Electronic device, service providing device, system comprising electronic device, service providing device, and server, and control method therefor

Abstract

Provided are an electronic device, a service providing device, a system comprising the electronic device, the service providing device, and a server, and a control method therefor. The system comprises: a server that generates a plurality of encryption keys and a plurality of decryption keys respectively corresponding to the plurality of encryption keys on the basis of a region and the type of personal information, transmits the plurality of generated encryption keys to an electronic device, and transmits the plurality of generated decryption keys to a service providing device; the electronic device that, if a user command for providing the personal information is received, encrypts the personal information by using at least one of the plurality of encryption keys, generates a QR code by using the encrypted personal information, and provides the generated QR code; and the service providing device that acquires the encrypted personal information by imaging the QR code, and decrypts the personal information by using, among the plurality of decryption keys, a decryption key that corresponds to at least one encryption key.

Description

An electronic device and a service providing device, and a system including an electronic device, a service providing device and a server, and a method for controlling the same

[0001] The present disclosure relates to an electronic device and a service providing device for providing personal information in an encrypted manner and providing a service using the encrypted personal information, and a system including the electronic device, the service providing device and a server, and a method for controlling the same.

[0002] When transmitting personal information related to a user within an electronic device to another service, the data is encrypted for security purposes. The electronic device transmitting the personal information and the service provider utilizing that information share encryption and decryption keys in advance, and exchange the personal information by encrypting and decrypting it using these keys. However, if the encryption or decryption keys are leaked, the issue of personal information leakage may occur.

[0003] Meanwhile, the information described above may be provided as related art for the purpose of aiding understanding of the present disclosure. No claim or determination is made as to whether any of the foregoing may be applied as prior art related to the present disclosure.

[0004] A system comprising an electronic device, a service providing device, and a server according to one embodiment of the present disclosure comprises: the server, which generates a plurality of encryption keys and a plurality of decryption keys corresponding to each of the plurality of encryption keys based on a region and a type of personal information, transmits the generated plurality of encryption keys to the electronic device, and transmits the generated plurality of decryption keys to the service providing device; the electronic device, which, when a user command for providing personal information is input, encrypts personal information using at least one of the plurality of encryption keys, generates a QR code using the encrypted personal information, and provides the generated QR code; and the service providing device, which scans the QR code to obtain the encrypted personal information and decrypts the personal information using a decryption key corresponding to at least one of the plurality of decryption keys.

[0005] The above server can generate an encryption key and a decryption key of a first encryption method for encrypting first type personal information, and generate an encryption key and a decryption key of a second encryption method for encrypting second type personal information.

[0006] If the sensitivity of the first type of personal information is higher than the sensitivity of the second type of personal information, the first encryption method may be an asymmetric key encryption method and the second encryption method may be a symmetric key encryption method.

[0007] The above encryption key includes a Time To Live (TTL) value indicating the validity period of the encryption key, and the TTL value may vary depending on the type of personal information.

[0008] If the sensitivity of the first type of personal information is higher than the sensitivity of the second type of personal information, the first TTL value included in the encryption key of the first encryption method may be smaller than the second TTL value included in the encryption key of the second encryption method.

[0009] If the electronic device cannot store the encryption key and the service provider cannot store the decryption key, the server may encrypt the personal information using the encryption key and transmit it to the electronic device, and the server may decrypt the encrypted personal information using the decryption key and transmit it to the service provider.

[0010] The electronic device can generate the QR code using the hash values ​​of the encrypted personal information and the keys used to encrypt the personal information.

[0011] The service providing device identifies a decryption key corresponding to an encryption key that encrypts the personal information using a hash value included in the QR code, and can decrypt the encrypted personal information using the identified decryption key.

[0012] When a user command for providing personal information is input, the above user terminal provides a UI for selecting personal information to be encrypted among the plurality of types of personal information, and when at least one of the plurality of types of personal information is selected through the UI, the at least one personal information can be encrypted using an encryption key corresponding to each of the selected at least one personal information.

[0013] A control method for a system comprising an electronic device, a service providing device, and a server according to one embodiment of the present disclosure comprises: a step in which the server generates a plurality of encryption keys and a plurality of decryption keys corresponding to each of the plurality of encryption keys based on a region and a type of personal information; a step in which the server transmits the generated plurality of encryption keys to the electronic device and transmits the generated plurality of decryption keys to the service providing device; a step in which, when a user command for providing personal information is input by the electronic device, the electronic device encrypts the personal information using at least one of the plurality of encryption keys; a step in which the electronic device generates a QR code using the encrypted personal information and provides the generated QR code; a step in which the service providing device photographs the QR code to obtain the encrypted personal information; and a step in which the service providing device decrypts the personal information using a decryption key corresponding to at least one of the plurality of decryption keys.

[0014] The step of generating the above encryption key and decryption key may generate an encryption key and decryption key of a first encryption method for encrypting first type personal information, and generate an encryption key and decryption key of a second encryption method for encrypting second type personal information.

[0015] If the sensitivity of the first type of personal information is higher than the sensitivity of the second type of personal information, the first encryption method may be an asymmetric key encryption method and the second encryption method may be a symmetric key encryption method.

[0016] The above encryption key includes a Time To Live (TTL) value indicating the validity period of the encryption key, and the TTL value may vary depending on the type of personal information.

[0017] If the sensitivity of the first type of personal information is higher than the sensitivity of the second type of personal information, the first TTL value included in the encryption key of the first encryption method may be smaller than the second TTL value included in the encryption key of the second encryption method.

[0018] The above control method may include the step of, when the electronic device is unable to store the encryption key and the service providing device is unable to store the decryption key, the server encrypting the personal information using the encryption key and transmitting it to the electronic device, and the server decrypting the encrypted personal information using the decryption key and transmitting it to the service providing device.

[0019] The step of providing the above QR code can generate the QR code using the hash values ​​of the encrypted personal information and the keys used when encrypting the personal information.

[0020] The decryption step may include: a step of identifying a decryption key corresponding to an encryption key that encrypted the personal information using a hash value included in the QR code; and a step of decrypting the encrypted personal information using the identified decryption key.

[0021] The above control method includes the step of, when a user command for providing the above personal information is input, the electronic device providing a UI for selecting personal information to be encrypted among the plurality of types of personal information; and the encryption step may, when at least one of the plurality of types of personal information is selected through the UI, encrypt the at least one personal information using an encryption key corresponding to each of the selected at least one personal information.

[0022] According to one embodiment of the present disclosure, an electronic device comprises: a communication circuit; a display; a memory for storing instructions; and a processor. When the instructions are executed individually or collectively by the processor, the electronic device receives a plurality of encryption keys generated based on the type of personal information from a key management server through the communication circuit, and when a user command for providing personal information is input, the electronic device encrypts the personal information using at least one of the plurality of encryption keys based on the type of personal information to be encrypted, generates a QR code using the encrypted personal information, and provides the generated QR code on the display.

[0023] According to one embodiment of the present disclosure, a service providing device comprises: a communication circuit; a memory for storing instructions; a display; and a processor. When the instructions are executed individually or collectively by the processor, the service providing device receives a plurality of decryption keys generated based on the type of personal information from a key management server through the communication circuit, and when an electronic device displays a QR code containing personal information encrypted using at least one encryption key, the device scans the QR code to obtain the encrypted personal information and decrypts the personal information using a decryption key corresponding to at least one encryption key among the plurality of decryption keys.

[0024] In relation to the description of the drawings, the same or similar reference numerals may be used for identical or similar components.

[0025] FIG. 1 is a drawing illustrating a system that encrypts personal information and provides a service using the encrypted personal information, according to one embodiment of the present disclosure.

[0026] FIG. 2 is a block diagram briefly illustrating the configuration of an electronic device according to one embodiment of the present disclosure.

[0027] FIG. 3 is a block diagram briefly illustrating the configuration of a service providing device according to one embodiment of the present disclosure.

[0028] FIG. 4 is a block diagram briefly illustrating the configuration of a key management server according to one embodiment of the present disclosure.

[0029] FIG. 5 is a sequence diagram illustrating a method for encrypting personal information and providing a service using the encrypted personal information, according to one embodiment of the present disclosure.

[0030] FIG. 6 is a diagram illustrating an encryption key generated according to the type of region and personal information, according to one embodiment of the present disclosure.

[0031] FIGS. 7a to 7c are drawings for explaining an embodiment of providing personal information encrypted as a QR code according to one embodiment of the present disclosure.

[0032] FIG. 8 is a drawing for explaining an embodiment of providing a service using encrypted personal information by encrypting personal information according to one embodiment of the present disclosure.

[0033] FIG. 9 is a sequence diagram illustrating a method for encrypting personal information and providing a service using the encrypted personal information, according to another embodiment of the present disclosure.

[0034] FIG. 10 is a block diagram illustrating in detail the configuration of an electronic device according to one embodiment of the present disclosure.

[0035] The present disclosure will be described in detail below with reference to the attached drawings.

[0036] The terms used in the embodiments of this disclosure have been selected to be as widely used as possible, taking into account their functions within this disclosure; however, these terms may vary depending on the intent of those skilled in the art, case law, the emergence of new technologies, etc. Additionally, in specific cases, terms may be arbitrarily selected by the applicant, and in such cases, their meanings will be described in detail in the description section of the disclosure. Therefore, terms used in this disclosure should be defined not merely by their names, but based on their meanings and the overall content of this disclosure.

[0037] In this specification, expressions such as “have,” “may have,” “include,” or “may include” indicate the presence of the above features (e.g., numerical values, functions, actions, or components such as parts) and do not exclude the presence of additional features.

[0038] The expression "at least one of A or / and B" should be understood as representing either "A" or "B" or "A and B".

[0039] Expressions such as "first," "second," "first," or "second" used in this specification may modify various components regardless of order and / or importance, and are used only to distinguish one component from another and do not limit said components.

[0040] Where it is stated that a component (e.g., a first component) is "(operatively or communicatively) coupled with / to" or "connected to" another component (e.g., a second component), it should be understood that the component may be directly connected to the other component or connected through the other component (e.g., a third component).

[0041] The singular expression includes the plural expression unless the context clearly indicates otherwise. In this application, terms such as “comprising” or “consisting of” are intended to specify the existence of the features, numbers, steps, actions, components, parts, or combinations thereof described in the specification, and should be understood as not precluding the existence or addition of one or more other features, numbers, steps, actions, components, parts, or combinations thereof.

[0042] In the embodiments, a "module" or "part" performs at least one function or operation and may be implemented in hardware or software, or a combination of hardware and software. Additionally, a plurality of "modules" or a plurality of "parts" may be integrated into at least one module and implemented by at least one processor, except for a "module" or "part" that needs to be implemented in specific hardware.

[0043] In the present disclosure, the term "user" may refer to a person using an electronic device or a device using an electronic device (e.g., an artificial intelligence electronic device).

[0044] In the present disclosure, the term "user input" refers to user input for controlling an electronic device and may be referred to by various terms such as user command, user interaction, user touch, etc.

[0045] In the present disclosure, the UI is a visual and functional layer that enables interaction between an electronic device (100) and a user, and can provide information or control the functions of the electronic device (100). UI elements are components that make up the UI and can be used to interact with the user. In this case, UI elements may be referred to by various terms such as icons, indicators, objects, etc.

[0046] The various elements and areas in the drawings are depicted schematically. Accordingly, the technical concept of the present invention is not limited by the relative sizes or spacing depicted in the attached drawings.

[0047] Embodiments of the present disclosure will be described in more detail below with reference to the attached drawings.

[0048] FIG. 1 is a diagram illustrating a system that encrypts personal information and provides services using the encrypted personal information, according to an embodiment of the present disclosure. As shown in FIG. 1, the system may include an electronic device (100), a service providing device (200), and a server (300). The electronic device (100) is a device owned by a user and storing the user's personal information. As shown in FIG. 1, it may be implemented as a smartphone, but this is merely an example of an embodiment, and it may be implemented as various user terminals such as a tablet PC, a smart pad, a smart watch, etc. The service providing device (200) is a device for providing various services using personal information. As shown in FIG. 1, it may be a laptop PC, but this is merely an example of an embodiment, and it may be implemented as various devices such as a desktop PC, a tablet PC, a kiosk, etc. The server (300) may be a key management server for managing keys for encrypting and decrypting personal information, but this is merely one example and may be referred to by various terms such as account server, encryption server, cloud server, etc. Hereinafter, the server (300) will be referred to as a "key management server."

[0049] The key management server (300) can generate and manage multiple encryption keys for encrypting personal information and multiple decryption keys for decrypting encrypted personal information. Here, personal information is information that can identify a specific user and may include various data related to the user. For example, personal information may include user name, user contact information, account ID, and account profile information, which are user identification information. For example, personal information may include IMEI (International Mobile Equipment Identity) information or SN (Serial Number) information, model code information, and model name information, which are unique information of the electronic device (100). Personal information may include GUID (Globally Unique Identifier) ​​information, which are account information within the electronic device (100).

[0050] In particular, the key management server (300) can generate encryption keys and decryption keys of various encryption methods based on the region and the type of personal information. Specifically, the key management server (300) can generate and manage encryption keys and decryption keys of different encryption methods depending on the region according to terms for the protection of personal information. Additionally, the key management server (300) can generate encryption keys and decryption keys of various encryption methods based on the type of personal information. In one or more embodiments, the key management server (300) can determine sensitivity according to the type of personal information and generate encryption keys and decryption keys of different encryption methods according to the sensitivity. Here, the sensitivity of personal information may represent the degree of potential impact that may be felt on an individual's privacy, rights, or safety if personal information is disclosed, leaked, or used improperly, and here, sensitivity may be referred to by various terms such as security strength, restriction strength, etc.

[0051] The key management server (300) may include a Time To Live (TTL) value in the encryption key and decryption key that indicates the validity period of the corresponding encryption key and decryption key. Here, the TTL value may also vary depending on the region or the type of personal information.

[0052] The key management server (300) can transmit the generated encryption key to the electronic device (100) and can transmit the decryption key to the service providing device (200). At this time, the key management server (300) can transmit the encryption key when the user subscribes to (or installs) the personal information protection service (or application) or when providing the service using personal information.

[0053] When a user command for providing personal information is entered, the electronic device (100) can encrypt the personal information using a received encryption key. Then, the electronic device (100) can generate a QR (Quick Response) code using the encrypted personal information. The QR code is a two-dimensional barcode and may contain personal information. However, the QR code is merely one example and can be implemented with various codes such as barcodes, EAN codes (European Article Numbers), Data Matrix codes, etc. The electronic device (100) can output the generated QR code through a display.

[0054] The service providing device (200) can scan a QR code using a QR reader and obtain encrypted personal information through the QR code. Then, the service providing device (200) can decrypt the encrypted personal information using a decryption key and provide various services using the decrypted personal information.

[0055] As described above, personal information protection can be enhanced by performing encryption in different ways depending on the type (or sensitivity) of the personal information. Additionally, by including a TTL in the encryption key, the risk of key leakage is reduced, and access levels can be differentiated by service to control access so that only permitted personal information is accessible.

[0056] In one or more embodiments, if the electronic device (100) cannot store the encryption key and the service providing device (200) cannot store the decryption key, the key management server (300) can encrypt personal information using the encryption key and transmit it to the electronic device (100), and the key management server (300) can decrypt the encrypted personal information using the decryption key and transmit it to the service providing device (200).

[0057] FIG. 2 illustrates an example of a block diagram of an electronic device according to one embodiment.

[0058] In one embodiment, in terms of being owned by a user, the electronic device (100) may be referred to as a terminal (or user terminal). The terminal may include, for example, a personal computer (PC) such as a laptop and a desktop. The terminal may include, for example, a smartphone, a smartpad, and / or a tablet PC. The terminal may include smart accessories such as a smartwatch and / or a head-mounted device (HMD). According to one embodiment, the electronic device (100) may include a deformable housing. Based on the deformability, the housing of the electronic device (100) may be divided into a plurality of parts.

[0059] According to one embodiment, the electronic device (100) may include at least one of a processor (110), a memory (120), a display (130), a communication circuit (140), or a camera (150). The processor (110), the memory (120), the display (130), the communication circuit (140), and the camera (150) may be electrically and / or operably coupled with each other by an electronic component such as a communication bus.

[0060] In one embodiment, the hardware of the electronic device (100) being operatively coupled may mean that a direct or indirect connection between the hardware is established via wired or wireless means so that the second hardware is controlled by the first hardware among the hardware. Although illustrated based on different blocks, the embodiment is not limited thereto, and some of the hardware of FIG. 2 (e.g., at least a portion of the processor (110), memory (120), and communication circuit (140)) may be included in a single integrated circuit, such as a system on a chip (SoC). The hardware of the electronic device (100) divided into blocks may be located within a first housing (161), a second housing (162), and / or a hinge housing (163). The type and / or number of hardware included in the electronic device (100) is not limited to that illustrated in FIG. 2. For example, the electronic device (100) may include only some of the hardware components illustrated in FIG. 2.

[0061] According to one embodiment, a processor (110) of an electronic device (100) may include hardware for processing data based on one or more instructions. The hardware for processing data may include, for example, an arithmetic and logic unit (ALU), a floating point unit (FPU), a field programmable gate array (FPGA), a central processing unit (CPU), and / or an application processor (AP). The number of processors (110) may be one or more. For example, the processor (110) may have the structure of a multi-core processor such as a dual core, a quad core, or a hexa core.

[0062] According to one embodiment, the memory (120) of the electronic device (100) may include a hardware component for storing data and / or instructions that are input and / or output to the processor (110). The memory (120) may include, for example, volatile memory such as random-access memory (RAM) and / or non-volatile memory such as read-only memory (ROM). Volatile memory may include, for example, at least one of dynamic RAM (DRAM), static RAM (SRAM), cache RAM, and pseudo SRAM (PSRAM). Non-volatile memory may include, for example, programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (EEPROM), flash memory, hard disk, compact disk, solid state drive (SSD), and embedded multimedia card (eMMC).

[0063] According to one embodiment, within the memory (120) of the electronic device (100), one or more instructions (or commands) representing operations and / or operations to be performed on data by the processor (110) may be stored. A set of one or more instructions may be referred to as firmware, an operating system, a process, a routine, a sub-routine, and / or an application. For example, the electronic device (100) and / or the processor (110) may perform various operations when a set of a plurality of instructions distributed in the form of an operating system, firmware, a driver, and / or an application is executed. In the following, the statement that an application is installed on an electronic device (100) means that one or more instructions provided in the form of an application are stored in the memory (120) of the electronic device (100), and that the one or more applications are stored in an executable format (e.g., a file having an extension specified by the operating system of the electronic device (100)) that is executable by the processor (110) of the electronic device (100).

[0064] One or more processors (110) control input data to be processed according to a predefined operation rule or AI model (artificial-intelligence model) stored in memory (120). The predefined operation rule or AI model is characterized by being created through learning. Being created through learning means that a predefined operation rule or AI model with desired characteristics is created by applying a learning algorithm to a number of learning data. Such learning may be performed on the device itself where the artificial intelligence according to the present disclosure is performed, or it may be performed through a separate server / system.

[0065] An AI model may be composed of multiple neural network layers. At least one layer has at least one weight value and performs the layer's operation through the result of the operation of the previous layer and at least one defined operation. Examples of neural networks include Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), Deep Neural Networks (DNN), Restricted Boltzmann Machines (RBM), Deep Belief Networks (DBN), Bidirectional Recurrent Deep Neural Networks (BRDNN), Deep Q-Networks, and Transformers; however, the neural networks in this disclosure are not limited to the aforementioned examples except where specified.

[0066] A learning algorithm is a method of training a specific target device (e.g., a robot) using a number of learning data to enable the target device to make decisions or predictions on its own. Examples of learning algorithms include supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning, and the learning algorithms in this disclosure are not limited to the aforementioned examples except where specified.

[0067] According to one embodiment, a display (130) of an electronic device (100) can output visualized information to a user. For example, the display (130) can be controlled by a controller, such as a GPU (graphic processing unit), to output visualized information to a user. The display (130) may include an OLED (Organic Light Emitting Diodes) display, an LED (Light Emitting Diodes), a micro LED, a Mini LED, a PDP (Plasma Display Panel), a QD (Quantum dot) display, a QLED (Quantum dot light-emitting diodes) display, and / or an e-ink display or / and an e-paper display.

[0068] According to one embodiment, the display (130) may include a first display and a second display. The first display may have at least a partially curved shape and / or a deformable shape. The second display may be implemented as an e-ink display or / and an e-paper display (hereinafter, an e-ink display). According to one example, the second display implemented as an e-ink display may receive power from a power management integrated circuit (PMIC).

[0069] The other display (130) may further include a cover display. The cover display may be placed on one side of the housing that is viewable within a state where the first display is obscured (e.g., folded state). For example, the cover display may be placed in one area of ​​the first housing. The size of the cover display may vary depending on the embodiment.

[0070] According to one embodiment, an electronic device (100) may provide visualized information to a user using a second display. The second display may be placed on a side of the electronic device (100) opposite to one side on which the first display is placed. The second display may be placed in a second housing (162) different from the first housing (161) on which the cover display is placed. The second display may be implemented as an electronic ink display. Unlike outputting visualized information by light, an electronic ink display may provide visualized information by changing the position of particles (e.g., particles having different charges) contained within the electronic ink display through a power signal. For example, each particle may be distinguished by a different color.

[0071] According to one example, the electronic device (100) may temporarily refrain from transmitting a power signal to the second display after providing visualized information (e.g., image content) on the second display. Even after temporarily refraining from transmitting a power signal to the second display, the electronic device (100) may continue to provide the visualized information (e.g., image content) on the second display. While providing visualized information to a user using the second display, the electronic device (100) may reduce power loss of a battery (not shown).

[0072] A communication circuit (140) (or communication interface) of an electronic device (100) according to one embodiment may include hardware for supporting the transmission and / or reception of electrical signals between the electronic device (100) and an external device (e.g., a key management server (300)). The communication circuit (140) may include, for example, at least one of a modem, an antenna, and an optic / electronic converter. The communication circuit (140) may support the transmission and / or reception of electrical signals based on various types of protocols such as Ethernet, LAN (local area network), WAN (wide area network), WiFi (wireless fidelity), NFC (near field communication), Bluetooth, BLE (bluetooth low energy), ZigBee, LTE (long term evolution), 5G NR (new radio) and / or 6G.

[0073] According to one example, the electronic device (100) may be connected to the key management server (300) based on a wired network and / or a wireless network. The wired network may include a network such as the Internet, a LAN (local area network), a WAN (wide area network), Ethernet, or a combination thereof. The wireless network may include a network such as LTE (long term evolution), 5g NR (new radio), WiFi (wireless fidelity), Zigbee, NFC (near field communication), Bluetooth, BLE (bluetooth low-energy), or a combination thereof. According to one example, the electronic device (100) and the key management server (300) may be connected indirectly through an intermediate node within the network.

[0074] According to one embodiment, the camera (150) of the electronic device (100) may include one or more light sensors (e.g., a CCD (charged coupled device) sensor, a CMOS (complementary metal oxide semiconductor) sensor) that generate an electrical signal indicating the color and / or brightness of light. The plurality of light sensors included in the camera (150) may be arranged in the form of a two-dimensional grid (2 dimensional array). The camera (150) may acquire the electrical signals of each of the plurality of light sensors substantially simultaneously to generate an image comprising a plurality of pixels arranged in two dimensions corresponding to the light reaching the light sensors of the two-dimensional grid. For example, photo data captured using the camera (150) may refer to a single image acquired from the camera (150). For example, video data captured using the camera (150) may refer to a sequence of a plurality of images acquired from the camera (150) at a specified frame rate. An electronic device (100) according to one embodiment may further include a flash light for outputting light in a direction in which a camera (150) is positioned to receive light. The number of cameras (150) included in the electronic device (100) may be one or more. For example, the electronic device (100) may generate image content to be provided on a display (130) using an image obtained through the camera (150).

[0075] In one embodiment, the processor (110) receives a plurality of encryption keys generated based on the type of personal information from the key management server (300) via the communication circuit (149). When a user command for providing personal information is input, the processor (110) encrypts the personal information using at least one of the plurality of encryption keys based on the type of personal information to be encrypted. The processor (110) generates a QR code using the encrypted personal information and provides the generated QR code on the display (130).

[0076] The specific operation of the electronic device (100) (in particular, the processor (110)) will be explained in detail later with reference to FIGS. 5 to 9.

[0077] FIG. 3 is a block diagram briefly illustrating the configuration of a service providing device according to one embodiment of the present disclosure. As shown in FIG. 3, the service providing device (200) may include a communication interface (210), a QR scanner (220), a memory (230), and a processor (240). However, this is merely one embodiment, and other configurations may be added.

[0078] In one embodiment, a communication interface (210) (or communication circuit) may include hardware for supporting the transmission and / or reception of electrical signals between a service provider device (200) and an external device (e.g., a key management server (300)). The communication interface (210) may include, for example, at least one of a modem, an antenna, and an optic / electronic converter. The communication interface (210) may support the transmission and / or reception of electrical signals based on various types of protocols such as Ethernet, a local area network (LAN), a wide area network (WAN), wireless fidelity (WiFi), near field communication (NFC), Bluetooth, Bluetooth low energy (BLE), ZigBee, LTE (long term evolution), 5G NR (new radio), and / or 6G. According to one example, the service provider device (200) may be connected to the server and / or to each other based on a wired network and / or a wireless network. Wired networks may include networks such as the Internet, LAN (local area network), WAN (wide area network), Ethernet, or a combination thereof. Wireless networks may include networks such as LTE (long term evolution), 5g NR (new radio), WiFi (wireless fidelity), Zigbee, NFC (near field communication), Bluetooth, BLE (bluetooth low-energy), or a combination thereof. According to one example, the service provider device (200) and the key management server (300) may be indirectly connected through an intermediate node within the network.

[0079] In one embodiment, the communication interface (210) may receive a decryption key for decrypting encrypted personal information from the key management server (300). In one embodiment, the communication interface (210) may receive multiple decryption keys according to the region and the type of personal information.

[0080] The QR scanner (220) may be configured to read and interpret a QR code and transmit information stored in the QR code to a digital device. In one embodiment, the QR scanner (220) may be connected to the main body of the service providing device (200) as shown in FIG. 1, but this is merely one embodiment and may be located inside the service providing device (200).

[0081] In one embodiment, a QR scanner (220) can read and interpret a QR code displayed by an electronic device (100) to obtain the user's encrypted personal information.

[0082] The memory (230) may store an operating system (OS) for controlling the overall operation of the components of the service providing device (200) and instructions or data related to the components of the service providing device (200). In one embodiment, the memory (230) may include a plurality of modules for decrypting encrypted personal information. In one embodiment, when a plurality of modules for decrypting encrypted personal information are executed, the service providing device (200) may load data for various modules to perform various operations stored in non-volatile memory into volatile memory. Here, loading means the operation of loading and storing data stored in non-volatile memory into volatile memory so that the processor (240) can access it.

[0083] In one embodiment, the memory (230) may be implemented as non-volatile memory (e.g., hard disk, SSD (Solid state drive), flash memory), volatile memory (memory within the processor (240)), etc.

[0084] In one embodiment, the memory (230) can store multiple decryption keys according to the type of region and personal information.

[0085] The processor (240) can control the service provider device (200) according to at least one instruction stored in memory (230).

[0086] In one embodiment, the processor (240) may include one or more processors. Specifically, one or more processors may include one or more of a CPU (Central Processing Unit), GPU (Graphics Processing Unit), APU (Accelerated Processing Unit), MIC (Many Integrated Core), DSP (Digital Signal Processor), NPU (Neural Processing Unit), hardware accelerator, or machine learning accelerator. One or more processors may control one or any combination of other components of an electronic device and may perform operations or data processing related to communication. One or more processors may execute one or more programs or instructions stored in memory. For example, one or more processors may perform a method according to one embodiment of the present disclosure by executing one or more instructions stored in memory.

[0087] In one embodiment, the processor (240) receives a plurality of decryption keys generated based on the type of personal information from the key management server (300) through the communication interface (210). When the electronic device (100) displays a QR code containing personal information encrypted using at least one encryption key, the processor (240) obtains the encrypted personal information by scanning the QR code with a QR scanner (220). The processor (240) decrypts the personal information using a decryption key corresponding to at least one encryption key among the plurality of decryption keys.

[0088] The specific operation of the service providing device (200) (in particular, the processor (240)) will be explained in detail later with reference to FIGS. 5 to 9.

[0089] FIG. 4 is a block diagram briefly illustrating the configuration of a key management server according to one embodiment of the present disclosure. As shown in FIG. 4, the key management server (300) includes a communication interface (310), memory (330), and a processor (320). However, this is merely one embodiment, and other configurations may be added.

[0090] In one embodiment, the communication interface (310) includes at least one circuit and can communicate with various types of external electronic devices (100) or service providers (200). The communication interface (310) may include at least one of a Wi-Fi communication module, a cellular communication module, a 3G (3rd generation) mobile communication module, an Ultra Wideband (UWB) communication module, a 4G (4th generation) mobile communication module, a 4th generation LTE (Long Term Evolution) communication module, and a 5G (5th generation) mobile communication module.

[0091] In one embodiment, the communication interface (310) can transmit a plurality of encryption keys to an electronic device (100) and transmit a plurality of decryption keys to a service providing device (200).

[0092] The memory (330) may store instructions or data related to the operating system (OS) for controlling the overall operation of the components of the key management server (300) and the components of the key management server (300). In one embodiment, the memory (330) may include a plurality of modules for generating and managing encryption keys and decryption keys. In one embodiment, when a plurality of modules for generating and managing encryption keys and decryption keys are executed, the key management server (300) may load data for various modules to perform various operations stored in non-volatile memory into volatile memory. Here, loading means the operation of loading and storing data stored in non-volatile memory into volatile memory so that the processor (240) can access it.

[0093] In one embodiment, the memory (330) may be implemented as non-volatile memory (e.g., hard disk, SSD (Solid state drive), flash memory), volatile memory (memory within the processor (320)), etc.

[0094] The processor (320) can control the key management server (300) according to at least one instruction stored in memory (330).

[0095] In one embodiment, the processor (320) may include one or more processors. Specifically, one or more processors may include one or more of a CPU (Central Processing Unit), GPU (Graphics Processing Unit), APU (Accelerated Processing Unit), MIC (Many Integrated Core), DSP (Digital Signal Processor), NPU (Neural Processing Unit), hardware accelerator, or machine learning accelerator. One or more processors may control one or any combination of other components of an electronic device and may perform operations or data processing related to communication. One or more processors may execute one or more programs or instructions stored in memory. For example, one or more processors may perform a method according to one embodiment of the present disclosure by executing one or more instructions stored in memory.

[0096] In one embodiment, the processor (320) generates a plurality of encryption keys and a plurality of decryption keys corresponding to each of the plurality of encryption keys based on the type of region and personal information, transmits the generated plurality of encryption keys to an electronic device (100), and transmits the generated plurality of decryption keys to a service providing device (200).

[0097] The specific operation of the key management server (300) (specifically, the processor (320)) will be explained in detail later with reference to FIGS. 5 to 9.

[0098] FIG. 5 is a sequence diagram illustrating a method for encrypting personal information and providing a service using the encrypted personal information, according to one embodiment of the present disclosure.

[0099] In the following embodiments, each operation may be performed sequentially, but is not necessarily performed sequentially. For example, the order of each operation may be changed, and at least two operations may be performed in parallel.

[0100] According to one or more embodiments, S510 to S570 may be understood to be performed in a processor of an electronic device (e.g., electronic device (100) of FIG. 2) (e.g., processor (110) of FIG. 2), a processor of a service provider (e.g., service provider (200) of FIG. 3) (e.g., processor (240) of FIG. 3), and a processor of a key management server (e.g., key management server (300) of FIG. 4) (e.g., processor (320) of FIG. 4).

[0101] In one or more embodiments, the key management server (300) can generate encryption keys and decryption keys (505). The key management server (300) can generate encryption keys and decryption keys for multiple encryption methods based on the type of region and personal information.

[0102] In one or more embodiments, the key management server (300) may generate an encryption key and a decryption key of a first encryption method for encrypting first type personal information, and generate an encryption key and a decryption key of a second encryption method for encrypting second type personal information. For example, the first type personal information may be unique information of the electronic device (100) (e.g., IMEI information and SN information, etc.), and the second type personal information may be simple identification information of the electronic device (100) (e.g., model code, model name, etc.). If the sensitivity of the first type personal information is higher than the sensitivity of the second type personal information, the key management server (300) may determine an encryption method of a different encryption level. For example, the key management server (300) may determine the first encryption method as an asymmetric key encryption method and the second encryption method as a symmetric key encryption method. For example, the key management server (300) can generate an encryption key and a decryption key of the RSA-1024 algorithm to encrypt the first type of personal information, and can generate an encryption key and a decryption key of the AES-256 algorithm to encrypt the second type of personal information. However, this is merely one example, and other types of encryption algorithms can be used.

[0103] In one or more embodiments, the key management server (300) may generate encryption keys and decryption keys of different types according to the privacy protection agreement of the region (or country) providing the personal information encryption service.

[0104] In one or more embodiments, the key management server (300) may generate an encryption key (or decryption key) including a Time To Live (TTL) value indicating the validity period of the encryption key (or decryption key). Here, the key management server (300) may set the TTL value to be different depending on the type (or sensitivity) of personal information.

[0105] For example, if the sensitivity of the first type of personal information is higher than the sensitivity of the second type of personal information, the first TTL value included in the encryption key of the first encryption method may be smaller than the second TTL value included in the encryption key of the second encryption method.

[0106] In one or more embodiments, the key management server (300) may generate and manage an encryption level (630), a key (640), and a TTL (650) according to a region (610) and a type of personal information (620), as illustrated in FIG. 6. Here, the encryption level (630) implies that the higher the number, the higher the security strength or encryption strength, and the TTL (650) implies that the lower the number, the shorter the validity period. As illustrated in FIG. 6, the higher the encryption level (630), the smaller the TTL (650) value may be. Meanwhile, FIG. 6 is merely one embodiment, and other keys may be generated.

[0107] The electronic device (100) may request an encryption key from the key management server (300) (510), and the service providing device (200) may request a decryption key from the key management server (300) (515). Here, when the electronic device (100) and the service providing device (200) each request the encryption key and the decryption key, they may also transmit information about the service providing region.

[0108] The key management server (300) can transmit an encryption key to the electronic device (100) (520). Here, the key management server (300) can transmit multiple encryption keys corresponding to the region of the electronic device (100). Here, the multiple encryption keys can encrypt personal information using multiple encryption methods depending on the type of personal information. The electronic device (100) can store the multiple encryption keys received from the key management server (300). The electronic device (100) can request the encryption key again based on the TTL stored in the encryption key, but this is merely an example, and the key management server (300) can transmit the encryption key again to the electronic device (100) based on the TTL without a separate request.

[0109] The key management server (300) can transmit a decryption key to the service providing device (200) (525). Here, the key management server (300) can transmit multiple decryption keys corresponding to the region of the service providing device (200). Here, the multiple decryption keys can decrypt personal information encrypted by multiple encryption methods. The service providing device (200) may request the decryption key again based on the TTL stored in the decryption key, but this is merely an example, and the key management server (300) can transmit the decryption key again based on the TTL without a separate request.

[0110] Meanwhile, in the above-described embodiment, it was explained that the key management server (300) generates a plurality of encryption keys and a plurality of decryption keys in advance and transmits the generated plurality of encryption keys and a plurality of decryption keys when a request is received from the electronic device (100) and the service providing device (200); however, this is merely one embodiment, and it is obvious that a plurality of encryption keys and a plurality of decryption keys can be generated and transmitted when a request is received from the electronic device (100) and the service providing device (200).

[0111] The electronic device (100) can receive a user command for providing personal information (530). In one or more embodiments, the electronic device (100) can receive a user command for providing personal information through an application associated with a user account. For example, the electronic device (100) can provide an execution screen (710) of an application associated with a user account as shown in FIG. 7a. The execution screen (710) of the application associated with a user account may include a UI element (715) for providing the user's personal information as a QR code. When the UI element (715) is selected, the electronic device (100) can receive a user command for providing personal information.

[0112] In one or more embodiments, the electronic device (100) may provide a UI for selecting personal information to be provided to the service provider device (200) among a plurality of types of personal information. When a user command for providing personal information is entered, the electronic device (100) may provide a UI (720) for selecting personal information to be encrypted among a plurality of types of personal information, as shown in FIG. 7b. When at least one of the plurality of types of personal information is selected through the UI (720) and the consent UI element (725) is selected, the electronic device (100) may encrypt at least one personal information using an encryption key corresponding to each of the selected at least one personal information.

[0113] Meanwhile, the UI (720) as shown in FIG. 7b may be provided whenever a UI element (715) is selected, but this is merely an example and may be stored on the server after being selected during the initial setup. Alternatively, the UI (720) as shown in FIG. 7b may be provided when re-consent is required.

[0114] The electronic device (100) can encrypt personal information using an encryption key (535). Specifically, the electronic device (100) can identify the type (or sensitivity) of personal information to be encrypted and encrypt the corresponding personal information using an encryption key corresponding to the type of personal information. In one embodiment, the electronic device (100) may use a symmetric key encryption key or an asymmetric key encryption key depending on the type of personal information. Additionally, the electronic device (100) can encrypt personal information using the hash value of the encryption keys. Here, the hash value is the result of converting data of arbitrary size into a unique value of fixed size, and can verify the integrity of the encrypted personal information. The service provider device (200) to perform decryption may have multiple decryption keys. Since the decryption keys are periodically expired, changed, and distributed, the hash value can be used to search for a decryption key corresponding to the encryption key used to decrypt the user's personal information among the decryption keys held by the service provider device (200).

[0115] The electronic device (100) can generate a QR code using encrypted personal information (540). In one or more embodiments, the electronic device (100) can generate a QR code using encrypted personal information and hash values ​​of the keys used to encrypt the personal information. Here, the electronic device (100) can obtain text or numbers using the encrypted personal information and hash values, and generate a QR code using the obtained text or numbers.

[0116] The electronic device (100) may provide a QR code (545). In one or more embodiments, the electronic device (100) may provide a QR code generated on a display (130). For example, the electronic device (100) may provide a QR code (730) as shown in FIG. 7c. However, this is only one embodiment, and the QR code may be transmitted to an external device connected to the electronic device (100), and the external device may provide the QR code.

[0117] The service providing device (200) can take a QR code (550). Here, the service providing device (200) can take a QR code using a QR scanner (220), but this is merely an example, and it is obvious that the QR code can be taken using a camera.

[0118] The service providing device (200) can decrypt encrypted personal information using a captured QR code (560). In one or more embodiments, the service providing device (200) can identify a decryption key corresponding to an encryption key that encrypted the personal information using a hash value included in the QR code. Then, the service providing device (200) can decrypt the encrypted personal information using the identified decryption key. By doing so, the service providing device (200) can obtain the user's personal information.

[0119] The service providing device (200) can provide a service using decrypted personal information (570). In one or more embodiments, the service providing device (200) can use the decrypted personal information to search for information about the user's service provision history or obtain information preferred by the user.

[0120] FIG. 8 is a drawing for explaining an embodiment of providing a service using encrypted personal information by encrypting personal information according to one embodiment of the present disclosure.

[0121] In one or more embodiments, a user may visit a service center (810) to repair an electronic device (100). Here, the service center needs to verify the user's personal information in order to check the repair history of the electronic device (100). If the user directly provides their personal information to a representative to verify the personal information, there is a high possibility that the personal information will be leaked and there is a problem that it takes a long time.

[0122] When a user command for providing personal information is entered, the electronic device (100) can encrypt the personal information using an encryption key received through the key management server (300) as described in FIG. 5, and generate a QR code using the encrypted personal information (820).

[0123] The service provider (200) can take a QR code using a QR scanner (220) (830).

[0124] The service providing device (200) can obtain personal information by decrypting the encrypted personal information contained in the QR code using a decryption key received through the key management server (300) (840). In one or more embodiments, the service providing device (200) can obtain GUID, identity information (e.g., name, phone number, email) and device information (SN information, IMEI information, etc.).

[0125] The service providing device (200) can provide a service using the acquired personal information (850). In one or more embodiments, the service providing device (200) can acquire identification information for the electronic device (100) using the personal information and search for the repair history, purchase history, etc. of the electronic device (100).

[0126] Accordingly, the user can provide personal information through the electronic device (100) via a QR code without having to separately provide personal information to the agent. Therefore, personal information can be protected, and accurate personal information can be provided more quickly.

[0127] Meanwhile, in the above-described embodiment, it was explained that the electronic device (100) and the service providing device (200) each perform encryption and decryption, but this is merely one embodiment. If the electronic device (100) and the service providing device (200) cannot store the encryption key or decryption key for security reasons, the key management server (300) can support encryption and decryption. This will be explained with reference to FIG. 9.

[0128] FIG. 9 is a sequence diagram illustrating a method for encrypting personal information and providing a service using the encrypted personal information, according to another embodiment of the present disclosure.

[0129] In the following embodiments, each operation may be performed sequentially, but is not necessarily performed sequentially. For example, the order of each operation may be changed, and at least two operations may be performed in parallel.

[0130] According to one or more embodiments, S510 to S570 may be understood to be performed in a processor of an electronic device (e.g., electronic device (100) of FIG. 2) (e.g., processor (110) of FIG. 2), a processor of a service provider (e.g., service provider (200) of FIG. 3) (e.g., processor (240) of FIG. 3), and a processor of a key management server (e.g., key management server (300) of FIG. 4) (e.g., processor (320) of FIG. 4).

[0131] In one or more embodiments, the key management server (300) can generate an encryption key and a decryption key (905). Since the method by which the key management server (300) generates the encryption key and the decryption key has been described in 505 of FIG. 5, a redundant description will be omitted.

[0132] The electronic device (100) can receive user commands to provide personal information (910). For example, the electronic device (100) can receive user commands through an application execution screen (710) associated with a user account, as shown in FIG. 7a.

[0133] The electronic device (100) may request the key management server (300) to encrypt personal information (915). In one or more embodiments, the electronic device (100) may transmit identification information for the electronic device (100) or personal information to be encrypted to the key management server (300).

[0134] The key management server (300) can encrypt personal information using an encryption key (920). In one or more embodiments, the key management server (300) can encrypt personal information based on the type and region of personal information to be encrypted, as described above.

[0135] The key management server (300) can transmit encrypted personal information to the electronic device (100) (925).

[0136] The electronic device (100) can generate a QR code using encrypted personal information (935). Here, the electronic device (100) can generate a QR code using encrypted personal information and a hash value used when encrypting.

[0137] Meanwhile, in the above-described embodiment, it was explained that the key management server (300) encrypts personal information and the electronic device (100) generates a QR code using the encrypted personal information, but this is merely one embodiment, and the key management server (300) can encrypt personal information and generate a QR code using the encrypted personal information and then transmit the QR code to the electronic device (100).

[0138] The electronic device (100) can provide a generated QR code (940).

[0139] The service providing device (200) can take a QR code (945). In one or more embodiments, the service providing device (200) can obtain encrypted personal information through the taken QR code.

[0140] The service providing device (200) can transmit a request to decrypt encrypted personal information to the key management server (300) (945). In one or more embodiments, the service providing device (200) can transmit encrypted personal information to the key management server (300), but this is only one embodiment, and can transmit a captured QR code to the key management server (300).

[0141] The key management server (300) can decrypt encrypted personal information (950). In one or more embodiments, the key management server (300) can identify a decryption key corresponding to an encryption key using a hash value, and can decrypt encrypted personal information using the identified decryption key.

[0142] The key management server (300) can transmit the decrypted personal information to the service providing device (200) (955).

[0143] The service providing device (200) can provide a service using decrypted personal information (960). In one or more embodiments, the service providing device (200) can use the decrypted personal information to search for information about the user's service provision history or obtain information preferred by the user.

[0144] FIG. 10 is a block diagram of an electronic device (1001) in a network environment (1000) according to various embodiments. The electronic device (1001) may be implemented as the electronic device (100) shown in FIG. 1 according to one example.

[0145] Referring to FIG. 10, in a network environment (1000), an electronic device (1001) may communicate with an electronic device (1002) through a first network (1098) (e.g., a short-range wireless communication network) or with at least one of an electronic device (1004) or a server (1008) through a second network (1099) (e.g., a long-range wireless communication network). According to one embodiment, the electronic device (1001) may communicate with the electronic device (1004) through a server (1008). According to one embodiment, the electronic device (1001) may include a processor (1020), memory (1030), input module (1050), sound output module (1055), display module (1060), audio module (1070), sensor module (1076), interface (1077), connection terminal (1078), haptic module (1079), camera module (1080), power management module (1088), battery (1089), communication module (1090), subscriber identification module (1096), or antenna module (1097). In some embodiments, at least one of these components (e.g., connection terminal (1078)) may be omitted from the electronic device (1001), or one or more other components may be added. In some embodiments, some of these components (e.g., sensor module (1076), camera module (1080), or antenna module (1097)) may be integrated into a single component (e.g., display module (1060)).

[0146] The processor (1020) can, for example, execute software (e.g., program (1040)) to control at least one other component (e.g., hardware or software component) of the electronic device (1001) connected to the processor (1020) and perform various data processing or operations. According to one embodiment, as at least part of the data processing or operations, the processor (1020) can store commands or data received from other components (e.g., sensor module (1076) or communication module (1090)) in volatile memory (1032), process the commands or data stored in volatile memory (1032), and store the resulting data in non-volatile memory (1034). According to one embodiment, the processor (1020) may include a main processor (1021) (e.g., a central processing unit or an application processor) or an auxiliary processor (1023) that can operate independently or together with it (e.g., a graphics processing unit, a neural processing unit (NPU), an image signal processor, a sensor hub processor, or a communication processor). For example, if the electronic device (1001) includes a main processor (1021) and an auxiliary processor (1023), the auxiliary processor (1023) may be configured to use lower power than the main processor (1021) or to be specialized for a specified function. The auxiliary processor (1023) may be implemented separately from the main processor (1021) or as part thereof.

[0147] The auxiliary processor (1023) may control at least some of the functions or states associated with at least one component of the electronic device (1001) (e.g., display module (1060), sensor module (1076), or communication module (1090)) on behalf of the main processor (1021) while the main processor (1021) is in an inactive (e.g., sleep) state, or together with the main processor (1021) while the main processor (1021) is in an active (e.g., application execution) state. According to one embodiment, the auxiliary processor (1023) (e.g., image signal processor or communication processor) may be implemented as part of another functionally related component (e.g., camera module (1080) or communication module (1090)). According to one embodiment, the auxiliary processor (1023) (e.g., neural network processing unit) may include a hardware structure specialized for processing an artificial intelligence model. The artificial intelligence model may be generated through machine learning. Such learning may be performed, for example, on the electronic device (1001) itself where the artificial intelligence model is executed, or through a separate server (e.g., server (1008)). The learning algorithm may include, for example, supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning, but is not limited to the examples described above. The artificial intelligence model may include a plurality of artificial neural network layers.An artificial neural network may be a deep neural network (DNN), a convolutional neural network (CNN), a recurrent neural network (RNN), a restricted Boltzmann machine (RBM), a deep belief network (DBN), a bidirectional recurrent deep neural network (BRDNN), a deep Q-network, or a combination of two or more of the above, but is not limited to the examples described above. In addition to the hardware structure, the artificial intelligence model may include a software structure, either additionally or substantially.

[0148] The memory (1030) can store various data used by at least one component of the electronic device (1001) (e.g., processor (1020) or sensor module (1076)). The data may include, for example, input data or output data for software (e.g., program (1040)) and related commands. The memory (1030) may include volatile memory (1032) or non-volatile memory (1034).

[0149] The program (1040) may be stored as software in memory (1030) and may include, for example, an operating system (1042), middleware (1044), or an application (1046).

[0150] The input module (1050) can receive commands or data to be used for a component of the electronic device (1001) (e.g., processor (1020)) from outside the electronic device (1001) (e.g., user). The input module (1050) may include, for example, a microphone, a mouse, a keyboard, a key (e.g., a button), or a digital pen (e.g., a stylus pen).

[0151] The sound output module (1055) can output a sound signal to the outside of the electronic device (1001). The sound output module (1055) may include, for example, a speaker or a receiver. The speaker may be used for general purposes, such as multimedia playback or recording playback. The receiver may be used to receive incoming calls. According to one embodiment, the receiver may be implemented separately from the speaker or as part thereof.

[0152] The display module (1060) can visually provide information to an external (e.g., user) of the electronic device (1001). The display module (1060) may include, for example, a display, a holographic device, or a projector and a control circuit for controlling said device. According to one embodiment, the display module (1060) may include a touch sensor configured to detect a touch, or a pressure sensor configured to measure the intensity of the force generated by said touch.

[0153] The audio module (1070) can convert sound into an electrical signal or, conversely, convert an electrical signal into sound. According to one embodiment, the audio module (1070) can acquire sound through the input module (1050) or output sound through the sound output module (1055) or an external electronic device (e.g., electronic device (1002)) (e.g., speaker or headphones) that is directly or wirelessly connected to the electronic device (1001).

[0154] The sensor module (1076) can detect the operating state of the electronic device (1001) (e.g., power or temperature) or the external environmental state (e.g., user state) and generate an electrical signal or data value corresponding to the detected state. According to one embodiment, the sensor module (1076) may include, for example, a gesture sensor, a gyroscope sensor, a barometric pressure sensor, a magnetic sensor, an accelerometer sensor, a grip sensor, a proximity sensor, a color sensor, an IR (infrared) sensor, a biosensor, a temperature sensor, a humidity sensor, or an illuminance sensor.

[0155] The interface (1077) may support one or more specified protocols that can be used for the electronic device (1001) to be connected directly or wirelessly to an external electronic device (e.g., electronic device (1002)). According to one embodiment, the interface (1077) may include, for example, a high definition multimedia interface (HDMI), a universal serial bus (USB) interface, an SD card interface, or an audio interface.

[0156] The connection terminal (1078) may include a connector through which the electronic device (1001) can be physically connected to an external electronic device (e.g., electronic device (1002)). According to one embodiment, the connection terminal (1078) may include, for example, an HDMI connector, a USB connector, an SD card connector, or an audio connector (e.g., a headphone connector).

[0157] The haptic module (1079) can convert an electrical signal into a mechanical stimulus (e.g., vibration or movement) or an electrical stimulus that can be perceived by the user through tactile or kinesthetic senses. According to one embodiment, the haptic module (1079) may include, for example, a motor, a piezoelectric element, or an electric stimulation device.

[0158] The camera module (1080) can capture still images and video. According to one embodiment, the camera module (1080) may include one or more lenses, image sensors, image signal processors, or flashes.

[0159] The power management module (1088) can manage power supplied to the electronic device (1001). According to one embodiment, the power management module (1088) can be implemented, for example, as at least part of a power management integrated circuit (PMIC).

[0160] The battery (1089) can supply power to at least one component of the electronic device (1001). According to one embodiment, the battery (1089) may include, for example, a non-rechargeable primary battery, a rechargeable secondary battery, or a fuel cell.

[0161] The communication module (1090) can support the establishment of a direct (e.g., wired) communication channel or a wireless communication channel between an electronic device (1001) and an external electronic device (e.g., electronic device (1002), electronic device (1004), or server (1008)), and the performance of communication through the established communication channel. The communication module (1090) may include one or more communication processors that operate independently of the processor (1020) (e.g., application processor) and support direct (e.g., wired) communication or wireless communication. According to one embodiment, the communication module (1090) may include a wireless communication module (1092) (e.g., cellular communication module, short-range wireless communication module, or GNSS (global navigation satellite system) communication module) or a wired communication module (1094) (e.g., LAN (local area network) communication module, or power line communication module). Among these communication modules, the communication module described above can communicate with an external electronic device (1004) through a first network (1098) (e.g., a short-range communication network such as Bluetooth, WiFi (wireless fidelity) direct, or IrDA (infrared data association)) or a second network (1099) (e.g., a legacy cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (e.g., a LAN or WAN)). These various types of communication modules may be integrated into a single component (e.g., a single chip) or implemented as multiple separate components (e.g., multiple chips). The wireless communication module (1092) can identify or authenticate the electronic device (1001) within a communication network such as the first network (1098) or the second network (1099) using subscriber information (e.g., International Mobile Subscriber Identifier (IMSI)) stored in the subscriber identification module (1096).

[0162] The wireless communication module (1092) can support 5G networks and next-generation communication technologies following 4G networks, for example, new radio access technology. NR access technology can support high-speed transmission of high-capacity data (enhanced mobile broadband (eMBB)), minimization of terminal power and connection of multiple terminals (massive machine type communications (mMTC)), or high reliability and low latency (ultra-reliable and low-latency communications (URLLC)). The wireless communication module (1092) can support a high-frequency band (e.g., mmWave band) to achieve a high data transmission rate, for example. The wireless communication module (1092) can support various technologies for securing performance in the high-frequency band, such as beamforming, massive MIMO (multiple-input and multiple-output), full-dimensional MIMO (FD-MIMO), array antenna, analog beam-forming, or large-scale antenna. The wireless communication module (1092) can support various requirements specified in the electronic device (1001), external electronic device (e.g., electronic device (1004)), or network system (e.g., second network (1099)). According to one embodiment, the wireless communication module (1092) can support a Peak data rate (e.g., 20 Gbps or more) for realizing eMBB, loss coverage (e.g., 164 dB or less) for realizing mMTC, or U-plane latency (e.g., downlink (DL) and uplink (UL) each 0.5 ms or less, or round trip 1 ms or less) for realizing URLLC.

[0163] An antenna module (1097) can transmit a signal or power to or from an external source (e.g., an external electronic device). According to one embodiment, the antenna module (1097) may include an antenna comprising a radiator made of a conductor or a conductive pattern formed on a substrate (e.g., a PCB). According to one embodiment, the antenna module (1097) may include a plurality of antennas (e.g., an array antenna). In this case, at least one antenna suitable for a communication method used in a communication network, such as a first network (1098) or a second network (1099), may be selected from the plurality of antennas, for example, by a communication module (1090). A signal or power may be transmitted or received between the communication module (1090) and an external electronic device through the selected at least one antenna. According to some embodiments, in addition to the radiator, other components (e.g., a radio frequency integrated circuit (RFIC)) may be additionally formed as part of the antenna module (1097).

[0164] According to various embodiments, the antenna module (1097) may form a mmWave antenna module. According to one embodiment, the mmWave antenna module may include a printed circuit board, an RFIC disposed on or adjacent to a first surface (e.g., bottom surface) of the printed circuit board and capable of supporting a specified high frequency band (e.g., mmWave band), and a plurality of antennas (e.g., array antennas) disposed on or adjacent to a second surface (e.g., top surface or side surface) of the printed circuit board and capable of transmitting or receiving a signal of the specified high frequency band.

[0165] At least some of the above components can be connected to each other via a communication method between peripheral devices (e.g., bus, GPIO (general purpose input and output), SPI (serial peripheral interface), or MIPI (mobile industry processor interface)) and exchange signals (e.g., commands or data) with each other.

[0166] According to one embodiment, commands or data may be transmitted or received between the electronic device (1001) and an external electronic device (1004) through a server (1008) connected to a second network (1099). Each of the external electronic devices (1002, or 904) may be the same or a different type of device as the electronic device (1001). According to one embodiment, all or part of the operations performed on the electronic device (1001) may be performed on one or more of the external electronic devices (1002, 904, or 908). For example, if the electronic device (1001) needs to perform a function or service automatically or in response to a request from a user or another device, the electronic device (1001) may request one or more external electronic devices to perform at least part of the function or service instead of performing the function or service itself or additionally. One or more external electronic devices that receive the above request may execute at least part of the requested function or service, or additional function or service related to the request, and transmit the result of the execution to the electronic device (1001). The electronic device (1001) may provide the result as is or additionally processed as at least part of the response to the request. For this purpose, for example, cloud computing, distributed computing, mobile edge computing (MEC), or client-server computing technology may be used. The electronic device (1001) may provide ultra-low latency services using, for example, distributed computing or mobile edge computing. In another embodiment, the external electronic device (1004) may include an Internet of Things (IoT) device. The server (1008) may be an intelligent server using machine learning and / or neural networks.According to one embodiment, an external electronic device (1004) or server (1008) may be included within the second network (1099). The electronic device (1001) may be applied to intelligent services (e.g., smart home, smart city, smart car, or healthcare) based on 5G communication technology and IoT-related technology.

[0167] The methods according to the various embodiments of the present disclosure described above may be implemented in the form of an application that can be installed on an existing electronic device. Alternatively, the methods according to the various embodiments of the present disclosure described above may be performed using a deep learning-based artificial neural network (or deep artificial neural network), that is, a learning network model.

[0168]

[0169] The methods according to the various embodiments of the present disclosure described above can be implemented by software upgrades or hardware upgrades alone for existing electronic devices.

[0170] The various embodiments of the present disclosure described above may also be performed through an embedded server equipped in an electronic device or an external server of the electronic device.

[0171] According to a specific example of the present disclosure, the various embodiments described above may be implemented as software comprising instructions stored on a machine-readable storage medium (e.g., a computer). The machine may include an electronic device (e.g., electronic device (A)) according to the disclosed embodiments, which is a device capable of calling instructions stored from the storage medium and operating according to the called instructions. When instructions are executed by a processor, the processor may perform a function corresponding to the instructions directly or by using other components under the control of the processor. Instructions may include code generated or executed by a compiler or an interpreter. The machine-readable storage medium may be provided in the form of a non-transitory storage medium. Here, "non-transitory" means only that the storage medium does not contain a signal and is tangible, and does not distinguish whether data is stored semi-permanently or temporarily in the storage medium.

[0172] Additionally, according to one embodiment of the present disclosure, the method according to the various embodiments described above may be provided as included in a computer program product. The computer program product may be traded between a seller and a buyer as a product. The computer program product may be distributed in the form of a device-readable storage medium (e.g., compact disc read-only memory (CD-ROM)) or online through an application store (e.g., Play Store™). In the case of online distribution, at least a portion of the computer program product may be temporarily stored or temporarily created in a storage medium such as the memory of a manufacturer's server, an application store's server, or a relay server.

[0173] Additionally, each component (e.g., module or program) according to the various embodiments described above may be composed of a single or multiple entities, and some of the aforementioned sub-components may be omitted, or other sub-components may be further included in the various embodiments. Generally or additionally, some components (e.g., module or program) may be integrated into a single entity to perform the functions performed by each of the respective components prior to integration in the same or similar manner. The operations performed by the module, program, or other components according to the various embodiments may be executed sequentially, in parallel, iteratively, or heuristically, or at least some operations may be executed in a different order, omitted, or other operations added.

[0174] Although preferred embodiments of the present disclosure have been illustrated and described above, the present disclosure is not limited to the specific embodiments described above. It is understood that various modifications can be made by those skilled in the art without departing from the essence of the present disclosure as claimed in the claims, and such modifications should not be understood individually from the technical spirit or perspective of the present disclosure.

Claims

1. In a system comprising an electronic device, a service providing device, and a server, The server that generates a plurality of encryption keys and a plurality of decryption keys corresponding to each of the plurality of encryption keys based on the type of region and personal information, transmits the generated plurality of encryption keys to the electronic device, and transmits the generated plurality of decryption keys to the service providing device; When a user command for providing personal information is entered, the electronic device encrypts the personal information using at least one of the plurality of encryption keys, generates a QR (Quick Response) code using the encrypted personal information, and provides the generated QR code; and A system comprising: a service providing device that obtains the encrypted personal information by scanning the QR code and decrypts the personal information using a decryption key corresponding to at least one encryption key among the plurality of decryption keys.

2. In Paragraph 1, The above server is, Generate an encryption key and a decryption key for a first encryption method to encrypt first type personal information, and A system for generating encryption keys and decryption keys for a second encryption method for encrypting Type 2 personal information, 3. In Paragraph 2, If the sensitivity of the above-mentioned first type of personal information is higher than the sensitivity of the above-mentioned second type of personal information, A system in which the first encryption method is an asymmetric key encryption method and the second encryption method is a symmetric key encryption method.

4. In Paragraph 2, The above encryption key includes a TTL (Time To Live) value indicating the validity period of the encryption key, and A system characterized by the fact that the TTL value differs depending on the type of personal information.

5. In Paragraph 4, If the sensitivity of the above-mentioned first type of personal information is higher than the sensitivity of the above-mentioned second type of personal information, A system characterized in that the first TTL value included in the encryption key of the first encryption method is smaller than the second TTL value included in the encryption key of the second encryption method.

6. In Paragraph 2, A system in which, when the electronic device cannot store the encryption key and the service provider cannot store the decryption key, the server encrypts the personal information using the encryption key and transmits it to the electronic device, and the server decrypts the encrypted personal information using the decryption key and transmits it to the service provider.

7. In Paragraph 1, The above electronic device is, A system for generating the QR code using the hash values ​​of the encrypted personal information and the keys used to encrypt the personal information.

8. In Paragraph 7, The above service providing device is, Using the hash value included in the above QR code, a decryption key corresponding to the encryption key that encrypted the above personal information is identified, and A system for decrypting the encrypted personal information using the identified decryption key.

9. In Paragraph 1, The above user terminal When a user command for providing the above personal information is entered, a UI is provided to select the personal information to be encrypted among the above multiple types of personal information, and A system that encrypts at least one personal information using an encryption key corresponding to each of the selected at least one personal information when at least one of a plurality of types of personal information is selected through the above UI.

10. A method for controlling a system including an electronic device, a service providing device, and a server, The above server generates a plurality of encryption keys and a plurality of decryption keys corresponding to each of the plurality of encryption keys based on the region and the type of personal information; The server transmits the generated plurality of encryption keys to the electronic device and transmits the generated plurality of decryption keys to the service providing device; When a user command for providing personal information is input by the electronic device, the electronic device encrypts the personal information using at least one of the plurality of encryption keys; The above electronic device generates a QR code using the encrypted personal information and provides the generated QR code; The above service providing device includes the step of obtaining the encrypted personal information by scanning the QR code; and A control method comprising the step of the service providing device decrypting the personal information using a decryption key corresponding to at least one encryption key among the plurality of decryption keys.

11. In Paragraph 10, The step of generating the above encryption key and decryption key is, Generate an encryption key and a decryption key for a first encryption method to encrypt first type personal information, and A control method for generating an encryption key and a decryption key for a second encryption method for encrypting second type personal information.

12. In Paragraph 11, If the sensitivity of the above-mentioned first type of personal information is higher than the sensitivity of the above-mentioned second type of personal information, A control method in which the first encryption method is an asymmetric key encryption method and the second encryption method is a symmetric key encryption method.

13. In Paragraph 11, The above encryption key includes a TTL (Time To Live) value indicating the validity period of the encryption key, and A control method characterized by the fact that the TTL value differs depending on the type of personal information.

14. In Paragraph 13, If the sensitivity of the above-mentioned first type of personal information is higher than the sensitivity of the above-mentioned second type of personal information, A control method characterized in that the first TTL value included in the encryption key of the first encryption method is smaller than the second TTL value included in the encryption key of the second encryption method.

15. In Paragraph 11, The above control method is, A control method comprising the step of, in cases where the electronic device is unable to store the encryption key and the service providing device is unable to store the decryption key, the server encrypts the personal information using the encryption key and transmits it to the electronic device, and the server decrypts the encrypted personal information using the decryption key and transmits it to the service providing device.

Images