KR101346284B1 - Method for producing an encrypted file and decrypting the encrypted file, computer readable recording medium a program for implementing the methods - Google Patents

Abstract

A method of encrypting a file or folder and a method of decrypting an encrypted file are disclosed. In the user terminal according to the present invention, a method for generating an encrypted file for a file or folder includes selecting a file or folder to be encrypted; Receiving decryption restriction information and an open password; Generating an identification code identifying the file or folder; Transmitting the identification code and the decryption restriction information to a server; Encrypting the file or folder with the identification code; Encrypting the identification code with the open password; And generating an encrypted file including the encrypted file or folder, the encrypted identification code, and a decryption control program.

Description

Method for producing an encrypted file and decrypting the encrypted file, computer readable recording medium a program for implementing the methods}

The present invention relates to encryption of files, and more particularly, to a method of generating an encrypted file, a method of decrypting the encrypted file, and a computer-readable recording medium having recorded thereon a program for executing the methods.

The contents of files that can be created using a computer vary widely. For example, the content of files that can be generated, such as text documents, images, video documents, or drawings of buildings or machines, is virtually unlimited.

Among these files are those that need to be especially secure. For example, there is a secret document of a company or a state, and especially at the individual level, such information is used by finance for finance, and personal secret information such as a picture or a video of an individual.

As described above, there are many files requiring security, but at the same time, the distribution paths of the files are very diverse. That is, files are basically stored in a memory area of a computer, and the paths through which they are spread vary widely, such as through an online communication network or through a storage medium such as USB or CD.

In particular, if the files that require security are secretly obtained by a hostile country or a competitor, or personal documents are obtained by malicious users on the Internet, the damage to the company or the country or the individual can be enormous.

Due to the variety of distribution paths and the possibility of exploitation of security files, a variety of security methods for security files are proposed.

1. Japanese Patent Publication No. 383088 (2006.08.02) 2. Japanese Patent Laid-Open No. 2008-136117 (2008.06.12) 3. US Patent Application Publication No. US2012 / 0096277 (2012.04.19)

The present invention has been proposed to meet the security needs of a file as described above, and an object thereof is to provide a method for encrypting a file or folder and a method for decrypting an encrypted file.

It is also an object of the present invention to provide a computer readable recording medium having recorded thereon a program for executing the above methods.

Other objects and advantages of the present invention can be understood by the following description, and will be more clearly understood by the embodiments of the present invention. It will also be readily apparent that the objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.

According to an aspect of the present invention for achieving the above object, a method for generating an encryption file for a file or folder in a user terminal comprises the steps of: selecting a file or folder to be encrypted; Receiving decryption restriction information and an open password; Generating an identification code identifying the file or folder; Transmitting the identification code and the decryption restriction information to a server; Encrypting the file or folder with the identification code; Encrypting the identification code with the open password; And generating an encrypted file including the encrypted file or folder, the encrypted identification code, and a decryption control program.

The encryption file generating method may further include: receiving an index corresponding to the identification code from the server, and encrypting the identification code includes encrypting the identification code and the index with the opening password, Generating an encrypted file may generate an encrypted file including the encrypted file or folder, the encrypted identification code and index, and a decryption control program.

The decryption control program is capable of decrypting the encrypted identification code with an open password input from a user when executing the encryption file, extracting an identification code, and transmitting the extracted identification code to the server to decrypt based on the restriction information. A response to the message may be received, and the file or folder may be extracted by decrypting the encrypted file or folder with the extracted identification code based on the received response.

The decryption control program extracts the identification code by decrypting the encrypted identification code with an open password input from the user when executing the encryption file, and seeding the identification code when the user terminal is not connected to the Internet. And an image code including the confirmation code, the confirmation code, and a connection address of the server can be generated and displayed.

The image code may be a QR code.

The decryption control program may verify the authentication code input from the user and extract the file or folder by decrypting the encrypted file or folder with the extracted identification code based on the verification result.

The encryption file generating method may further include receiving an input of discontinuing use of the generated encryption file or releasing the suspension from a user.

According to another aspect of the present invention for achieving the above object, a method for decrypting in a user terminal an encrypted file that can communicate with a server that stores decryption restriction information of an encrypted file, the open password input window to display from the user to open Receiving a password; Extracting an identification code from the encrypted file using the open password; Checking whether the user terminal is connected to the Internet; If there is an internet connection, transmitting the extracted identification code to the server and receiving a response from the server as to whether it can be decrypted; And extracting a file or folder from the encrypted file using the extracted identification code based on the response.

The decryption method may include: generating and displaying an identification code including the identification code as a seed, an identification code, and an access address of the server when the internet connection is not established; And verifying the authentication code input from the user and extracting the file or folder by decrypting the encrypted file or folder with the extracted identification code based on the verification result.

The image code may be a QR code.

The authentication code may be obtained by a mobile terminal scanning the image code.

The decrypting method may further include receiving from the server whether or not decryption is possible based on whether the encryption file creator has set the suspension of use.

According to one embodiment of the present invention, by encrypting the encrypted file or the file encrypted with a folder only a certain number of times or a predetermined validity period to prevent indiscriminate leakage of important files.

In addition, the present invention can enhance security by double encrypting important files or folders.

In addition, according to another embodiment of the present invention, even when the user terminal to decrypt the encrypted file is not connected to the Internet, it is possible to freely decrypt the encrypted file anytime and anywhere through mobile authentication.

1 is a diagram illustrating an encryption file generation system according to the present invention.
2 is a diagram illustrating a process of generating an encrypted file according to an embodiment of the present invention.
3 is a diagram illustrating a process of decrypting, by another user terminal, an encrypted file generated according to an embodiment of the present invention.
4 is a diagram illustrating a configuration of an encryption program for generating an encryption file according to an embodiment of the present invention.
5 is a diagram illustrating a process of generating an encryption file according to another embodiment of the present invention.
6 is a diagram illustrating a process of decrypting, by another user terminal, an encrypted file generated according to another embodiment of the present invention.
7 is a block diagram showing the configuration of an encryption program according to another embodiment of the present invention.
FIG. 8 is a diagram illustrating an interface screen of a user terminal in the embodiment of FIG. 2.
FIG. 9 is a diagram illustrating an interface screen of a user terminal in the embodiment of FIG. 3.
FIG. 10 is a diagram illustrating an interface screen in a user terminal and a mobile terminal in the embodiment of FIG. 6.
11 is a view showing an interface in which an encrypted file creator manages an encrypted file in another embodiment of the present invention.

The foregoing and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, in which: There will be. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram illustrating an encryption file generation system according to the present invention.

Referring to FIG. 1, an encryption file generation system according to an embodiment of the present invention includes a user terminal and a server.

The user terminal 100 is an electronic device used by a user. The user terminal 100 automatically calculates or processes data using an electronic circuit, receives input data, stores and calculates the information, and outputs a result. Typically, the user terminal 100 includes a desktop computer, a laptop computer, a tablet PC, a personal digital assistant (PDA), a smart phone, and the like.

According to the present invention, the user terminal 100 encrypts a file or folder to be encrypted (hereinafter, only the file will be described, and the target file is referred to as a source file), and the resulting file (hereinafter referred to as an encrypted file) is encrypted. Is generated. The original file has no restrictions on its extension, such as .doc, .hwp, .zip, .ppt, .dat, but encrypted files have .exe. It is created with an extension. Alternatively, the encrypted file may be generated in the form of a compressed file (zip) according to the environment setting.

In addition, in another user terminal 100, the encryption file generated by the user terminal 100 may be decrypted and an original file may be generated again. According to the present invention, when an encrypted file is generated in the user terminal 100, identification information (UUID-Universally Unique ID) is used to distinguish one encrypted file from another encrypted file. A detailed encryption file generation will be described in detail with reference to FIG. 2.

The server 200 is a computer that stores information used jointly by a single computer or a program that uses a lot of computer resources such as a memory in a communication network connecting several computers through a network. The other computers connected to the communication network retrieve and provide necessary information from the server 200, or send data to be processed by a program in the server 200 and receive the result again, and the sub computers become client computers. In the present invention, the user terminal 100 becomes a client computer with respect to the server 200.

According to the present invention, when an encryption file is generated in the user terminal 100, identification information (UUID) and restriction information (open count, validity period) for the encryption file are generated, and the server 200 determines the user terminal 100. Received from and saved. Then, when the other user terminal 100 decrypts the encrypted file, the server 200 checks the restriction information on the encrypted file and responds to the corresponding user terminal 100 as to whether it can be decrypted. The specific decryption process will be described in detail with reference to FIG. 3.

On the other hand, the system for generating an encrypted file according to another embodiment of the present invention may further include a mobile terminal (300). In this embodiment, the user terminal 100 is not connected online.

The mobile terminal 300 is a device for providing a voice call or packet communication using a mobile communication network, which may be called other terms such as a user equipment (UE), a mobile station (MS), a user terminal (UT), and a subscriber station (SS). Can be. For example, the mobile terminal 300 according to the present embodiment is a conventional mobile phone such as a cellular phone, a PCS phone, a GSM phone, a CDMA-2000 phone, a WCDMA phone, and recently used smart phones and tablet PCs and 4G networks. It includes both mobile phones and the like.

According to another embodiment of the present invention, when the user terminal 100 is not connected to the online, the restriction information check (open frequency, expiration date) performed by accessing the server 200 may be performed by the mobile terminal 300. Is performed through. The detailed description will be described later with reference to FIGS. 5 to 7.

2 is a diagram illustrating a process of generating an encrypted file according to an embodiment of the present invention.

Referring to FIG. 2, when a user executes an encryption program in the user terminal 100, the encryption program executes an environment setting interface in operation S201. An example of the configuration interface is shown in FIG.

Referring to FIG. 8A, the environment setting includes an encryption file generation location, a protection method setting, and user information setting.

The encrypted file generation location is an environment setting for setting a hard disk path in which an encrypted file generated by encrypting an original file is stored.

Protection method settings include the number of open limits, the expiration limit, the open password, the creation of a zip extension, and only the online check.

The open count limit is an environment setting that sets the total number of times a generated encrypted file can be decrypted. For example, when the encrypted file set in five times and generated according to the present invention is transmitted to the plurality of user terminals 100, the number of times that all the user terminals 100 can decrypt the encrypted file is five times. If the user terminal 100 attempts to decrypt more than 5 times, the encrypted file is not decrypted due to the limit of the opening times.

The validity period limit is an environment setting that sets a period during which the generated encrypted file can be decrypted. For example, if the encrypted file set within 7 days and generated according to the present invention is transmitted to the plurality of user terminals 100, the time when all the user terminals 100 can decrypt the encrypted file is the generation of the encrypted file. It is within seven days from work. In the user terminal 100 which is attempted to decrypt after 7 days, the encrypted file is not decrypted due to the validity limitation.

Open password is an environment setting for setting a password that must be entered first when the user terminal 100 wants to decrypt the encrypted file. If the open password input by the user is not the same as the open password set at the time of creation of the encrypted file, decryption of the encrypted file does not proceed. Therefore, the user receiving the encrypted file must also learn the information about the open password from the user who created the encrypted file.

Creating with a compressed file extension is an environment setting for setting an extension of an encrypted file. By default, if Create with compressed file extension is not selected, the encrypted file is created with the .exe extension.If Generate with compressed file extension is selected, the encrypted file is created with a compressed file extension, such as .zip. If it is created with a compressed file extension, it may be smaller than if it was created with an .exe extension.

Allowing only the online check is an environment setting for selecting whether to use the server 200 or determine within the encrypted file itself in checking the restriction information (the number of openings, the validity period). If only the online check is selected, the restriction information of the encrypted file is stored in the server 200, and if another user terminal 100 wants to decrypt the encrypted file, whether or not the server 200 can access and decrypt the encrypted file. To be judged. If only the online check is not selected, the restriction information is recorded in the encryption file, and if the other user terminal 100 wants to decrypt the encryption file, it is checked whether the encryption file can be decrypted by checking the restriction information by itself. To judge. Hereinafter, in the present specification, it is assumed that only the online check is selected, that is, the server 200 is configured to check the restriction information to determine whether it can be decrypted.

The user information setting is an environment setting for inputting information such as a name, an email, and a contact of a user who generates an encryption file.

This environment setting is executed by default when the encryption program is first executed, but is not executed later when the encryption program is executed. However, when a user wants to apply different environment settings, the user can select a setting tag and generate an environment setting differently.

After setting the environment, the user selects a file to be encrypted, that is, an original file (S202). An example of original file selection is shown in Fig. 8B.

For example, use drag and drop or the Explorer window to select the original file. When the file selection is completed and the creation button is clicked, an encryption file is generated as shown in FIG.

Hereinafter, a detailed process of generating an encryption file will be described.

The encryption program generates identification information for each file, that is, a universally unique ID (UUID) (S203). As described above, the UUID is identification information for distinguishing one file from another file. The encryption program transmits, to the server 200, the limited information (limit of the number of open times and the expiration period) set in the file distinguished by the UUID and the UUID (S204).

The server 200 stores the restriction information set in the file distinguished by the UUID and the UUID (S205). Then, when another user terminal 100 wants to decrypt the encrypted file, the server 200 may check the restriction information set in the corresponding encrypted file using the UUID and determine whether the decryption is possible.

The encryption program encrypts the UUID using the open password set in the environment setting as a key and records it in an encrypted file (S206), and encrypts the original file using the UUID as a key (S207). That is, when an encrypted file is generated and the encrypted file is decrypted, the UUID can be decrypted using the open password, and the original file can be decrypted using the decrypted UUID.

Finally, the encryption program records the decryption program in the encryption file (S208), thereby completing the generation of the encryption file (S210).

The decryption program includes an algorithm that reversely decrypts the UUID (encryption) and the original file (encryption). Specifically, when the decryption program wants to decrypt the encrypted file in another user terminal 100, the decryption program requests the user to input an open password and receives the open password. In addition, the decryption program decrypts the UUID (encryption) by using the received open password as a key, obtains the UUID, transmits the UUID to the server 200, requests confirmation of restriction information, and receives a response whether or not it can be decrypted in response. do. If the response is decipherable, the decryption program decrypts the original file (encryption) with the previously decrypted UUID as a key to obtain the original file.

Schematic of the generated encrypted file can be expressed as follows.

The encrypted file generated as described above is generated with a .exe extension by default, and may be generated with a compressed file (zip) extension when it is set to select a compressed file extension in an environment setting.

On the other hand, it has been described that the UUID is used in step S203, but summary information of the UUID, that is, UUID_Index may be used. In detail, when UUID_Index is used, the encryption program generates and transmits the UUID to the server 200 (S204). The server 200 may receive the UUID and generate the UUID_Index. Server 200 may then store the UUID and UUID_Index and send the UUID_Index back to the encryption program. The encryption program can write UUID and UUID_Index using the open password as a key and write it to the file.

3 is a diagram illustrating a process of decrypting, by another user terminal, an encrypted file generated according to an embodiment of the present invention.

Referring to FIG. 3, in the user terminal 100, the user selects an encryption file to be decrypted (S301).

When the encryption file is selected, that is, when the .exe file is executed, the encryption file requests the user to input an open password (S302). If it is an encrypted file with a compressed file extension, decompress it and prompt for the open password. An example is shown in FIG.

Referring to FIG. 9A, a user inputs an open password. The open password may be obtained from the user who created the encrypted file.

The encryption file extracts the UUID by decrypting the UUID (encryption) using the received open password as a key (S303).

If the decryption is not possible, an error message is displayed (S304). The error message is the same as, for example, FIG. 9B.

On the other hand, if decryption is possible, the encryption file requests confirmation of restriction information while transmitting the generated UUID to the server 200 (S305). Confirmation of the restriction information is to confirm the limit of the number of times of opening and the expiration date of the encrypted file stored in the server 200.

The server 200 checks the UUID received from the user terminal 100, checks the restriction information of the encryption file corresponding to the corresponding UUID stored in the server 200 (S306), and determines whether it can be decrypted (S307). Specifically, if both the number of times and the expiration date are satisfied, decryption is possible, and if either of the number of times and the expiration date is not satisfied, decryption is impossible. When the number of openings is satisfied, the number of openings is 1 or more, and when the validity period is satisfied, it means that the current time point does not exceed the validity period.

Thereafter, the server 200 responds to the user terminal 100 whether decryption is possible (S308). At this time, if decryption is possible, the server 200 discounts the number of times of opening (S309).

If the user terminal 100 receives a response from the server 200 to determine whether it can be decrypted or not, the user terminal 100 displays an error message (S310). In more detail, when the number of times of opening cannot be decrypted, an error message may be as shown in FIG. 9C.

In addition, when the decryption is impossible beyond the valid period, the user terminal 100 displays an error message, and the error message may be as shown in FIG.

If the received decryption is possible or not, the encrypted file decrypts the original file (encryption) using the UUID as a key (S311). As a result, the decrypted original file is output to the user terminal 100 (S312).

On the other hand, it has been described that the UUID is used in step S305, but summary information of the UUID, that is, UUID_Index may be used. Specifically, when using the UUID_Index, the user terminal 100 may decrypt the UUID and UUID_Index by using the open password as a key, and transmit the UUID_Index to the server 200 to request confirmation of the restriction information.

4 is a diagram illustrating a configuration of an encryption program for generating an encryption file according to an embodiment of the present invention.

Referring to FIG. 4, the encryption program according to the present embodiment includes an environment setting module 411, a UUID generation module 412, an encryption module 413, and a file generation module 414.

The environment setting module 411 receives an environment setting by executing an environment interface when the user executes an encryption program in the user terminal 100. Environment settings include encryption file generation location, protection method setting, and user information setting. The contents of the environment setting, that is, the encryption file generation position, the protection method setting, and the user information setting are the same as those described with reference to FIG. 2.

The configuration module 411 defaults to requesting the configuration setting when the encryption program is first executed, and does not request the configuration setting when the encryption program is executed later. However, when the user wants to apply different environment settings, the environment setting module 411 may receive another environment setting by executing the environment setting interface again.

In addition, the environment setting module 411 transmits the limited information, that is, the limit of the number of open times and the valid period limit, to the server 200 among the generated environment settings.

The UUID generation module 412 generates a UUID of the encryption file and transmits the UUID to the server 200. UUID is identification information for distinguishing one encrypted file from another encrypted file. Therefore, different UUIDs are generated for each encrypted file.

On the other hand, from the viewpoint of the server 200, the restriction information is received from the environment setting module 411, and the UUID of the encryption file is received from the UUID generation module 412. Since the restrictions applied to each encryption file may be different, the server 200 stores the UUID and the restriction information of the encryption file in correspondence.

The encryption module 413 encrypts the UUID using the open password as a key. Thus, when receiving an open password from a user, the open password can be used to decrypt the UUID.

In addition, the encryption module 413 encrypts the original file using the UUID as a key. Therefore, if it can be decrypted (specifically, if the decryption response of the server 200 is decryptable), the original file can be decrypted using the UUID.

The file generation module 414 generates a final encryption file. Specifically, the file generation module 414 records the UUID (encryption), the original file (encryption), and the decryption program in the encryption file. That is, the structure of the encryption file finally generated by the file generation module 414 is as follows.

The open password is an open password input from the configuration module 411, and the UUID (encryption) and the original file (encryption) are encrypted by the encryption module 413.

The decryption program includes an algorithm that reversely decrypts the UUID (encryption) and the original file (encryption). Specifically, when the decryption program wants to decrypt the encrypted file in another user terminal 100, the decryption program requests the user to input an open password and receives the open password. In addition, the decryption program decrypts the UUID (encryption) by using the received open password as a key, obtains the UUID, transmits the UUID to the server 200, requests confirmation of restriction information, and receives a response whether or not it can be decrypted in response. do. If the response is decipherable, the decryption program decrypts the original file (encryption) with the previously decrypted UUID as a key to obtain the original file.

Meanwhile, although the UUID is taken as an example of file identification information in the present embodiment, summary information of the UUID, that is, UUID_Index, may be used. Specifically, when UUID_Index is used, the UUID generation module 412 generates a UUID and transmits the UUID to the server 200, and the server 200 receives the UUID, generates the UUID_Index, and sends the UUID_Index back to the encryption program. Can be. In addition, the encryption module 413 may encrypt the UUID and UUID_Index using the open password as a key, and the file generation module 414 may record the UUID (encryption) and the UUID_Index (encryption) in a file.

5 is a diagram illustrating a process of generating an encryption file according to another embodiment of the present invention. This embodiment is a process of generating an encryption file for the case where the user terminal 100 is not connected online.

In FIG. 5, steps S201 to S208 are the same as those described using the same reference numerals in FIG. 2.

That is, when the user executes the encryption program in the user terminal 100 (S201), the encryption program executes the environment setting interface to receive the environment setting from the user. The environment settings include the encryption file generation location, protection method setting (limit of open times, validity limit, authenticate open password, create compressed file extension, allow online check only) and user information setting.

This environment setting is executed by default when the encryption program is first executed, but is not executed later when the encryption program is executed. However, when a user wants to apply different environment settings, the user can select a setting tag and generate an environment setting differently.

After setting the environment, the encryption program receives a file to be encrypted, that is, an original file from the user (S202). For example, the original file can be selected using drag and drop or an Explorer window.

The encryption program generates file identification information, that is, UUID (S203). UUIDs are distinguished by file and are identification information unique to a file.

The encryption program transmits the limited information (limit of the number of open times and the expiration period) set in the file distinguished by the UUID and the UUID to the server 200 (S204). The server 200 stores the restriction information set in the file distinguished by the UUID and the UUID (S205).

The encryption program encrypts the UUID using the open password set in the environment setting as a key and records it in an encrypted file (S206), and encrypts the original file using the UUID as a key (S207). That is, when an encrypted file is generated and the encrypted file is decrypted, the UUID can be decrypted using the open password, and the original file can be decrypted using the decrypted UUID.

Finally, the encryption program records the decryption program in the encryption file (S208), thereby completing the generation of the encryption file (S503).

The decryption program includes an algorithm that reversely decrypts the UUID (encryption) and the original file (encryption). Specifically, when the decryption program wants to decrypt the encrypted file in another user terminal 100, the decryption program requests the user to input an open password and receives the open password.

In addition, the decryption program decrypts the UUID (encryption) by using the received open password as a key to obtain a UUID. When the user terminal 100 to be decrypted is connected online, the UUID is transmitted to the server 200. Request confirmation of the restriction information, and in response receive a decipherability. If the response is decipherable, the decryption program decrypts the original file (encryption) with the previously decrypted UUID as a key to obtain the original file.

On the other hand, the decryption program generates a confirmation code and a QR code when the user terminal 100 to be decrypted is not connected online and displays it on the screen of the user terminal 100 (see FIG. 10A). The QR code includes the server URL information and the confirmation code, which is a seed encrypted of the UUID of the encryption file. In other words, decrypting the verification code can obtain the UUID of the encryption file. The above-described QR code, will be used in the process of the user mobile authentication using the mobile terminal 300. The specific process, that is, the process of decrypting the encrypted file in the user terminal 100 that is not connected to the online will be described with reference to FIG.

Schematic of the generated encrypted file can be expressed as follows.

The encrypted file generated as described above is generated with a .exe extension by default, and may be generated with a compressed file (zip) extension when it is set to select a compressed file extension in an environment setting.

On the other hand, it has been described that the UUID is used in step S203, but summary information of the UUID, that is, UUID_Index may be used. In detail, when UUID_Index is used, the encryption program generates and transmits the UUID to the server 200 (S204). The server 200 may receive the UUID and generate the UUID_Index. The server 200 may then store the UUID and UUID_Index and send the UUID_Index back to the encryption program. The encryption program can write UUID and UUID_Index using the open password as a key and write it to the file. In addition, the decryption program determines whether or not the user terminal 100 is online, and when connected to the online, transmits the decrypted UUID_Index to the server 200 to request confirmation of the restriction information, decrypted in response to the Receive availability. On the other hand, when not connected to the online to generate a QR code and confirmation code to display on the screen of the user terminal (100). The QR code includes the server URL information and the confirmation code, which is a seed encrypted of the UUID of the encryption file.

Meanwhile, in the present specification, the QR code has been described as an example of an image code that can be scanned by the mobile terminal, and can be replaced by another type of image code that can be scanned by the mobile terminal. For example, image codes include bar codes, data matrices, maxi codes, and PDF-417.

6 is a diagram illustrating a process of decrypting, by another user terminal, an encrypted file generated according to another embodiment of the present invention. Specifically, this embodiment is a decryption process when the user terminal 100 is not connected online.

Referring to FIG. 6, in the user terminal 100, a user selects an encryption file to be decrypted (S601).

When the encryption file is selected, that is, when the .exe file is executed, the encryption file requests the user to input an open password (S602). If it is an encrypted file with a compressed file extension, decompress it and prompt for the open password. (See FIG. 9A)

The user enters an open password (S602). The open password may be obtained from the user who created the encrypted file.

The encryption file extracts the UUID by decrypting the UUID (encryption) using the received open password as a key (S603).

If the decryption is not possible, an error message is displayed (S604). The error message is the same as, for example, FIG. 9B.

On the other hand, if decryption is possible, the encryption file transmits the generated UUID to the server 200 and requests confirmation of restriction information. Since the user terminal is not connected to the online, the restriction information confirmation request is impossible (S605).

That is, in the embodiment described with reference to FIGS. 2 to 4, the encryption file requests confirmation of restriction information while transmitting the generated UUID to the server 200, but in the present embodiment, the user terminal 100 connects online. Since this is not done, it is not possible to directly request the server 200 to confirm the restriction information.

The encryption file outputs a confirmation code and a QR code and requests input of an authentication code (S606). The QR code may be as shown in FIG. 10A, for example.

Specifically, the QR code includes the server URL information and the confirmation code, and the confirmation code is encrypted by seeding the UUID of the encryption file. In other words, decrypting the verification code can obtain the UUID of the encryption file. For example, in (a) of FIG. 10, the confirmation code is 1343-9801-2336-0369, where the first four digits 1343 are a key that encrypts the UUID and the last twelve digits are the result of encrypting the UUID. Therefore, as described below, when the user accesses the server through a mobile terminal and the confirmation code is input to the server, the server decrypts 9801-2336-0369 using 1343, and as a result, may extract the UUID of the encryption file.

The user scans the QR code displayed on the screen of the user terminal 100 using the mobile terminal 300 (S607). The mobile terminal 300 may extract the server URL and the confirmation code from the QR code (S608). As a result of the scan, the mobile terminal 300 is connected to the server 200 by the server URL (S609), and the confirmation code is automatically input (S610). The screen of the mobile terminal 300 may be displayed as shown in FIG.

The server 200 may extract the UUID from the confirmation code (S611). The server 200 checks the restriction information using the corresponding UUID (S612). Specifically, by checking the restriction information of the encryption file corresponding to the corresponding UUID stored in the server 200, it is determined whether it can be decrypted. Specifically, if both the number of times and the expiration date are satisfied, decryption is possible, and if either of the number of times and the expiration date is not satisfied, decryption is impossible. When the number of openings is satisfied, the number of openings is 1 or more, and when the validity period is satisfied, it means that the current time point does not exceed the validity period.

If it is impossible to decrypt, the server 200 notifies the mobile terminal 300 of the non-decryption (S613) and the mobile terminal 300 displays an error message (S614). For example, an error message displayed when decryption is not possible due to an excessive number of openings may be, for example, as illustrated in FIG. 10C.

If the decryption is possible, the server 200 discounts the number of openings by 1 (S615) and transmits the authentication code to the mobile terminal 300 (S616). The authentication code is output on the screen of the mobile terminal 300 (S617). The user checks the screen of the mobile terminal 300 and inputs the authentication code in the user terminal 100 (S618). Specific examples thereof may be the same as those of FIGS. 10D and 10E.

Specifically, the authentication code is to encrypt the verification code as the number of openings / expiration date / check code. The authentication code shown in (d) and (e) of FIG. 10 is H3J $ QSUQZ- $ 6 + 6UJE9SXVE, which is the confirmation code 1343-9801-2336-0369f in FIG. / Checkcode is encrypted.

The encryption file can be used to decrypt the authentication code using a verification code to extract the number of openings / expiration date / check code, and check the check code so that the input authentication code matches the authentication code generated by the server 200. You can check whether If the authentication code is entered incorrectly, an error message indicating that the authentication code does not match is displayed. On the other hand, if the input authentication code matches, the UUID is used as a key and the original file (encryption) is decrypted using the decryption program recorded in the file (S619). As a result, the original file is output to the user terminal 100 (S620).

On the other hand, it has been described that the UUID is used in step S611, but the summary information of the UUID, that is, UUID_Index may be used. Specifically, when using the UUID_Index, the user terminal 100 can decrypt the UUID and UUID_Index by using the open password as a key. In addition, when the encryption file outputs a QR code, the QR code includes a server URL and a verification code, and the verification code may be generated as a seed UUID_Index. The server 200 may check the restriction information by checking UUID_Index in the confirmation code.

7 is a block diagram showing the configuration of an encryption program according to another embodiment of the present invention.

Referring to FIG. 7, the encryption program according to the present embodiment includes an environment setting module 711, a UUID generation module 712, an encryption module 713, and a file generation module 714.

The environment setting module 711 receives an environment setting by executing an environment interface when a user executes an encryption program in the user terminal 100. Environment settings include encryption file generation location, protection method setting, and user information setting. The contents of the environment setting, that is, the encryption file generation position, the protection method setting, and the user information setting are the same as those described with reference to FIG. 2.

The configuration module 711 defaults to requesting the configuration setting when the encryption program is first executed, and does not request the configuration setting when the encryption program is executed later. However, when the user wants to apply other environment settings, the environment setting module 711 may execute another environment setting interface and receive another environment setting.

In addition, the environment setting module 711 transmits the limited information, that is, the limit of the number of open times and the valid period limit, to the server 200 among the generated environment settings.

The UUID generation module 712 generates a UUID of the encryption file and transmits the UUID to the server 200. UUID is identification information for distinguishing one encrypted file from another encrypted file. Therefore, different UUIDs are generated for each encrypted file.

On the other hand, from the viewpoint of the server 200, the restriction information is received from the environment setting module 711, and the UUID of the encryption file is received from the UUID generation module 712. Since the restrictions applied to each encryption file may be different, the server 200 stores the UUID and the restriction information of the encryption file in correspondence.

The encryption module 713 encrypts the UUID using the open password as a key. Thus, when receiving an open password from a user, the open password can be used to decrypt the UUID.

In addition, the encryption module 713 encrypts the original file using the UUID as a key. Therefore, if it can be decrypted (specifically, if the decryption response of the server 200 is decryptable), the original file can be decrypted using the UUID.

The file generation module 714 generates a final encryption file. Specifically, the file generation module 714 records the UUID (encryption), the original file (encryption), and the decryption program in the encryption file. That is, the structure of the encryption file finally generated by the file generation module 714 is as follows.

The open password is an open password received from the configuration module 711, and the UUID (encryption) and the original file (encryption) are encrypted by the encryption module 713.

The decryption program includes an algorithm that reversely decrypts the UUID (encryption) and the original file (encryption). Specifically, when the decryption program wants to decrypt the encrypted file in another user terminal 100, the decryption program requests the user to input an open password and receives the open password.

In addition, the decryption program decrypts the UUID (encryption) by using the received open password as a key to obtain a UUID. When the user terminal 100 to be decrypted is connected online, the UUID is transmitted to the server 200. Request confirmation of the restriction information, and in response receive a decipherability. If the response is decipherable, the decryption program decrypts the original file (encryption) with the previously decrypted UUID as a key to obtain the original file.

On the other hand, the decryption program generates a confirmation code and a QR code when the user terminal 100 to be decrypted is not connected online and displays it on the screen of the user terminal 100 (see FIG. 10A). The QR code includes the server URL information and the confirmation code, which is a seed encrypted of the UUID of the encryption file. In other words, decrypting the verification code can obtain the UUID of the encryption file. The above-described QR code is used in the process of the user mobile authentication using the mobile terminal 300.

In addition, when the user inputs the authentication code, the decryption program decrypts the authentication code with a verification code as a key, extracts a check code, and checks the check code to generate the input authentication code in the server 200. Determine whether it matches the authentication code.

Meanwhile, although the UUID is taken as an example of file identification information in the present embodiment, summary information of the UUID, that is, UUID_Index, may be used. Specifically, when UUID_Index is used, the UUID generation module 712 generates a UUID and transmits the UUID to the server 200, and the server 200 receives the UUID, generates the UUID_Index, and sends the UUID_Index back to the encryption program. Can be. In addition, the encryption module 713 may encrypt the UUID and UUID_Index using the open password as a key, and the file generation module 714 may record the UUID (encryption) and UUID_Index (encryption) in a file. In addition, the decryption program recorded in the encrypted file by the file generation module 714 determines whether the user terminal 100 is online, and when connected to the online, transmits the decrypted UUID_Index to the server 200. A request for confirmation of the restriction information may be requested and a response may be received whether or not it can be decrypted. On the other hand, when not connected to the online to generate a QR code and confirmation code to display on the screen of the user terminal (100). The QR code includes the server URL information and the confirmation code, which is a seed encrypted of the UUID of the encryption file.

On the other hand, as another embodiment according to the present invention, a management method of the generated encrypted file will be described below.

Referring to FIG. 11A, the user terminal 100, specifically, the user terminal 100 that generates an encryption file, executes an encryption program and selects to manage a generated file. As a result, the user terminal 100 may access the server 200 and call an interface as shown in FIG. 11B.

The interface displays a list of generated encryption files. Specifically, the file name, type, opening number limit information (use / limit number), creation date, validity limit information (limit date), and recent use date are displayed for each generated encrypted file.

The user (encryption file creator) can select a check box of an encryption file to disable, suspend or delete each encrypted file.

If Disable is selected, the encrypted file is not decrypted regardless of the limit information such as the number of open times or the expiration date. That is, when another user terminal 100 attempts to decrypt the encrypted file, in step S307 of FIG. 3, the server determines that the decryption is impossible.

Unsuspension means to cancel the deprecation described above.

Deletion deletes the encrypted files displayed in the list.

Meanwhile, in the above-described embodiments, the UUID or UUID_Index is described as an example of identifying the file to be encrypted, but the present invention is not limited thereto, and an identification code of a developer-defined format may be used as the identification information, or other. A unique code that can be uniquely identified can be used as identification information of the file.

While the specification contains many features, such features should not be construed as limiting the scope of the invention or the scope of the claims. In addition, the features described in the individual embodiments herein can be implemented in combination in a single embodiment. Conversely, various features described in a single embodiment of the present specification can be implemented individually in various embodiments or at appropriate subcombinations.

Although the operations are described in a particular order in the drawings, they should not be understood to be performed in a particular order as shown, or in a sequential order, or as all of the described actions are performed to achieve a desired result. . In some circumstances, multitasking and parallel processing may be advantageous. It should also be understood that the division of various system components in the above embodiments does not require such distinction in all embodiments.

The present invention described above is capable of various substitutions, modifications, and changes without departing from the technical spirit of the present invention for those skilled in the art to which the present invention pertains. It is not limited by the drawing.

411 configuration module 412 UUID generation module
413 encryption module 414 file generation module

Claims (13)

delete delete delete delete delete delete delete A method of decrypting an encrypted file at a user terminal using a mobile terminal capable of communicating with a server storing decryption restriction information of the encrypted file,
Displaying, at the user terminal, an open password input window and receiving an open password from a user;
Extracting, at the user terminal, an identification code from the encrypted file using the open password;
Encrypting, at the user terminal, the identification code with an encryption key to generate an identification code comprising the encrypted identification code and the encryption key;
Generating and displaying, at the user terminal, an image code including the generated confirmation code and an access address of the server;
Transmitting, at the mobile terminal, the verification code to the server by using the access address extracted by scanning the image code;
Receiving and displaying, at the mobile terminal, an authentication code obtained by encrypting information about whether the encryption file can be decrypted with the verification code from the server; And
Receiving, at the user terminal, the authentication code and decrypting the corresponding authentication code with the verification code to confirm whether the encryption file can be decrypted, and if decryptable, decrypting the encryption file using the identification code; Encrypting file containing method. delete The method of claim 8,
And the image code is a QR code. delete The method of claim 8,
The information about the decipherable,
A method for decrypting an encrypted file, comprising information on the number of open times, the validity period, or whether to stop using the creator of the encrypted file. A computer-readable recording medium having recorded thereon a program for executing the method according to any one of claims 8, 10 or 12.

Images