WO2016032233A2 - Data management method, computer program for same, recording medium thereof, user client for executing data management method, and security policy server - Google Patents
Data management method, computer program for same, recording medium thereof, user client for executing data management method, and security policy server Download PDFInfo
- Publication number
- WO2016032233A2 WO2016032233A2 PCT/KR2015/008936 KR2015008936W WO2016032233A2 WO 2016032233 A2 WO2016032233 A2 WO 2016032233A2 KR 2015008936 W KR2015008936 W KR 2015008936W WO 2016032233 A2 WO2016032233 A2 WO 2016032233A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- server
- access
- security
- data
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- the present invention relates to a data management method, a computer program for the same, a recording medium, a user client for executing the data management method, and a security policy server.
- the security program has a network interworking with a security policy server and has a user rights policy management function.
- execute the data management method, the computer program, the recording medium, and the data management method which are configured to integrate the access to the data managed by the DB server and the user authority management of the data transmitted to the user client. It relates to a user client, a security policy server.
- a DB encryption scheme has been proposed to provide a data encryption function in a DB server, to provide encrypted data to a user client requesting data, and to use data only when a decryption function is installed in the user client.
- a plug-in method for installing a plug-in agent in a DB server to interoperate an encryption server, an API method for interworking with an encryption server using an API method in a DB server, or a hybrid method for mixing them has been proposed.
- a DB access control method has been proposed that allows a user client to access a DB server through an access control server.
- an agent method in which an agent including an access control and logging function is ported to the DB server itself, and all IPs connected to the DB server are configured through the DB security server (proxy server) or between the DB server and the client.
- a gateway method for configuring an inline security system and a sniffing method for analyzing and logging packets on a network line have been proposed.
- the conventional methods as described above have a limitation in that they cannot provide an integrated security technology in which a DB encryption method and a DB access control method are organically combined.
- the present invention has been made in view of the above problems, and accesses and manages data managed by a DB server using a user client installed with a security program interworking with a security policy server and having a user rights policy management function. It is an object of the present invention to provide a data management method, a computer program, a recording medium, a user client for executing the data management method, and a security policy server configured to integrally manage user rights of data transmitted to the data.
- a data management method that is interworked with the DB server and the security policy server, and executed in a user client installed with a security program having a user rights policy management function, 1) user authentication Recognizing a user ID through; 2) detecting whether the DB control application is running; 3) determining whether the DB control application that has detected execution is a DB control application permitted to use for the user ID; 4) if it is determined that the DB application is allowed to use, determining whether the DB server attempting to access the DB server is allowed to access the user ID; 5) if it is determined that the access is a DB server, allowing access to the DB server; And 6) if data is transmitted from the DB server as a result of the access, encrypting and managing the transmitted data according to a preset user right policy.
- the security policy server includes at least one of first security information about a DB control application that is allowed to use for each user ID and second security information about a DB server that is permitted to access to each user ID. Storage management.
- the second security information includes at least one of information about an IP address, a port address, and a usage protocol of a DB server permitted to access each user ID.
- the user authentication of step 1) is characterized in that the user client is made by making a user authentication request to the security policy server.
- the first security information and the second security information characterized in that transmitted from the security policy server to the user client during the user authentication of step 1).
- the session connection between the DB server and the user client allowed access to the user ID is made.
- the user client periodically transmitting the session maintenance confirmation data to the DB server; And 102) maintaining the session when the session maintenance confirmation data is normally received at the DB server.
- the user right policy of step 6) relates to setting of user rights for at least one of viewing, editing, printing, screen capturing, decryption, and watermark printing of data managed by the user client. It features.
- the user rights policy is transmitted from the security policy server to the user client at the time of user authentication in step 1), or is secured at the request of the user client for setting user rights for data encryption management in step 6). It is characterized in that the transmission from the policy server.
- a data management method executed in a security policy server interworking with a user client on which a DB server and a security program having a user rights policy management function is installed is provided. Storing and managing at least one of first security information about a DB control application that is permitted to use and second security information about a DB server that is permitted to access to each user ID; And 202) authenticating a user by receiving a user authentication request from the user client—transmitting at least one of the first security information and second security information to the user client during the user authentication, wherein the first security information is transmitted. And managing access from the user client to the DB server based on at least one of the second security information.
- a computer program stored in a medium for executing the data management method in combination with hardware is disclosed.
- a computer-readable recording medium having recorded thereon a computer program for executing the data management method on a computer is disclosed.
- a session management unit that performs management functions related to session connection, maintenance, and termination with the DB server-
- the management function related to session maintenance includes a function of periodically transmitting session maintenance confirmation data to the DB server after a session connection. It includes; further comprises.
- a DB server and a security policy server interworking with a user client on which a security program having a user rights policy management function is installed, the DB control permitted to use for each user ID of the user client
- a policy setting unit for setting or managing first security information about an application, second security information about a DB server permitted to access to each user ID, and a user rights policy for each user ID and the DB server
- User management unit for managing user registration and authentication for each user ID-The user authentication is performed by receiving a user authentication request from the user client, the first security information and the second security information to the user client at the time of user authentication Transmitting at least one of the following: managing access to the DB server from the user client based on at least one of the first security information and the second security information;
- a server manager for managing registration with a DB server.
- the present invention has an advantage in that access to data managed by the DB server and user rights management of data transmitted to the user client are integrated so that improved data security management is achieved.
- FIG. 1 is a system configuration diagram for executing a data management method according to an embodiment of the present invention
- FIG. 2 is a flowchart of a user client perspective of a data management method according to an embodiment of the present invention
- FIG. 3 is a flowchart illustrating a session management process of a data management method according to an embodiment of the present invention
- FIG. 4 is a flowchart illustrating a security policy server in a data management method according to an embodiment of the present invention.
- first and second may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another.
- the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component.
- FIG. 1 is a system configuration diagram for executing a data management method according to an embodiment of the present invention.
- a user client 3000 interworking with the DB server 2000 and the security policy server 1000 and having a security program having a user rights policy management function is installed.
- the user rights policy management function is, for example, in a form similar to that of a conventional DRM technology, and differentially sets usage rights of a file or data according to a user, and controls the file or data differentially according to the set authority. It can be understood as a function of a concept similar to managing to be accomplished.
- the user rights policy management function may include encryption and decryption processing for a file or data packet to be managed, user authority verification processing based on identification of a user ID, and user authority verification for an encrypted file or data packet.
- user authority verification processing based on identification of a user ID
- user authority verification for an encrypted file or data packet To allow a designated user to perform usage activities including viewing, editing, printing, screen capture, decryption, and watermark printing, and to determine which range of usage behaviors for each user is allowed for each user.
- Rights management processing may include encryption and decryption processing for a file or data packet to be managed, user authority verification processing based on identification of a user ID, and user authority verification for an encrypted file or data packet.
- the DB server 2000 is a server that manages data to be accessed by the user client 3000.
- the data management unit 2010 and the user client 3000 which perform a normal DBMS function want to access through a DB application.
- Session access with DB access control unit 2012 performing access control function
- encryption management unit 2014 performing encryption function for managing data
- control unit 2016 performing overall server management function
- user client 3000 And a session manager 2018 that performs management functions related to maintenance and termination.
- the session manager 2018 may be implemented in the form of a separate session control server interworking with the DB server 2000.
- Data to be accessed by the user client 3000 may be, for example, customer personal information data or financial transaction information data managed by the DB server 2000.
- a DB application can be understood as a conventional DB control program for a user to perform a query (SQL) operation or the like through a user client.
- SQL query
- Examples of commercial products include Todd, Orange, Oraclegate and Golden SQLdeveloper.
- Orange for example, is a DB client software that makes DB management and development easy through the UI.
- the security policy server 1000 includes a policy setting unit 1010 that sets or manages the first security information, the second security information, and the user rights policy, which will be described later, in association with each user ID and / or DB server, and each user ID. And a user manager 1012 for managing user registration and authentication and interworking, a server manager 2014 for managing registration and interworking with the DB server, and a controller 1016 for performing overall server management functions.
- the policy setting unit 1010 may include first security information about a DB control application that is allowed to use for each user ID of the user client, and a second information about a DB server that is permitted to access to each user ID. 2 Set or manage security information and user authorization policy for each user ID and DB server.
- the user authentication performed by the user manager 1012 is performed by receiving a user authentication request from the user client, and at least one of the first security information and the second security information to the user client during the user authentication.
- One is transmitted, and access management from the user client to the DB server is performed based on at least one of the first security information and the second security information.
- the user client 3000 is distinguished from the general client 4000 in which the security program is not installed or deleted in that the user client 3000 is a client in which a security program having a user rights policy management function is installed.
- the user client 3000 includes a data manager 3010 for storing or using data transmitted from the DB server, a user authentication manager 3012 for performing a user authentication process in association with the security policy server 1000, and a DB server.
- User rights policy management unit 3014 which encrypts the transmitted data in a manner according to the user rights policy and makes it available for use by users whose user rights are verified based on the user rights policy, and manages the entire user client.
- the user authentication process performed by the user authentication manager 3012 includes a function of recognizing a user ID through user authentication.
- user authentication may be performed through a single sign-on (SSO) user login process.
- the user ID recognition may be performed by a user inputting a user ID through the user client 3000 or by recognizing the user ID in the authentication server based on user input information.
- the authentication server may be provided with a separate integrated authentication server (not shown) for implementing single sign on (SSO) and interwork with the security policy server 1000. It can also be comprised as a subsystem.
- the access management function performed by the DB access manager 3018 includes a function of detecting whether a DB control application is executed and a DB control in which execution is detected that the DB control application is allowed to use for the user ID.
- a function for determining whether the application is an application a function for determining whether the DB server attempting to access the DB server that attempts to access the DB server is allowed to access the user ID, If it is determined that the database server is included, a function of allowing access to the DB server is included.
- the data management unit 3010 manages a user whose user authority is confirmed to perform data use operations relating to at least one of viewing, editing, printing, screen capturing, decryption, and watermark printing.
- the general client 4000 may be understood as a client without a security program installed or deleted, and may be understood as a client of a user who does not have permission to use encrypted data according to a user right policy.
- FIG. 2 is a flowchart of a user client perspective of a data management method according to an embodiment of the present invention
- FIG. 3 is a flowchart of a session management process of a data management method according to an embodiment of the present invention.
- the data management method according to the present embodiment will be described from a user client perspective.
- the data management method of this embodiment is networked with a DB server and a security policy server, and is executed in a user client in which a security program having a user rights policy management function is installed.
- the security policy server includes at least one of first security information about a DB control application that is allowed to use for each user ID and second security information about a DB server that is permitted to access to each user ID.
- Storage management includes at least one of information about an IP address, a port address, and a usage protocol of a DB server that is allowed to access each user ID.
- the first security information and the second security information may be preconfigured and managed by an administrator client (not shown) in the security policy server, and are generated based on user registration information and DB server registration information for setting a user ID.
- step S1 the user client recognizes the user ID through user authentication.
- the user authentication of step S1 is performed by the user client requesting a user authentication to the security policy server.
- the first security information and the second security information is transmitted from the security policy server to the user client at the time of user authentication in the step S1.
- step S2 the user client detects whether the DB control application is running.
- a security program having a user rights policy management function installed in the user client may include a function file for detecting execution of the DB control application, for example, a dynamic linking library (DLL) file, It can be included in the form of an exe file.
- DLL dynamic linking library
- step S3 the user client determines whether the DB control application that is detected to be running is a DB control application that is allowed to use the user ID.
- step S4 if it is determined that the user client is a DB application allowed to use, the user client determines whether the DB server attempting to access the DB server is allowed to access the user ID.
- step S5 if it is determined that the user client is a DB server is allowed access, the user client allows access to the DB server.
- access to the DB server may be understood as a state in which a user client may query a user ID for a user ID allowed to access a data managed by the DB server and request a transmission.
- step S6 when the data is transmitted from the DB server as a result of the access, the user client encrypts and manages the transmitted data according to a preset user rights policy. Encryption management can be made by a variety of known data encryption processes, detailed description thereof will be omitted.
- the user rights policy relates to a user right setting regarding at least one of viewing, editing, printing, screen capturing, decryption, and watermark printing for data managed by the user client.
- a session connection between the DB server and the user client allowed access to the user ID is made based on the second security information.
- a session connection may be understood as a logical connection state for data transfer between a DB server and a user client.
- the user client After the session connection is made in step S101, the user client periodically transmits the session maintenance confirmation data to the DB server.
- the transmission of session maintenance confirmation data may be performed based on the request of the DB server after the initial session connection, or by the user's own operation without request of the DB server after confirming the session connection with the DB server.
- FIG. 4 is a flowchart illustrating a security policy server in a data management method according to an embodiment of the present invention.
- a data management method according to the present embodiment will be described in terms of a security policy server.
- step S201 the security policy server of the first security information about the DB control application allowed to use for each user ID of the user client, and the second security information about the DB server allowed access to each user ID Store and manage at least one.
- the security policy server receives a user authentication request from the user client to authenticate the user.
- the security policy server transmits at least one of the first security information and the second security information to the user client during the user authentication, and at least one of the first security information and the second security information. Based on this, access management from the user client to the DB server is performed.
- Embodiments of the present invention include a program for performing various computer-implemented operations and a computer readable medium recording the same.
- the computer readable medium may include program instructions, data files, data structures, etc. alone or in combination.
- the media may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts.
- Examples of computer readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROM, DVD, USB drives, magnetic-optical media such as floppy disks, and ROM, RAM, Hardware devices specifically configured to store and execute program instructions, such as flash memory, are included.
- the medium may be a transmission medium such as an optical or metal wire, a waveguide, or the like including a carrier wave for transmitting a signal specifying a program command, a data structure, or the like.
- program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (15)
- DB 서버 및 보안 정책 서버와 네트워크 연동되며, 사용자 권한 정책 관리 기능을 갖는 보안 프로그램이 설치된 사용자 클라이언트에서 실행되는 데이터 관리 방법으로서, A data management method that runs on a user client with a security program with user authorization policy management function that is networked with a DB server and a security policy server.1) 사용자 인증을 통해 사용자 ID를 인식하는 단계; 1) recognizing a user ID through user authentication;2) DB 제어 애플리케이션의 실행 여부를 감지하는 단계; 2) detecting whether the DB control application is running;3) 실행이 감지된 DB 제어 애플리케이션이 상기 사용자 ID에 대해 사용이 허용된 DB 제어 애플리케이션인지 여부를 판단하는 단계; 3) determining whether the DB control application that has detected execution is a DB control application permitted to use for the user ID;4) 사용이 허용된 DB 애플리케이션인 것으로 판단된 경우, 접근을 시도하는 DB 서버가 상기 사용자 ID에 대해 접근이 허용된 DB 서버인지 여부를 판단하는 단계; 4) if it is determined that the DB application is allowed to use, determining whether the DB server attempting to access the DB server is allowed to access the user ID;5) 접근이 허용된 DB 서버인 것으로 판단된 경우, DB 서버에 대한 접근을 허용하는 단계; 및 5) if it is determined that the access is a DB server, allowing access to the DB server; And6) 상기 접근의 결과로서 DB 서버로부터 데이터가 전송된 경우, 미리 설정된 사용자 권한 정책에 따라 전송된 데이터를 암호화 관리하는 단계;를 포함하여 구성된 데이터 관리 방법.6) if data is transmitted from the DB server as a result of the access, encrypting and managing the transmitted data according to a preset user rights policy.
- 제1항에 있어서, The method of claim 1,상기 보안 정책 서버에는, The security policy server,각 사용자 ID에 대하여 사용이 허용된 DB 제어 애플리케이션에 관한 제1 보안 정보와, 각 사용자 ID에 대하여 접근이 허용된 DB 서버에 관한 제2 보안 정보 중 적어도 하나가 저장 관리되는 것을 특징으로 하는 데이터 관리 방법.Data management, characterized in that at least one of the first security information about the DB control application allowed to use for each user ID, and the second security information about the DB server allowed to access to each user ID are stored and managed. Way.
- 제2항에 있어서, The method of claim 2,상기 제2 보안 정보에는, In the second security information,각 사용자 ID에 대하여 접근이 허용된 DB 서버의 IP 주소, 포트 주소, 사용 프로토콜에 관한 정보 중 적어도 하나가 포함된 것을 특징으로 하는 데이터 관리 방법.And at least one of information on an IP address, a port address, and a usage protocol of a DB server that is allowed to access each user ID.
- 제3항에 있어서, The method of claim 3,상기 1) 단계의 사용자 인증은, User authentication of step 1),상기 사용자 클라이언트가 상기 보안 정책 서버에 사용자 인증 요청을 하여 이뤄지는 것을 특징으로 하는 데이터 관리 방법.And the user client makes a user authentication request to the security policy server.
- 제4항에 있어서, The method of claim 4, wherein상기 제1 보안 정보 및 제2 보안 정보는, The first security information and the second security information,상기 1) 단계의 사용자 인증 시에 보안 정책 서버로부터 사용자 클라이언트로 전송되는 것을 특징으로 하는 데이터 관리 방법.And transmitting the data from the security policy server to the user client in the step 1).
- 제5항에 있어서, The method of claim 5,상기 1) 단계의 사용자 인증 이후, After user authentication in step 1),상기 제2 보안 정보에 근거하여, 사용자 ID에 대하여 접근이 허용된 DB 서버와 사용자 클라이언트 간의 세션 접속이 이뤄지는 것을 특징으로 하는 데이터 관리 방법.Based on the second security information, a session connection between a DB server permitted to access a user ID and a user client is established.
- 제6항에 있어서, The method of claim 6,상기 세션 접속이 이뤄진 후에, After the session connection is made,101) 사용자 클라이언트가 주기적으로 상기 DB 서버로 세션 유지 확인 데이터를 전송하는 단계; 및 101) periodically transmitting, by the user client, session maintenance confirmation data to the DB server; And102) 상기 DB 서버에 상기 세션 유지 확인 데이터가 정상 수신된 경우에 세션이 유지되는 단계;가 더욱 포함된 것을 특징으로 하는 데이터 관리 방법.102) The method of claim 1, further comprising maintaining a session when the session maintenance confirmation data is normally received in the DB server.
- 제1항에 있어서, The method of claim 1,상기 6) 단계의 사용자 권한 정책은, User rights policy of step 6),상기 사용자 클라이언트에서 암호화 관리되는 데이터에 대한 열람, 편집, 인쇄, 화면 캡쳐, 암호화 해제, 워터마크 인쇄 중의 적어도 어느 하나에 관한 사용자 권한 설정에 관한 것임을 특징으로 하는 데이터 관리 방법.And a user authority setting for at least one of viewing, editing, printing, screen capturing, decryption, and watermark printing for data managed by the user client.
- 제8항에 있어서, The method of claim 8,상기 사용자 권한 정책은, The user rights policy,상기 1) 단계의 사용자 인증 시에 보안 정책 서버로부터 사용자 클라이언트로 전송되거나, Transmitted from the security policy server to the user client at the time of user authentication in step 1);상기 6) 단계의 데이터 암호화 관리를 위한 사용자 권한 설정을 위해 사용자 클라이언트가 요청 시에 보안 정책 서버로부터 전송되는 것을 특징으로 하는 데이터 관리 방법.The method of claim 6, wherein the user client is transmitted from the security policy server upon request to set a user right for data encryption management of step 6).
- DB 서버 및 사용자 권한 정책 관리 기능을 갖는 보안 프로그램이 설치된 사용자 클라이언트와 네트워크 연동되는 보안 정책 서버에서 실행되는 데이터 관리 방법으로서, A data management method that is executed in a security policy server that interworks with a user client with a security program having a DB server and user rights policy management.201) 상기 사용자 클라이언트의 각 사용자 ID에 대하여 사용이 허용된 DB 제어 애플리케이션에 관한 제1 보안 정보와, 각 사용자 ID에 대하여 접근이 허용된 DB 서버에 관한 제2 보안 정보 중 적어도 하나를 저장 관리하는 단계; 및 201) storing and managing at least one of first security information about a DB control application that is allowed to use for each user ID of the user client and second security information about a DB server that is permitted to access to each user ID. step; And202) 상기 사용자 클라이언트로부터 사용자 인증 요청을 받아 사용자 인증을 하는 단계- 상기 사용자 인증 시에 상기 사용자 클라이언트로 상기 제1 보안 정보 및 제2 보안 정보 중 적어도 어느 하나를 전송하며, 상기 제1 보안 정보 및 제2 보안 정보 중 적어도 어느 하나에 근거하여 상기 사용자 클라이언트로부터 DB 서버로의 접근 관리가 이뤄지도록 함-;를 포함하여 구성된 데이터 관리 방법.202) authenticating a user by receiving a user authentication request from the user client-transmitting at least one of the first security information and second security information to the user client during the user authentication, wherein the first security information and And manage access to the DB server from the user client based on at least one of the second security information.
- 하드웨어와 결합되어 제1항 내지 제10항 중의 어느 한 항에 따른 데이터 관리 방법을 실행시키기 위하여 매체에 저장된 컴퓨터 프로그램.A computer program stored in a medium in combination with hardware to execute a data management method according to any one of claims 1 to 10.
- 제1항 내지 제10항 중의 어느 한 항에 따른 데이터 관리 방법을 컴퓨터에서 실행하기 위한 컴퓨터 프로그램이 기록된, 컴퓨터로 판독 가능한 기록 매체.A computer-readable recording medium having recorded thereon a computer program for executing a data management method according to any one of claims 1 to 10 on a computer.
- DB 서버 및 보안 정책 서버와 네트워크 연동되며, 사용자 권한 정책 관리 기능을 갖는 보안 프로그램이 설치된 사용자 클라이언트로서, It is a user client that is interworked with DB server and security policy server and has security program with user rights policy managementDB 서버로부터 전송된 데이터를 저장 또는 사용 관리하는 데이터 관리부; A data manager configured to store or use data transmitted from the DB server;상기 보안 정책 서버와 연동하여 사용자 인증 처리를 수행하는 사용자 인증 관리부- 상기 사용자 인증 처리는 사용자 인증을 통해 사용자 ID를 인식하는 기능을 포함함-; A user authentication manager that performs user authentication processing in association with the security policy server, wherein the user authentication processing includes a function of recognizing a user ID through user authentication;DB 서버로부터 전송된 데이터를 사용자 권한 정책에 따른 방식으로 암호화 처리하고 사용자 권한 정책에 근거하여 사용자 권한이 확인된 사용자만 사용할 수 있도록 관리하는 사용자 권한 정책 관리부; 및 A user rights policy management unit which encrypts the data transmitted from the DB server in a manner according to a user rights policy and manages the data to be used only by a user whose user rights are verified based on the user rights policy; AndDB 서버에 대한 접근 관리 기능을 수행하는 DB 접근 관리부- 상기 접근 관리 기능은, DB 제어 애플리케이션의 실행 여부를 감지하는 기능과, 실행이 감지된 DB 제어 애플리케이션이 상기 사용자 ID에 대해 사용이 허용된 DB 제어 애플리케이션인지 여부를 판단하는 기능과, 사용이 허용된 DB 애플리케이션인 것으로 판단된 경우, 접근을 시도하는 DB 서버가 상기 사용자 ID에 대해 접근이 허용된 DB 서버인지 여부를 판단하는 기능과, 접근이 허용된 DB 서버인 것으로 판단된 경우, DB 서버에 대한 접근을 허용하는 기능을 포함함-;를 포함하여 구성된 사용자 클라이언트.DB access management unit performing an access management function for the DB server-The access management function includes a function of detecting whether a DB control application is executed and a DB control application that is detected to be executed is allowed to use the user ID. A function of determining whether the application is a control application; a function of determining whether the DB server attempting to access the DB server that is allowed to access the user ID is determined to be a DB application that is allowed to use; A user client configured to include access to the DB server if it is determined to be an allowed DB server.
- 제13항에 있어서, The method of claim 13,상기 DB 서버와의 세션 접속 및 유지, 종료에 관한 관리 기능을 수행하는 세션 관리부- 상기 세션 유지에 관한 관리 기능은, 세션 접속 후 주기적으로 상기 DB 서버로 세션 유지 확인 데이터를 전송하는 기능을 포함함-;를 더욱 포함하여 구성된 사용자 클라이언트.Session management unit for performing management functions related to session connection, maintenance, and termination with the DB server-The management function for session maintenance includes a function of periodically transmitting session maintenance confirmation data to the DB server after a session connection. A user client configured to include further;
- DB 서버 및 사용자 권한 정책 관리 기능을 갖는 보안 프로그램이 설치된 사용자 클라이언트와 네트워크 연동되는 보안 정책 서버로서, A security policy server that interworks with a user client with a security program that has a DB server and user rights policy management.상기 사용자 클라이언트의 각 사용자 ID에 대하여 사용이 허용된 DB 제어 애플리케이션에 관한 제1 보안 정보와, 각 사용자 ID에 대하여 접근이 허용된 DB 서버에 관한 제2 보안 정보와, 사용자 권한 정책을 각 사용자 ID 및 DB 서버에 대하여 설정 또는 관리하는 정책 설정부; The first security information about the DB control application that is allowed to use for each user ID of the user client, the second security information about the DB server that is allowed to access to each user ID, and the user authorization policy for each user ID. And a policy setting unit for setting or managing a DB server.각 사용자 ID에 대한 사용자 등록 및 인증을 관리하는 사용자 관리부- 상기 사용자 인증은 상기 사용자 클라이언트로부터 사용자 인증 요청을 받아 수행하며, 상기 사용자 인증 시에 상기 사용자 클라이언트로 상기 제1 보안 정보 및 제2 보안 정보 중 적어도 어느 하나를 전송하며, 상기 제1 보안 정보 및 제2 보안 정보 중 적어도 어느 하나에 근거하여 상기 사용자 클라이언트로부터 DB 서버로의 접근 관리가 이뤄지도록 함-; 및 User management unit for managing user registration and authentication for each user ID-The user authentication is performed by receiving a user authentication request from the user client, the first security information and the second security information to the user client at the time of user authentication Transmitting at least one of the following: managing access to the DB server from the user client based on at least one of the first security information and the second security information; AndDB 서버에 대한 등록을 관리하는 서버 관리부;를 포함하여 구성된 보안 정책 서버.Security policy server configured to include; server management unit for managing registration to the DB server.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201580045992.2A CN107005411B (en) | 2014-08-27 | 2015-08-26 | Data management method, computer program therefor, recording medium thereof, user client for executing data management method, and security policy server |
JP2017510632A JP6481953B2 (en) | 2014-08-27 | 2015-08-26 | Data management method, computer program therefor, recording medium therefor, and user client for executing data management method |
US15/505,659 US10404460B2 (en) | 2014-08-27 | 2015-08-26 | Data management method, computer readable recording medium thereof, user client for executing data management method, and security policy server |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2014-0112595 | 2014-08-27 | ||
KR20140112595 | 2014-08-27 | ||
KR10-2014-0148695 | 2014-10-29 | ||
KR1020140148695A KR101670496B1 (en) | 2014-08-27 | 2014-10-29 | Data management method, Computer program for the same, Recording medium storing computer program for the same, and User Client for the same |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2016032233A2 true WO2016032233A2 (en) | 2016-03-03 |
WO2016032233A3 WO2016032233A3 (en) | 2016-04-14 |
Family
ID=55400787
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2015/008936 WO2016032233A2 (en) | 2014-08-27 | 2015-08-26 | Data management method, computer program for same, recording medium thereof, user client for executing data management method, and security policy server |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2016032233A2 (en) |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100657554B1 (en) * | 2003-07-15 | 2006-12-13 | 김용규 | method of administering access to database |
KR100948873B1 (en) * | 2007-12-27 | 2010-03-24 | 주식회사 아이넵 | Security and management device for database security and control method thereof |
KR20100013371A (en) * | 2008-07-31 | 2010-02-10 | 한림에코텍 주식회사 | Concrete blocks and construction method thereof |
KR20080098337A (en) * | 2008-09-08 | 2008-11-07 | 김용규 | Database access authority identification certification through standard jdbc extension and the method that embodies utilization details identification |
KR100926075B1 (en) * | 2009-04-13 | 2009-11-11 | 주식회사 신시웨이 | Database access through web application server monitoring apparatus and method thereof |
KR20110029526A (en) * | 2009-09-15 | 2011-03-23 | 강희창 | Method for secure database connection |
-
2015
- 2015-08-26 WO PCT/KR2015/008936 patent/WO2016032233A2/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
WO2016032233A3 (en) | 2016-04-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11347876B2 (en) | Access control | |
JP4301482B2 (en) | Server, information processing apparatus, access control system and method thereof | |
US20180225469A1 (en) | Expendable access control | |
WO2019127973A1 (en) | Authority authentication method, system and device for mirror repository, and storage medium | |
WO2014185594A1 (en) | Single sign-on system and method in vdi environment | |
WO2011089788A1 (en) | Classified information leakage prevention system, classified information leakage prevention method and classified information leakage prevention programme | |
US20090089881A1 (en) | Methods of licensing software programs and protecting them from unauthorized use | |
WO2014003362A1 (en) | Otp-based authentication system and method | |
WO2018030667A1 (en) | Method and system for blocking phishing or ransomware attack | |
WO2020138525A1 (en) | Method for distributed authentication of device in internet-of-things blockchain environment, and system for distributed authentication of device using same | |
WO2014010818A1 (en) | User terminal device and encryption method for encrypting in cloud computing environment | |
WO2018216988A1 (en) | Security authentication system and security authentication method for creating security key by combining authentication factors of multiple users | |
WO2018026109A1 (en) | Method, server and computer-readable recording medium for deciding on gate access permission by means of network | |
WO2021096001A1 (en) | Private blockchain-based mobile device management method and system | |
US8832855B1 (en) | System for the distribution and deployment of applications with provisions for security and policy conformance | |
WO2017086757A1 (en) | Method and device for controlling security of target device using secure tunnel | |
KR101670496B1 (en) | Data management method, Computer program for the same, Recording medium storing computer program for the same, and User Client for the same | |
WO2011108877A2 (en) | System and method for logical separation of a server by using client virtualization | |
WO2014061897A1 (en) | Method for implementing login confirmation and authorization service using mobile user terminal | |
WO2020045823A1 (en) | Smart contract system using virtual machine and processing method thereof | |
WO2010068057A1 (en) | Apparatus for managing identity data and method thereof | |
WO2018026108A1 (en) | Method, authorized terminal and computer-readable recording medium for deciding on gate access permission by means of network | |
WO2012169752A2 (en) | Authentication system and method for device attempting connection | |
WO2013125883A1 (en) | Drm/cas service device and method using security context | |
WO2023113081A1 (en) | Method, apparatus, and computer-readable recording medium for controlling execution of container workload in scheme of event streaming in cloud environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15835609 Country of ref document: EP Kind code of ref document: A2 |
|
ENP | Entry into the national phase in: |
Ref document number: 2017510632 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15505659 Country of ref document: US |
|
NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15835609 Country of ref document: EP Kind code of ref document: A2 |