1. Field of the Invention
The present invention relates to a device and method for detecting and preventing sensitive information leakage from a portable terminal, and in particular, to a device and method for detecting and preventing sensitive information leakage using a sensitive information manager and a sensitive information leak detecting and preventing unit.
This work was supported by the IT R&D program of MIC/IITA [2007-S-023-01, Development of The Threat Containment for All-In-One Mobile Devices on Convergence Networks].
2. Description of the Related Art
Portable terminals can access networks wired or wireless, while having computing capacity utilized for various applications, including the ability of being portable. Examples of portable terminals include mobile phones, portable computers, multimedia devices, etc. Portable terminals are improving in functions and capabilities and are spreading due to the network infrastructure and development of semiconductor chip techniques. Meanwhile, the applications of portable terminals are increasing in both quality and quantity in accordance with the improvement of functions and capabilities of portable terminals.
With the development of various radio communication techniques, such as WLAN, WiBro, third-generation mobile communication, Bluetooth, and Wi-Fi, and the distribution of the infrastructure, services usable through portable terminals are being diversified. The capabilities of portable terminals are also undergoing many changes. For example, computing capability and data storage capability continue developing, including the development of the network interface using radio communication. This is because of the development of portable terminals, in which users can easily perform business transactions through portable terminals. Therefore, portable terminals are expected to be developed and innovated in the near future.
With the expansion of applications and the increase in capabilities of portable terminals, in general, sensitive information used by users is stored in portable terminals. However, this sensitive information should not be able to be leaked to other persons. Sensitive information means information which can potentially harm users if the information is accidentally or illegally leaked out of the portable terminals, and examples of the sensitive information include private information, address books, schedule, secret documents, etc. Further, information that is considered important information by the user, which needs to be protected, can be referred to as sensitive information. Therefore, sensitive information can be defined as a top priority portion of information stored in portable terminals that should be protected.
As the application fields of portable terminals are diversified and the number of users is increased, portable terminal security issues come into the spotlight. Especially, the issue of protecting sensitive information stored in portable terminals is very important. The reason is that sensitive information leakage could potentially harm the users, which could delay the development of portable terminals.
Three types of security techniques regarding information leakage exist. One type of security is authentication, which restricts access to information the user desires to protect. Authentication only allows those who are authorized to access corresponding information, thereby capable of preventing illegal access. Another type of security is encryption. Encryption makes information readable to only those who possess an encryption key, and is thus useful for protecting information. The last type of security is intrusion detection. Intrusion detection is utilized to detect not only intrusion for information leakage but also intrusion for other purposes. Intrusion detection helps prevent information leakage. These techniques have been developed in existing computing and networking environments, but not perfect. That is, hackers have evolved and any problems with the security techniques have been revealed.
In the case of mobile phones, which one of the portable terminals, many security warnings have been being reported. As mobile phones progress and the amount of sensitive information stored in mobile phones and the exchange between the mobile phones increases, research on security warnings is necessary. Currently, however, research for security of mobile phones is at an early stage, and specifically, research regarding information leakage has just begun.