Search

KR-20260062415-A - METHOD FOR EXTRACTING PASSWORD PATTERNS USING PERSONALLY IDENTIFIABLE INFORMATION

KR20260062415AKR 20260062415 AKR20260062415 AKR 20260062415AKR-20260062415-A

Abstract

A method for extracting a password pattern using personal identification information is disclosed, comprising: a first mobile phone number pattern identification step for identifying a mobile phone number pattern in units of 11 consecutive characters in a string of passwords; a second mobile phone number pattern identification step for identifying a mobile phone number pattern in units of 13 consecutive characters in a string of passwords; a first resident registration number pattern identification step for identifying a resident registration number pattern in units of 6 consecutive characters in a string of passwords; a second resident registration number pattern identification step for identifying a resident registration number pattern in units of 7 consecutive characters in a string of passwords; a third resident registration number pattern identification step for identifying a resident registration number pattern in units of 13 consecutive characters in a string of passwords; and a fourth resident registration number pattern identification step for identifying a resident registration number pattern in units of 14 consecutive characters in a string of passwords. This invention is the result of the research of the 'Korean-style cryptography decryption technology research and development' project of the Digital Forensic Center of the National Police Agency of Korea in 2024.

Inventors

  • 이창훈
  • 조예송

Assignees

  • 서울과학기술대학교 산학협력단

Dates

Publication Date
20260507
Application Date
20241029

Claims (5)

  1. A first mobile phone number pattern identification step for identifying a mobile phone number pattern in units of 11 consecutive characters in a string of passwords; A second mobile phone number pattern identification step for identifying a mobile phone number pattern in units of 13 consecutive characters in the string of the above password; A first resident registration number pattern identification step for identifying a resident registration number pattern in units of 6 consecutive characters in the string of the above password; A second resident registration number pattern identification step for identifying a resident registration number pattern in units of 7 consecutive characters in the string of the above password; A third resident registration number pattern identification step for identifying a resident registration number pattern in units of 13 consecutive characters in the string of the above password; and A fourth resident registration number pattern identification step for identifying a resident registration number pattern in units of 14 consecutive characters in the string of the above password; A method for extracting password patterns using personally identifiable information including
  2. In claim 1, The above-mentioned first mobile phone number pattern identification step and the above-mentioned second mobile phone number pattern identification step are, The characters within the above password string are stored in segments in units of 11 or 13 consecutive characters, and It determines whether the character stored in the above segment starts with '010', and If it starts with '010', determine if all characters stored in the above segment are numbers, and If all are numbers, the characters stored in the above segment are determined as a mobile phone number pattern of 11 digits starting with 010, and If the characters stored in the above segment are not all numbers, determine whether the characters stored in the above segment consist of numbers or dashes, and If composed of numbers or dashes, and the number of dashes is 0, the characters stored in the segment are determined as a mobile phone number pattern of 11 digits starting with '010', and If the number of dashes is not 0, determine if the number of dashes is 2, and A method for extracting a password pattern using personal identification information, characterized in that if the number of dashes is 2 and the distance between the first dash and the second dash corresponds to 5 characters, the character stored in the segment is determined as a mobile phone number pattern starting with '010' and including dashes.
  3. In claim 1, the first resident registration number pattern identification step is, The characters within the above password string are stored in segments in units of 6 consecutive characters, and Check if all 6 consecutive characters stored in the above segment consist of numbers, and If all numbers are composed of digits, check if the 6 consecutive digits are in a date format with 2 digits for the year, 2 digits for the month, and 2 digits for the day, and A method for extracting a password pattern using personal identification information, characterized in that, in the case of a date format (S34), the characters stored in the segment are determined as a pattern of the date of birth corresponding to the first six digits of the resident registration number.
  4. In claim 1, the second resident registration number pattern identification step is, The characters within the above password string are stored in segments in units of 7 consecutive characters, and Check if all 7 consecutive characters stored in the above segment consist of numbers, If all digits consist of numbers, check if the first digit of the seven digits is a gender code, which is a number between 1 and 8 that distinguishes gender and nationality corresponding to the attributes of the Resident Registration Number, and If the first digit is a gender code, check if the second and third digits among the seven digits are numbers between 00 and 96, which are regional codes corresponding to the attributes of the resident registration number, and If the second and third digits are area codes, check if the sixth digit among the seven digits is a number between 1 and 6 corresponding to the registration order of the resident registration number attributes, and A method for extracting a password pattern using personal identification information, characterized by determining the 7 numbers stored in a segment as a pattern corresponding to the last 7 digits of a resident registration number when the sixth digit is a number corresponding to the registration order.
  5. In claim 1, The above third resident registration number pattern identification step and the above fourth resident registration number pattern identification step are, Store the characters within the password string in segments in units of 13 or 14 consecutive characters, and Check whether the consecutive characters stored in the above segment consist entirely of numbers or special character dashes, and Determine if a dash exists at the 7th position among consecutive characters, and If the first condition that a dash exists in the 7th position and the number of stored characters is 13 is satisfied, or the second condition that a dash does not exist in the 7th position and the stored characters include a dash is satisfied, it is determined that no pattern exists, and If the above first condition and the above second condition are not satisfied, check whether the first to sixth digits of the characters stored in the segment are in a date format of 2 digits for the year, 2 digits for the month, and 2 digits for the day, and In the case where there are 13 characters verified and stored in date format, if among the 13 characters, the first digit of the 7 digits corresponding to the 7th to 13th positions is a gender code between 1 and 8 that distinguishes gender and nationality corresponding to the attributes of the resident registration number, the second and third digits are regional codes between 00 and 96 corresponding to the attributes of the resident registration number, and the sixth digit is a number between 1 and 6 corresponding to the registration order corresponding to the attributes of the resident registration number, the 13 stored digits are determined as a pattern formed by concatenating the preceding 6 digits and the following 7 digits of the resident registration number. A method for extracting a password pattern using personal identification information, characterized in that, when there are 14 characters verified and stored in a date format, the first digit of the 7 digits after the dash among the 14 characters is a gender code between 1 and 8 that distinguishes gender and domestic/foreign nationals corresponding to the attributes of the resident registration number, the second and third digits are regional codes between 00 and 96 corresponding to the attributes of the resident registration number, and the sixth digit is a number between 1 and 6 corresponding to the registration order corresponding to the attributes of the resident registration number, and the stored 14 digits are determined as a pattern in which a dash exists between the preceding 6 digits and the following 7 digits of the resident registration number.

Description

Method for Extracting Password Patterns Using Personally Identifiable Information The present invention relates to a method for extracting password patterns using personal identification information, and more specifically, to a method for extracting password patterns using personal identification information that enables easy determination that a password user is a Korean by extracting personal identification information patterns frequently used by Koreans as their passwords. With the mandatory application of encryption to personal information, modern digital devices store and manage user data using encryption technology, and decryption is required during digital forensic investigations to analyze evidence collected from these devices. However, due to the principle of self-incrimination, it is difficult to compel the person whose property has been seized to provide a password for data recovery. Furthermore, it is difficult to expect the submission of a password when the person is unable to cooperate with the investigation due to being missing, deceased, or in a coma. Considering the efficiency and speed of decrypting seized data during an investigation, password dictionaries are used instead of a full enumeration. Therefore, generating password dictionaries tailored to specific situations and conditions is crucial. To this end, the first research required involves collecting Korean password sets from leaked data and generating password sets based on the tendencies of Koreans. Existing leaked password sets are classified only by language region—such as English, Chinese, or Russian—or by European region, making them relatively ineffective for use in domestic investigations. To address this, it is necessary to extract patterns of Korean Personal Identification Numbers by considering the password generation characteristics of Koreans, and to develop password guessing technology that takes into account Korean password usage habits based on these extracted patterns. In other words, it is required to identify whether a user is Korean by analyzing Korean Personal Identification Number patterns within the leaked password sets. The matters described above as background technology are intended only to enhance understanding of the background of the present invention and should not be construed as an acknowledgment that they constitute prior art already known to those skilled in the art. The following drawings attached to this specification illustrate preferred embodiments of the present invention and serve to facilitate a better understanding of the technical concept of the present invention together with the detailed description of the invention provided below; therefore, the present invention should not be interpreted as being limited only to the matters described in the following drawings. FIG. 1 is a configuration diagram illustrating an example of a hardware system to which a password pattern extraction method using personal identification information according to an embodiment of the present invention is applied. FIG. 2 is a flowchart of a method for extracting password patterns using personal identification information according to an embodiment of the present invention. FIG. 3 is a flowchart illustrating in detail the first mobile phone number pattern identification step and the second mobile phone number pattern identification step of a password pattern extraction method using personal identification information according to an embodiment of the present invention. FIG. 4 is a flowchart illustrating in detail the first resident registration number pattern identification step of a password pattern extraction method using personal identification information according to an embodiment of the present invention. FIG. 5 is a flowchart illustrating in detail the second resident registration number pattern identification step of a password pattern extraction method using personal identification information according to an embodiment of the present invention. FIG. 6 is a flowchart illustrating in detail the third resident registration number pattern identification step and the fourth resident registration number pattern identification step of a password pattern extraction method using personal identification information according to an embodiment of the present invention. Hereinafter, an image processing system applying a binning technique for object recognition according to various embodiments of the present invention will be described in detail with reference to the attached drawings. Specific structural or functional descriptions of the embodiments described below are disclosed merely for illustrative purposes and may be modified and implemented in various forms. Accordingly, the embodiments are not limited to specific disclosed forms, and the scope of this specification includes modifications, equivalents, or substitutions that fall within the technical concept. Terms such as "first" or "second" may be used to descr