal matches the MAC address included in one access information, and the MAC address of one access terminal is one access information among the plurality of access information. You can check if it matches the MAC address included in the information.

If the MAC addresses match, the MAC address analysis unit 120 determines the intrusion risk step as the first step, and if the MAC addresses do not match, the MAC address analysis unit 120 determines the intrusion risk step as the second step.

When the MAC address of the access terminal is not included in the white list of the access terminal, the MAC address analysis unit 120 checks whether the access terminal is a dangerous terminal using the dangerous terminal information.

For example, the MAC address analysis unit 120 identifies the manufacturer of the access terminal with the manufacturer identification information 21 included in the MAC address of the access terminal, and if the identified manufacturing system is a dangerous manufacturer included in the dangerous terminal information, the access The terminal can be identified as a dangerous terminal.

If the access terminal is not a dangerous terminal, the MAC address analysis unit 120 determines the intrusion risk step as the third step, and if the access terminal is a dangerous terminal, the MAC address analysis unit 120 determines the intrusion risk step as the fourth step. .

The MAC address analysis unit 120 transmits the intrusion danger level of the intruder to the intrusion danger warning generation unit 140.

The anomaly detection unit 130 generates a machine learning model trained to determine anomalies of the terminal holder using the location information of the terminal.

The abnormality detection unit 130 analyzes the abnormality of the accessor by inputting the location information of the accessor terminal received from the access point device 12 into the machine learning model.

The anomaly detection unit 130 generates an anomaly detection information based on the analyzed anomaly. The anomaly detection information of an embodiment may be an anomaly risk information of an entrant, for example, the anomaly detection information may include identification information of an entrant, an anomaly risk level, a warning message, and the like.

The anomaly detection unit 130 transmits the anomaly detection information of the entrant to the intrusion danger warning generation unit 140.

The intrusion danger warning generating unit 140 generates an intrusion danger warning according to the intrusion danger step. As described above, the intrusion risk warning in one embodiment is the alert information for each intrusion risk step of the access person, and the intrusion risk alert may include identification information of the access person, MAC address of the access terminal, intrusion risk step, warning message, and the like.

The intrusion danger warning generating unit 140 may generate an intrusion danger warning that further includes information on detecting anomalies of an access person.

The user interface unit 150 provides an interface through which data can be input to the user. As an example, the user may input the access terminal white list and dangerous terminal information through the user interface 150.

The database unit 160 stores various data necessary for the physical security control device 100 to implement an embodiment. For example, the database unit 160 may store an access terminal white list, dangerous terminal information, access information, location information of the access terminal, MAC address of the access terminal, access intrusion risk warning and anomaly detection information, and the like.

The communication unit 170 performs data communication with external devices. For example, the communication unit 170 may receive access information from the door management device 11, location information of the access terminal from the access point device 12, and MAC address of the access terminal from the MAC address extraction unit 13. Then, the communication unit 170 may transmit an intrusion risk warning to the user terminal 300.

The display unit 180 outputs various data to the user through the display device. For example, the display unit 180 may output access information, location information of the access terminal, MAC address of the access terminal, and an intrusion risk warning of the access to the user.

4 is a flowchart illustrating a method for storing a white list of an access terminal according to an embodiment.

Referring to FIG. 4, the method for storing a white list of an access terminal according to an embodiment includes an operation of inputting a white list of access terminals (S100) and a storage of white list of access terminals (S110).

First, in the access terminal white list input operation (S100), the control unit 110 controls the user interface unit 150 to receive an access terminal white list from a user who is a security administrator.

Then, in the operation of storing the white list of access terminal (S110), the control unit 110 stores the received white list of access terminal in the database 160.

The white list of the access terminal in one embodiment is a MAC address of the access terminal allowed to access the secure space.

5 is a flowchart illustrating a method for storing dangerous terminal information according to an embodiment.

Referring to FIG. 5, a method for storing dangerous terminal information according to an embodiment includes a dangerous terminal information input operation (S200) and a dangerous terminal information storage operation (S210 ).

First, in the dangerous terminal information input operation (S200 ), the control unit 110 controls the user interface unit 150 to receive dangerous terminal information from a user who is a security administrator.

Then, in the operation of storing the dangerous terminal information (S210), the control unit 110 stores the received dangerous terminal information in the database unit 160.

The dangerous terminal information of one embodiment is terminal information determined to be a dangerous terminal, for example, a terminal manufactured by a specific manufacturer, a terminal having a certain manufacturing date, a terminal equipped with a specific OS, a terminal installed with a specific program, etc. Can.

6 is a flowchart illustrating a physical security control method according to an embodiment.

Referring to FIG. 6, the physical security control method according to an embodiment includes an operation for receiving access information (S300), an operation for receiving a MAC address of an access terminal (S310), an operation for analyzing a MAC address (S320), and an operation for generating an intrusion risk warning (S330). ).

First, in the access information reception operation (S300 ), the control unit 110 controls the communication unit 170 to receive the access information from the door management device 11.

Then, in the MAC address reception operation (S310) of the access terminal, the control unit 110 controls the communication unit 170 to receive the MAC address of the access terminal from the MAC address extraction unit 13.

And, in the MAC address analysis operation (S320), the MAC address analysis unit 120 analyzes the MAC address of the access terminal using at least one of the access information, the access terminal white list, and the dangerous terminal information, and the intrusion risk step of the access Decide.

The intrusion risk step of an embodiment may be divided into a first step with the lowest intrusion risk and a fourth phase with the highest intrusion risk.

Then, in an intrusion danger warning generation operation (S330), the intrusion danger warning generating unit 140 generates an intrusion danger warning according to the intrusion danger step. As described above, the intrusion risk warning in one embodiment is the alert information for each intrusion risk step of the access person, and the intrusion risk alert may include identification information of the access person, MAC address of the access terminal, intrusion risk step, warning message, and the like.

7 is a flowchart illustrating a Mac address analysis method according to an embodiment.

Referring to FIG. 7, the MAC address analysis method according to an embodiment includes a white list verification operation (S400), an access matching operation (S410), a dangerous terminal verification operation (S420), and an intrusion risk step determination operation (S430). .

First, in the white list check operation (S400 ), the MAC address analyzer 120 checks whether the MAC address of the access terminal is included in the white list of the access terminal.

Then, in the access matching operation (S410), if the MAC address of the access terminal is included in the white list of the access terminal, the MAC address analyzer 120 determines whether the MAC address of the access terminal matches the MAC address included in the access information. Confirm. That is, the MAC address analyzer 120 checks whether the MAC address of the access terminal is the same as the MAC address included in the access information.

Here, the MAC address analyzer 120 may check whether the MAC address of one access terminal matches the MAC address included in one access information, and the MAC address of one access terminal is one access information among the plurality of access information. You can check if it matches the MAC address included in the information.

Then, in the intrusion risk step determination operation (S430), if the MAC address is matched, the MAC address analysis unit 120 determines the intrusion risk step as the first step, and if the MAC address does not match, the MAC address analysis unit 120 Determines the intrusion risk step as the second step.

And, in the dangerous terminal checking operation (S420), if the MAC address of the access terminal is not included in the white list of the access terminal, the MAC address analysis unit 120 checks whether the access terminal is a dangerous terminal using the dangerous terminal information. .

For example, the MAC address analysis unit 120 identifies the manufacturer of the access terminal with the manufacturer identification information 21 included in the MAC address of the access terminal, and if the identified manufacturing system is a dangerous manufacturer included in the dangerous terminal information, the access The terminal can be identified as a dangerous terminal.

Then, in the intrusion risk step determination operation (S430), if the access terminal is not a dangerous terminal, the MAC address analysis unit 120 determines the intrusion risk step as a third step, and if the access terminal is a dangerous terminal, the MAC address analysis unit 120 ) Determines the intrusion risk step as the fourth step.

8 is a flowchart illustrating an anomaly detection method according to an embodiment.

Referring to FIG. 8, an abnormality detection method according to an embodiment includes an operation of receiving location information of an access terminal (S500), a machine learning model generation operation (S510), an abnormality analysis operation (S520), and an intrusion risk warning generation operation ( S530).

First, in the operation of receiving location information of the access terminal (S500), the control unit 110 controls the communication unit 170 to receive the location information of the access terminal from the access point device 12.

Then, in a machine learning model generation operation (S510 ), the abnormality sign detection unit 130 generates a machine learning model trained to determine an abnormality sign of the terminal holder using the location information of the terminal.

Then, in the abnormal symptom analysis operation (S520), the abnormal symptom detection unit 130 analyzes the abnormal symptoms of the access by inputting the location information of the access terminal received from the access point device 12 into the machine learning model.

In addition, in an intrusion danger warning generation operation (S530), the abnormal symptom detection unit 130 generates abnormal symptom detection information of an access person based on the analyzed abnormal symptoms. The anomaly detection information of an embodiment may be an anomaly risk information of an entrant, and for example, the anomaly detection information may include identification information of an entrant, an anomaly risk level, a warning message, and the like. The anomaly detection unit 130 transmits the anomaly detection information of the entrant to the intrusion danger warning generation unit 140. The intrusion danger warning generating unit 140 generates an intrusion danger warning that further includes information on detecting anomalies of the entrant.

9 is a diagram showing the configuration of a user terminal 300 according to an embodiment. Hereinafter, components constituting the user terminal 300 illustrated in FIG. 9 will be described in turn.

The wireless communication unit 310 may include one or more components that perform wireless communication between the user terminal 300 and the wireless communication system or wireless communication between the user terminal 300 and the network where the user terminal 300 is located. . For example, the wireless communication unit 310 may include a broadcast reception module 311, a mobile communication module 312, a wireless Internet module 313, a short-range communication module 314, and a location information module 315. .

The broadcast receiving module 311 receives a broadcast signal and/or broadcast-related information from an external broadcast management server through a broadcast channel. Here, the broadcast channel may include a satellite channel and a terrestrial channel. Meanwhile, broadcast-related information may also be provided through a mobile communication network, and in this case, may be received by the mobile communication module 312.

In addition, the mobile communication module 312 transmits and receives wireless signals to and from at least one of a base station, an external terminal, and a server on a mobile communication network. Here, the wireless signal may include various types of data according to transmission and reception of a voice call signal, a video call signal, or a text/multimedia message.

The wireless Internet module 313 refers to a module for wireless Internet access, and may be built in or external to the user terminal 300.

The short-range communication module 314 refers to a module for short-range communication. As a short-range communication technology, Bluetooth, radio frequency identification (RFID), infrared data association (IrDA), ultra wideband (UWB), ZigBee, and the like can be used.

In addition, the location information module 115 is a module for confirming or obtaining the location of the user terminal 300. An example is a Global Position System (GPS) module. The GPS module receives location information from a plurality of satellites. Here, the location information may include coordinate information represented by latitude and longitude.

Meanwhile, the A/V (Audio/Video) input unit 320 is for inputting an audio signal or a video signal, and may include a camera 321 and a microphone 322. The camera 321 processes a video frame such as a still image or video obtained by an image sensor in a video call mode or a shooting mode. In addition, the processed image frame may be displayed on the display unit 351.

The image frames processed by the camera 321 may be stored in the memory 360 or transmitted to the outside through the wireless communication unit 310. Two or more cameras 321 may be provided according to a configuration aspect of the user terminal 300.

The microphone 322 receives an external sound signal by a microphone in a call mode, a recording mode, a voice recognition mode, etc., and processes it as electrical voice data. Then, the processed voice data may be converted into a form that can be transmitted to the mobile communication base station through the mobile communication module 312 and output. The microphone 322 may implement various noise removal algorithms to remove noise generated in the process of receiving an external sound signal.

The user input unit 330 accepts an input operation from a user, and generates input data for controlling the operation of the user terminal 300.

The sensing unit 340 detects the current state of the user terminal 300, such as the location of the user terminal 300, the presence or absence of user contact, the orientation of the user terminal 300, the acceleration/deceleration of the user terminal 300, and the like. A sensing signal for controlling the operation of the terminal 300 is generated.

The interface unit 370 serves as an interface with all external devices connected to the user terminal 300. For example, wired/wireless headset port, external charger port, wired/wireless data port, memory card port, port for connecting devices equipped with an identification module, audio input/output (I/O) port, A video input/output (I/O) port, an earphone port, and the like may be included.

The output unit 350 is for outputting an audio signal, a video signal, or an alarm signal, and may include a display unit 351, an audio output module 352, an alarm unit 353, and the like.

The display unit 351 displays and outputs information processed by the user terminal 300. For example, when the terminal is in a call mode, a UI (User Interface) or a GUI (Graphic User Interface) related to the call is displayed. In addition, when the user terminal 300 is in a video call mode or a shooting mode, it displays a photographed and/or received video, UI, or GUI.

Meanwhile, as described above, when the display unit 351 and the touch pad are configured as a touch screen by forming a mutual layer structure, the display unit 351 may be used as an input device in addition to an output device. The display unit 351 includes a liquid crystal display, a thin film transistor-liquid crystal display, an organic light-emitting diode, a flexible display, and a three-dimensional display ( 3D display). And, depending on the implementation form of the user terminal 300, there may be two or more display unit 351. For example, an external display unit (not shown) and an internal display unit (not shown) may be simultaneously provided on the user terminal 300.

The audio output module 352 outputs audio data received from the wireless communication unit 310 or stored in the memory 360 in a call signal reception, a call mode or a recording mode, a voice recognition mode, a broadcast reception mode, or the like. In addition, the sound output module 352 outputs sound signals related to functions (eg, call signal reception sound, message reception sound, etc.) performed by the user terminal 300. The sound output module 352 may include a speaker, a buzzer, and the like.

The alarm unit 353 outputs a signal for notifying the occurrence of the event of the user terminal 300. Examples of events generated in the terminal include call signal reception, message reception, and key signal input.

The memory 360 may store a program for processing and control of the control unit 380, and provide a function for temporarily storing input/output data (eg, a phone book, a message, a still image, a video, etc.). You can also do

The memory 360 is a flash memory type, hard disk type, multimedia card micro type, card type memory (for example, SD or XD memory, etc.), RAM (RAM, Random Access Memory) SRAM (Static Random Access Memory), ROM (ROM, Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), PROM (Programmable Read-Only Memory) magnetic memory, magnetic disk, It may include at least one type of storage medium among optical discs.

The control unit 380 typically controls the overall operation of the terminal. For example, it performs related control and processing for voice calls, data communication, video calls, and the like. Also, the control unit 380 may include a multimedia module 181 for multimedia playback. The multimedia module 381 may be implemented in the control unit 380 or may be implemented separately from the control unit 380.

Then, the control unit 380 controls the display unit 351, and outputs an intrusion risk warning transmitted from the physical security control device 100 to a user who is a security administrator.

The power supply unit 390 receives external power and internal power under the control of the control unit 380 and supplies power required for the operation of each component.

Various embodiments described herein can be implemented in a computer-readable recording medium, for example, using software, hardware, or a combination thereof.

According to a hardware implementation, the embodiments described herein include application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs) , It can be implemented using at least one of processors, controllers, micro-controllers, microprocessors, and electrical units for performing functions. In some cases, such embodiments may be implemented by the control unit 280.

According to a software implementation, embodiments such as procedures or functions may be implemented together with separate software modules that perform at least one function or operation. The software code can be implemented by software applications written in the appropriate programming language. Also, the software code is stored in the memory 260 and can be executed by the control unit 280.

The embodiments described above may be implemented by hardware components, software components, and/or combinations of hardware components and software components. For example, the apparatus, methods, and components described in the embodiments may include, for example, a processor, a controller, a central processing unit (CPU), a graphics processing unit (GPU), an ALU ( arithmetic logic unit, digital signal processor, microcomputer, field programmable gate array (FPGA), programmable logic unit (PLU), microprocessor, application specific integrated circuits (ASICS), or instructions ( instructions), such as any other device capable of executing and responding, may be implemented using one or more general purpose computers or special purpose computers.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded on a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, or the like alone or in combination. The program instructions recorded in the medium may be specially designed and configured for the embodiments or may be known and usable by those skilled in computer software. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs, DVDs, and magnetic media such as floptical disks. -Hardware devices specifically configured to store and execute program instructions such as magneto-optical media, and ROM, RAM, flash memory, and the like. Examples of program instructions include high-level language codes that can be executed by a computer using an interpreter, etc., as well as machine language codes produced by a compiler. The hardware device described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

As described above, although the embodiments have been described by the limited drawings, those skilled in the art can make various modifications and variations from the above description. For example, the described techniques are performed in a different order than the described method, and/or the components of the described system, structure, device, circuit, etc. are combined or combined in a different form from the described method, or other components Alternatively, even if replaced or substituted by equivalents, appropriate results can be achieved. Therefore, other implementations, other embodiments, and equivalents to the claims are also within the scope of the following claims.

Claims (10)

An operation of receiving or receiving input from a user of dangerous terminal information including a terminal list determined as a dangerous terminal and an access terminal white list including a Mac address of a user terminal allowed to access the secure space;
Receiving location information of an access terminal identified using a triangulation technique from an access point device;
Receiving the identification information of the recognized person from the access card of the person from the door management device;
Receiving a MAC address of the access terminal from the MAC address extraction device;
Determining an intrusion risk step of the access person by using the access terminal white list, the dangerous terminal information, the access identification information, and the MAC address of the access terminal;
Generating an intrusion danger warning according to the intrusion danger step of the access person; And
And outputting the intrusion risk warning to the user or transmitting the user to the user terminal.
The intrusion risk warning
It includes at least one of the access identification information, the MAC address of the access terminal, the intrusion risk step and a warning message,
The step of determining the risk of intrusion,
Checking whether the MAC address of the access terminal is included in the access terminal white list;
If the MAC address of the access terminal is included in the white list of the access terminal, checking whether the MAC address of the access terminal and the access identification information match;
If the MAC address of the access terminal and the access identification information match, inputting location information of the access terminal into the machine learning model, analyzing the abnormal signs of the access, and generating abnormal sign detection information of the access;
If the MAC address of the access terminal and the access identification information do not match, determining the intrusion risk step as a first step;
If the MAC address of the access terminal is not included in the access terminal white list, using the dangerous terminal information, checking whether the access terminal is a dangerous terminal;
If the access terminal is not identified as the dangerous terminal, determining an intrusion risk step as a second step higher than the first step;
And determining that the intrusion risk step is a third step higher than the second step when the access terminal is identified as the dangerous terminal.
Checking whether the access terminal is a dangerous terminal,
And identifying a manufacturer of the access terminal using the manufacturer identification information included in the MAC address of the access terminal, and checking whether the identified manufacturer is a dangerous manufacturer included in the dangerous terminal information,
The operation for generating the intrusion danger warning,
And generating the intrusion danger warning including the abnormality detection information of the access person,
The abnormality detection information,
And at least one of the access identification information, anomalous danger level, and warning message.
Physical security control method. delete delete delete delete By controlling the communication unit or the user interface unit, the access terminal white list including the MAC address of the access terminal allowed to access the secure space and the dangerous terminal information including the terminal information determined as the dangerous terminal are received or input from the user It is configured to receive, receives the location information of the access terminal confirmed by using a triangulation technique from the access point device to control the communication unit, receives the identification information recognized from the access card of the access from the door management device, MAC address A control unit configured to receive the MAC address of the access terminal from the extraction device, and control the display unit or the communication unit to output an intrusion danger warning to a user or to transmit it to a user terminal;
A MAC address analysis unit configured to determine an intrusion risk level of the access person by using the access terminal white list, the dangerous terminal information, the access identification information, and the access terminal's MAC address;
An anomaly detection unit configured to input location information of the access terminal into a machine learning model, analyze anomalies of the entrant, and generate anomaly detection information; And
And an intrusion danger warning generator configured to generate the intrusion danger warning according to the intrusion danger step of the access person,
The intrusion risk warning
It includes at least one of the access identification information, the MAC address of the access terminal, the intrusion risk step and a warning message,
The MAC address analysis unit,
Check whether the MAC address of the access terminal is included in the access terminal white list,
If the MAC address of the access terminal is included in the white list of the access terminal, check whether the MAC address of the access terminal and the access identification information match,
When the MAC address of the access terminal and the access identification information match, the abnormality detection unit analyzes the abnormality of the accessor,
If the MAC address of the access terminal and the access identification information do not match, the intrusion risk step is determined as the first step,
If the MAC address of the access terminal is not included in the access terminal white list, using the dangerous terminal information, check whether the access terminal is a dangerous terminal,
If the access terminal is not identified as the dangerous terminal, the intrusion risk step is determined as a second step higher than the first step,
When the access terminal is identified as the dangerous terminal, the intrusion risk step is configured to determine a third step higher than the second step,
The MAC address analysis unit,
It is configured to identify the manufacturer of the access terminal using the manufacturer identification information included in the MAC address of the access terminal, and to determine whether the identified manufacturer is a dangerous manufacturer included in the dangerous terminal information,
The intrusion risk warning generating unit,
And configured to generate the intrusion danger warning including the abnormality detection information of the access person,
The abnormality detection information,
And at least one of the access identification information, anomalous danger level, and warning message.
Physical security control device. delete delete delete delete

Images