1. Technical Field
The present invention relates generally to an agent apparatus and method for sharing anonymous identifier-based security information among security management domains and, more particularly, to an agent apparatus and method for sharing anonymous identifier-based security information among security management domains, which enable security management domains, the security information of which is desired to be shared, to share the security information by using hash identifiers, by which personal information can be prevented from being extracted, via a security analysis agent apparatus present in a trustworthy domain, thus effectively protecting personal information included in the shared security information.
2. Description of the Related Art
With the propagation of the Internet, the use of personal Internet banking and electronic commerce has rapidly increased, and services and marketing provided by businesses, the government, and banks have been rapidly popularized based on Internet shopping mall websites, homepages, etc. In this situation, various types of widespread illegal actions are occurring, such as the actions of unfairly obtaining personal information, financial credit information related to credit cards or the like, marketing information or new product development information, or the actions of interrupting large-scale Internet services or causing the situation of services being disabled.
In order to effectively prevent these illegal actions, for example, illegal hacking or cyber attacks such as the distribution of worm/viruses to an unspecified number of the general public, a trusted information sharing network is constructed for security management domains of institutions/companies for providing Internet services. Accordingly, the security management domains of the institutions/companies share security information related to hacking, viruses, worms, cyber terrors, network spies, computer emergency such as information wars, and vulnerability information, with security management domains of other Internet service providers.
FIG. 1 is a diagram showing a typical security information sharing system for allowing a plurality of security management domains to share security information collected from their own domains among themselves.
As shown in FIG. 1, security management domains 10a and 10b of institution/companies for providing Internet services respectively include security information sharing agent apparatuses 100a and 100b, each collecting security information and transmitting the security information to the other security management domain so as to share the security information with it. Here, as the first security management domain 10a and the second security management domain 10b have mutually agreed to share security information between themselves, the first security information sharing agent apparatus 100a of the first security management domain 10a and the second security information sharing agent apparatus 100b of the second security management domain 10b exchange security information collected from their security management domains via wired/wireless communication, so that the security information is shared between the security management domains 10a and 10b. 
Here, the security information (computer emergency information, security log, cyber attack detection information, security vulnerability information, security evaluation information, etc.), collected by the security information sharing agent apparatuses 100a and 100b from the security management domains to which they belong, may include real name identifiers (Internet Protocol (IP) addresses or the like) that enable the identification of individual clients who use the Internet services. When a real name identifier included in security information collected from a specific security management domain is transmitted to another security management domain via the sharing of security information, the privacy of the corresponding client may leak.
Because of problems related to the leakage of the privacy of clients, security information shared among the security management domains was in the past limited to security statistical information that does not contain real name identifiers (the number of cyber attacks per minute, the amount of traffic, the seriousness of cyber attacks, etc.). However, even if pieces of security information that do not contain real name identifiers are shared among security management domains, keys for identifying the security information are not present, so that it is difficult to analyze the association and correlation between pieces of security information, thus making it almost impossible to analyze meaningful security information.
Therefore, there is required the introduction of a security information sharing system that is capable of protecting the personal privacy of clients while sharing security information that includes identifiers among security management domains.