KR101516717B1 - The system for securing external collaboration - Google Patents

The system for securing external collaboration Download PDF

Info

Publication number
KR101516717B1
KR101516717B1 KR1020140093538A KR20140093538A KR101516717B1 KR 101516717 B1 KR101516717 B1 KR 101516717B1 KR 1020140093538 A KR1020140093538 A KR 1020140093538A KR 20140093538 A KR20140093538 A KR 20140093538A KR 101516717 B1 KR101516717 B1 KR 101516717B1
Authority
KR
South Korea
Prior art keywords
document
distribution
distributed
collaboration
external
Prior art date
Application number
KR1020140093538A
Other languages
Korean (ko)
Inventor
윤태규
Original Assignee
(주)와우소프트
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)와우소프트 filed Critical (주)와우소프트
Priority to KR1020140093538A priority Critical patent/KR101516717B1/en
Application granted granted Critical
Publication of KR101516717B1 publication Critical patent/KR101516717B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/93Document management systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Abstract

The present invention relates to a system that can apply and distribute a management and security policy to a document file when sharing a document in the collaboration environment with an external company. More specifically, the present invention relates to an external collaboration security system, where a security policy is set and registered in a distributed document, the distributed document is accessed by using a terminal of an external company, allowing editing and inquiry within the scope of security policy, and also history management of the distributed document can provide an environment for safe sharing. In addition, the present invention relates to the external collaboration security system where a virtual disk is set for the distribution, access to the virtual disk, document inquiry and editing are only granted by using the application allowed for the distributed document, so that the distributed document cannot be copied, moved, saved, created, renamed, printed or screen captures by controlling the application. In addition, the present invention relates to the external collaboration security system that can collect and manage the log of use of the distributed document.

Description

{THE SYSTEM FOR SECURING EXTERNAL COLLABORATION}

The present invention relates to a system capable of applying management and security policies for document files when sharing documents through a collaborative environment with external partners.

More specifically, a security policy is set and registered in a distributed document, and a registered distribution document is accessed using a terminal of an external supplier so that the document can be viewed and edited within the scope of a set security policy And also provides an external collaborative security system that is specific to providing a secure, shared-based environment through history management of distributed documents.

Wherein the distributed document is distributed using a local virtual drive or a network virtual drive.

In addition, the present invention establishes and distributes a virtual disk, permits a virtual disk to be accessed, viewed, or edited only through an application program permitted to the distributed document, so that the distributed document can be copied, moved, stored, Generating, storing in a different name, printing a printer, and capturing a captured image are interrupted.

The present invention also relates to an external collaborative document distribution security system which specifies that a log of use histories of distributed documents is collected and managed.

Generally, corporations or public institutions provide the technical information created internally or documents such as official documents or drawings to external users such as external partners to process the projects together.

However, when there are many external partners who share documents and share information, they can not be distributed by mail or mail, and most documents contain internal information that requires security. There is a need to build a document distribution security system.

According to this necessity, the applicant of the present invention has proposed a method for transmitting an enhanced document to a stream when an external user requests to receive the document, receiving an image of the document by an external user, User Document Distribution Security System '(Registration No. 10-1057743) has been patented.

However, when collaborating with external partners, in addition to viewing or outputting documents, external users may have to provide the original files so that they can edit the documents.

Therefore, you should be able to distribute documents to external users, including both 'View-only Collaboration' and 'View / Edit Collaboration', especially if you provide the original file to allow 'editing' An external collaborative security system that can securely secure the security of the original file, the editing style, and the usage management is desperately needed.

The applicant of the present invention has discovered the present invention in order to integrate 'view-only collaboration', which is a function of the existing 'external user document distribution security system', and 'view / edit collaboration,

In particular, if an original file is provided to allow "editing", the original file is provided through a separate drive displayed in the file explorer window of the external user's computer, (ii) can be provided in a network drive manner.

On the other hand, according to the prior patent, Registration No. 10-0549644 describes an application-specific access control system using a virtual disk that increases the operating efficiency of a storage space and a control method thereof.

In brief, the system includes a capacity variable VSD image file module, an encryption / decryption module, a VSD file system module, and an access control device.

That is, it is required to access only the authorized source program while managing the security file with the virtual disk, and decrypt the encrypted file when inputting and outputting the security file.

The prior patent is similar to the present invention in that a separate drive is used. However, unlike collaboration with external users, the prior patent is a technology for meeting a technical problem for preventing information leakage from the inside, Differences arise in the points.

First, you can not collaborate with external users by choosing the 'View' or 'View / Edit' policies, centered on internal users.

Second, when you provide the original file for editing, you can not select the local or network drive method depending on the size or type of the file. You also can not choose the local or network drive method by deciding whether to make the file's material available to external users.

Third, there is a problem that capture prevention, watermark output, period expiration processing and / or usage log processing performed for information security can not be performed irrespective of 'inquiry' or 'inquiry / editing'.

The above-mentioned difference is a schematic matter, and more detailed matters will be described later in detail.

Patent Registration No. 10-0549644 (2006.02.06. Announcement) Registered Patent Publication No. 10-1057743 (issued on August 19, 2011)

An object of the present invention is to provide a collaborative security system for establishing a collaborative security system that can easily collaborate by distributing a document to an external user, while preventing information of a document from being leaked.

An object of the present invention is to provide a collaborative security system capable of collaborating with external users by selecting 'inquiry-only' or 'inquiry / edit' policies based on internal users.

An object of the present invention is to provide a collaborative security system capable of ensuring information security by performing capture prevention, watermark output, period expiration processing or use log processing regardless of 'inquiry only' or 'inquiry / edit' have.

SUMMARY OF THE INVENTION An object of the present invention is to provide a method and apparatus for providing an original file in order to allow an external user to edit the file, The present invention also provides a collaborative security system capable of selecting a method.

According to an aspect of the present invention, there is provided an external collaboration security system including a document distribution client; Collaborative security server; And external user clients; , The document distribution client applies the distribution policy to the document to be distributed and stores it in the collaboration security server to distribute the document. The external user client accesses the collaboration security server and distributes the distributed document according to the applied distribution policy And a document can be viewed or edited. The present invention is directed to solve the technical problem by providing an external collaboration security system.

In addition, in the present invention, a document distributed in a cooperative security server is stored in a network virtual drive of a cooperative security server stored in a local disk virtual drive of an external user client or connected to an external user client through a network Thereby solving the technical problem.

Also, by providing an external collaborative security system that specifies that documents stored in the virtual drive are not allowed to be copied, moved, saved, created, saved under a different name, printed by the printer, and captured by the application control, .

The external collaborative security system according to the present invention can provide a collaborative security system capable of collaborating with external companies by selecting a 'view only' or 'inquiry / edit' policy according to a security policy, .

Further, the present invention can provide a collaborative security system capable of securing information security by performing capture prevention, watermark output, period expiration processing, or use log processing regardless of 'inquiry only' or 'inquiry / edit' Effect.

Also, in the case of providing an original file in order to allow 'editing' of an external user, the present invention may be configured such that an internal user uses a local or network drive method depending on the source file, editing mode, usage style, file size, It is possible to provide a collaborative security system that can be selected.

FIG. 1 is a view schematically showing the configuration and functions of a collaboration security system according to an embodiment of the present invention.
FIG. 2 is a view schematically showing a main configuration of a document distribution client and a collaboration security server in a collaboration security system according to an embodiment of the present invention.
FIG. 3 is a schematic diagram illustrating a main configuration of a collaboration security server and an external user client in a collaboration security system according to an embodiment of the present invention.
FIG. 4 is a diagram schematically illustrating a function of 'inquiry-only collaboration' in the cooperative security system according to the embodiment of the present invention.
FIG. 5 is a diagram schematically illustrating a function of providing an original file to a local drive among the 'view / edit collaboration' functions of the collaboration security system according to the embodiment of the present invention.
6 is a diagram schematically illustrating a function of limiting access to application programs other than the allowed application programs among the 'view / edit collaboration' functions of the collaboration security system according to the embodiment of the present invention.
FIG. 7 is a schematic view illustrating a function of limiting copying, movement, and attachment of a distribution document stored in a local disk virtual drive, among the 'view / edit collaboration' functions of the collaboration security system according to an embodiment of the present invention.
FIG. 8 is a view schematically illustrating a function of limiting the screen capture of the distributed document browsed among the 'view / edit collaborative' functions of the collaborative security system according to the embodiment of the present invention and inserting a watermark upon output.
FIG. 9 is a diagram schematically illustrating a function of processing a distribution document according to the expiration of the distribution valid period of the distribution document among the 'view / edit collaboration' functions of the collaboration security system according to the embodiment of the present invention.
FIG. 10 is a view schematically illustrating a function of processing a user's history log for a distribution document among the 'inquiry / edit collaboration' functions of the collaboration security system according to an embodiment of the present invention.
11 is a diagram schematically illustrating a function of providing an original file to a network drive among the 'view / edit collaboration' functions of the collaboration security system according to the embodiment of the present invention.

The terms and words used in the present specification and claims should not be construed as limited to ordinary or dictionary terms and the inventor may properly define the concept of the term in order to best describe its invention It should be construed as meaning and concept consistent with the technical idea of the present invention.

Therefore, the embodiments described in the present specification and the configurations shown in the drawings are merely the most preferred embodiments of the present invention and are not intended to represent all of the technical ideas of the present invention. Therefore, various equivalents It should be understood that water and variations may be present.

First, as described above, the applicant of the present invention, in the patent registration No. 10-1057743 (external user document distribution system), converts the printing frame control module for each page of the document file, encrypts it, And extracting the image data from the image data.

Before describing the present invention with reference to the accompanying drawings, it is not necessary to disclose matters which are not necessary for revealing the gist of the present invention, that is, those known to those skilled in the art, Let the sound be revealed.

The present invention relates to a system capable of applying a security policy to a document file to be distributed to an external partner company by setting a security policy in a document to be distributed and registering the document in a distributed manner, The present invention relates to an external collaborative security system, which is capable of accessing and editing a document within a scope of a set security policy. Wherein the distributed document is distributed using a local virtual drive or a network virtual drive.

FIG. 1 is a view schematically showing the configuration and functions of a collaboration security system according to an embodiment of the present invention.

FIG. 1 of the accompanying drawings shows an overall configuration of an external collaborative security system according to the present invention includes a document distribution client 100, a collaborative security server 200, and an external user client 300.

The document distribution client 100 includes a document distribution unit 110 for establishing an interface and a distribution policy for a document to be distributed, which is a terminal for accessing the collaboration security server 200 and for distributing a document to be distributed. The document distribution client 100 also includes approval approval means 120 for performing approval approval with respect to the uploaded document.

The document distribution means 110 includes a document distribution interface, a distribution policy setting module, and a document uploading module.

The document distribution interface is an interface for selecting or retrieving documents to be distributed, through which an interface for selecting documents is displayed.

Here, a document refers to all documents in a form that can be stored in a computer, such as a Korean file, an office file, a drawing (CAD) file, a compressed file and an executable file as well as an image file.

The distribution policy setting module is for applying the distribution policy for the document to be distributed, and the distribution policy includes meta information and access authority information about the document to be distributed.

At this time, the meta information includes recipient user information and distribution reason information for the distribution document.

The distribution document is configured so that only a specific user can view the distribution document according to the recipient user information. In other words, if there are a number of external partners, the distribution document is made visible to only the designated users for each set partner, thereby preventing the distribution document from being exposed to a large number of partners.

For example, one vendor can maintain a partnership with multiple vendors. Accordingly, according to the above configuration, it is possible to distribute a specific document only to a specific company by designating distribution documents according to cooperation relationship with a plurality of companies.

Deployment reason information has the nature of a distribution document. In other words, it provides information on the reason for distribution, and indicates to the partner company the reason for distribution for some reason.

The access authority information includes a query edit, whether to allow output, whether to allow screen captures, and a distribution validity period.

That is, the access right information sets the processing permission information for the distribution document, and it is set to simple inquiry, edit permission, printing permission, screen capture permission, and document validity period.

More detailed distributed documents can be copied, moved, saved, created, saved under different names, printer output, and screen capture through the control of the application program.

Here, the query refers to the ability to access the distribution file and view its contents. It is a "readable" permission. Editing means permission to "read" the distribution document while reading it.

At this time, the respective settings can be configured to be interlocked with each other. For example, if a simple query is selected and configured, editing is configured to not be allowed, and if editing is allowed, simple queries are also allowed.

In the above configured configuration, if the distribution validity period is set and the set validity period has elapsed, the document can be configured to be deleted or not displayed.

When a simple query is set, the distribution document is set to be read only, and the distribution document is converted into an image and displayed. At this time, when the distribution document is composed of a plurality of pages, only a predetermined page can be processed and displayed according to the setting, and the remaining pages can be configured to be blind processed. In addition, if the distribution document is an image, it can be configured to be displayed without being converted into an image, but in the case of a specific image, it can be configured to be displayed in an format that can be viewed in an acceptable application.

The document upload module is for uploading the selected document to the collaboration distribution server, and transmits the selected document to the collaboration distribution server based on the user's operation.

The approval approval means is constituted so that the third party of the company distributing the document distributes the document according to the approval, and can be configured in cooperation with the electronic approval system.

For example, when a first user of a company uploads a distribution document to a collaborative distribution server, the uploaded information is transmitted to a second user, and the second user distributes approval for distribution according to the transmitted information, .

Or may be configured to distribute the document after pre-approval according to design conditions.

Accordingly, an internal system for connecting a document distribution client to a network may be further included.

The internal system includes a document management system for storing and managing documents to be distributed, and an electronic approval system for approving a payment to a distribution document.

FIG. 3 is a schematic diagram illustrating a main configuration of a collaboration security server and an external user client in a collaboration security system according to an embodiment of the present invention.

The collaboration security server 200 is a server for distributing an uploaded document based on the distributed information. The uploaded document is displayed in accordance with the connection.

The collaboration security server 200 includes a view collaboration security means 210 and a virtual drive security means 220. The virtual drive security means 220 includes a local disk virtual drive security means 230 and a network virtual drive security means 220. [ (240). It may further include a document registering means, a retrieving means, a file encrypting means, and an exporting accepting means in accordance with design conditions.

The inquiry collaborative security unit 210 authenticates a user according to collaboration and allows access to the collaborative security server 200, and determines whether or not to permit access based on the inputted user information.

At this time, the inputted user information can be allowed by using the user ID and password information.

The local disk virtual drive securing means 230 includes a local drive creation module, an allowed program setting module, a copy / move and store processing module, a capture prevention module, an output policy setting module, a period expiration processing module and a user history log processing module .

That is, the local disk virtual drive securing means 230 restricts copying, moving, storing, saving (filename change), printer output, screen capture, etc. to the distribution document under the control of an application program And performs not only the generation of a file in the local drive but also the distribution period of the distribution document and the history of the user accessing the file and processing of the log.

The local drive creation module creates a virtual local drive on the external user client, and is a storage space that is set virtually by allocating a part of the actual local disk.

That is, a virtual physical space is constituted by a local drive creation module, and the distribution document is stored in a virtual local drive.

Also distributed and edited documents are stored on this virtual local drive.

This virtual local drive has the advantage that the access speed to the distribution document such as file browsing is fast and the stored distribution document can be accessed even when the Internet or the network is not connected.

In addition, the virtual local drive can be configured so that a user can freely create and delete folders under the virtual local drive.

The program setting module sets up an application program that can browse the distribution document. At this time, the application program may be applied differently depending on the distribution policy and the type of the distribution document.

For example, if the deployment document is an image or if the deployment policy is set to lookup only, the application is set to an image viewer that can view the image.

Also, if the distribution document is allowed to be edited, it is set as an application program capable of viewing the distribution document. At this time, the distribution document is configured not to be browsed through an unacceptable application program such as the web, mail, messenger, and auxiliary storage medium, and the browsing through the URL (Uniform Resource Locator) is also blocked.

The copy / move and storage processing module is a module for preventing a distribution document stored in a virtual local drive from being copied and moved to a local disk, a USB memory, a CD drive, etc. by operation. Here, copy, move, and save processing module means to allow or restrict the distribution document to copy, move, store, create and save to another name based on the policy of the application program.

It is configured to be able to copy and move within a virtual local drive according to design conditions, but can be configured to limit copying and movement to a storage medium other than a virtual local drive.

The capture prevention module prevents the distribution document from being leaked through screen capture after viewing the distribution document. For example, the capture prevention module restricts the operation of the PrtSc (print screen) button of the keyboard and the operation of the right button of the mouse will be.

Depending on the design conditions, it may also be configured as a method of capturing a screen, pasting the captured image into another application, preventing the paste, or inserting a watermark in the captured image.

The output policy setting module is a module for limiting the printing through the printer for the distribution document which is allowed to be output during the setting of the distribution policy.

Normally, when a document is output to a printer, an output policy setting module and a printer driver operate in conjunction with each other.

In other words, when the user issues a print command through an allowed application, the output policy setting module is activated. The spooler service is called while providing an event standard service related to the start and end of the entire print job, The printer driver of the printer in which the output is performed calls the printer driver to generate output data in a printable format (e.g., PS, PCL, etc.).

The output policy setting module of the present invention controls the output policy setting module such that page-by-page conversion and transmission are performed without going through an output waiting job and a conversion job for the entire page.

For example, if the operating system (OS) is a Windows environment, when there is a transmission request for a document file, the output policy setting module calls the GDI (Graphics Device Interface) service of the output policy setting module first, After that, the GDI service transfers data to the GDI rendering engine while preventing the GDI service from calling the spooler service, so that rendering is performed on a page-by-page basis.

Depending on the design conditions, other output policy configuration module control methods are also possible, especially Windows (Windows) operating system (OS), because hardware and software developers can replace or modify their printing components.

According to the output policy setting module, a water mark is inserted into the printout and outputted.

Therefore, when pirated and used for commercial or other purposes without legitimate consideration or permission, the original owner can be verified by checking the printed watermark. In other words, you can prevent duplication without disrupting the use of the application in the distribution document.

It can also be used to reveal the source of the original or to track who has the information delivered, so it can be used to track replication paths as well as original copy protection.

It goes without saying that such a watermark can be applied to screen capturing according to design conditions.

The term expiration processing module is a module for setting the distribution document to be deleted or not to be browsed if the distribution period of the document is set during the setting of the distribution policy. The period set in accordance with the design conditions can be configured to be changeable.

Accordingly, since the document can be distributed only during the set period, there is an advantage that it is not necessary to set the deletion restriction of the distribution document and the restriction of the reading restriction according to the additional action on the distribution document.

The user history log processing module is a module that stores and manages the usage history of the distribution document. When the user tries a history of viewing, outputting, and editing the distribution document and an unacceptable distribution policy, do.

Here, the history log includes information such as the user ID, the name of the distribution document, the computer name of the connected computer, the IP of the connected computer, the time at which the history log was generated, and the history of document usage.

In this manner, the revocation history management of the distribution document can be performed through the expiration termination processing module and the user history log processing module, and it is possible to provide a trace basis for illegal document leakage of the external user in the future. In addition to this, there is an advantage that it is possible to provide an environment for managing document life-cycle from the time of document distribution to the disposal through systematic document history management.

The collaboration security server can also be configured to manage the version of the distribution file while managing the distribution policy of the document as described above. For example, if an initial deployment document is deployed with version 1.0, and the deployed document has an error, the document is corrected for errors and is distributed as version 1.1 so that the user can easily check the deployed document by checking the version information.

The network virtual drive setting module 240 is for accessing and browsing the virtual drive of the collaboration security server through the network when the distribution document is stored in the collaboration security server.

That is, the external user client 300 can browse the document distributed through the network virtual drive setting module 240.

Likewise, it is determined whether the document to be browsed or edited based on the distribution policy set.

Also, the collaboration security server 200 may further include a document registration management means, a search means, a file encryption means, and an export approval means in accordance with design conditions.

The document registration management means judges whether the user is an authorized user, registers the uploaded distribution file by the permitted user, and permits the authorized user to delete and change the registered distribution file.

The search means searches for and displays a file according to a search condition, and can be configured to search for a name of a file, a modification (modification) date, an upload date, the number of uploaded users and viewers, and the like as search conditions.

The file encryption means is for encrypting and releasing the distribution file, and the distribution file can be encrypted and stored and managed.

The export approval means approves the export to the distribution file when the export file is approved and approved according to the export request, and the approved distribution file can be downloaded through the partner company's terminal. The distribution file approved for export can also be exported via file encryption, and the exported distribution file can be provided with a method for releasing the encryption according to a separate request.

The collaboration security server 200 may be configured in conjunction with a customer information security transmission system capable of securely distributing documents to partner companies.

The external user client 300 includes a stream viewer 310, a network drive authentication means 320, and an allowed application program. The external user client 300 is a terminal for accessing the collaboration security server 200 from outside to browse a distribution document.

The stream viewer 310 is for browsing a document distributed in the collaboration security server 200 in real time. The stream viewer 310 may convert the first page of the distribution document into a thumbnail and display it on the screen. Therefore, there is an advantage that the distribution document can be easily confirmed.

The drive authentication means 320 displays the local disk virtual drive or the network virtual drive, and the display of the virtual drive is performed based on the user's login.

The permitted program is a program installed in the external user client and is set by searching for an allowed program among the programs installed in the external user client connected when accessing the cooperative security server 200. [

With this configuration, deployed documents can collaborate with external companies by selecting 'View Only' or 'View / Edit' policies according to security policy, and deployed documents can be displayed in 'View Only' or 'View / Edit' Regardless, capture of information, watermark output, expiration processing, or usage log processing can be performed to ensure information security. In addition, even if an original file is provided to allow 'editing', it is stored in the virtual drive according to the type of the original file, the editing mode, the usage style, the size of the file, or the type of the file, There are advantages to be able to.

FIG. 4 is a diagram schematically illustrating a function of 'inquiry-only collaboration' in the cooperative security system according to the embodiment of the present invention.

If the deployment policy of the deployment document is set to allow only referrals (for example, 'read' of the document), the deployment document is converted to an image, and the converted image is viewed through an application permitted by the external user client.

At this time, the converted image may be configured to be converted into a high-resolution image, and is configured to be viewed without conversion when the distributed document is an image.

FIG. 5 is a diagram schematically illustrating a function of providing an original file to a local drive among the 'view / edit collaboration' functions of the collaboration security system according to the embodiment of the present invention.

Documents distributed through the collaboration security server 200 are stored and managed in a local drive virtual drive, and copying and moving of stored distribution documents to other storage media is limited. At this time, it is configured to be able to create and delete folders in the local drive virtual drive, so that the distribution document can be stored and managed by type or personality.

6 is a diagram schematically illustrating a function of limiting access to application programs other than the allowed application programs among the 'view / edit collaboration' functions of the collaboration security system according to the embodiment of the present invention.

If the distribution document is allowed to be edited, the distribution document is stored and managed in the local disk virtual drive, and the stored document is only browsed by the permitted application.

For example, if the distribution document consists of a Word file, an Excel file, a PowerPoint file, a CAD file, a PDF file, and a picture file, the file is only read by the installed application, And is not allowed to be viewed by a viewer or the like.

FIG. 7 is a schematic view illustrating a function of limiting copying, movement, and attachment of a distribution document stored in a local disk virtual drive, among the 'view / edit collaboration' functions of the collaboration security system according to an embodiment of the present invention.

If the distribution document is allowed to be edited, the distribution document is stored and managed in the local disk virtual drive, and the stored distribution document is not allowed to be copied and moved to another storage medium. In addition, it is configured to not be attached to the web or e-mail so that the distribution document is securely managed.

That is, a document stored in the local disk virtual drive is not allowed to be copied or moved outside the virtual drive, and is configured to be stored according to a distribution policy or to be stored under a different name (renaming the distribution document) is not permitted.

FIG. 8 is a view schematically illustrating a function of limiting the screen capture of the distributed document browsed among the 'view / edit collaborative' functions of the collaborative security system according to the embodiment of the present invention and inserting a watermark upon output.

If the distribution document is allowed to be edited, the distribution document is stored and managed in the local disk virtual drive, and the stored distribution document is not allowed to be screened, and a watermark is printed even when outputting.

Depending on the design conditions, a watermark may be inserted even when a screen is captured and pasted into another application program.

The output resulting from the insertion of such a watermark may be illegally duplicated and verified as the original owner by verifying the printed watermark when used for commercial or other purposes without reasonable consideration or permission. In other words, you can prevent duplication without disrupting the use of the application in the distribution document.

FIG. 9 is a diagram schematically illustrating a function of processing a distribution document according to the expiration of the distribution valid period of the distribution document among the 'view / edit collaboration' functions of the collaboration security system according to the embodiment of the present invention.

If the distribution document is allowed to be edited, the distribution document is stored and managed in the local disk virtual drive. When the effective distribution period elapses according to the distribution policy, the file is deleted. At this time, the effective distribution period can be configured to be reset and can be stored in a hidden blind state or a non-readable state according to design conditions.

FIG. 10 is a view schematically illustrating a function of processing a user's history log for a distribution document among the 'inquiry / edit collaboration' functions of the collaboration security system according to an embodiment of the present invention.

The distribution document stored in the local disk impersonation drive is stored by detecting the history log that has been executed according to the user's execution.

The history log includes information such as the user ID, the name and time of the distribution document, the name of the computer connected, the IP of the connected computer, the time at which the history log was generated, and the history of document usage. In addition, history logs for unacceptable operations (copy, move, output, and execution to unauthorized applications) are also saved.

11 is a diagram schematically illustrating a function of providing an original file to a network drive among the 'view / edit collaboration' functions of the collaboration security system according to the embodiment of the present invention.

If the distribution document is allowed to be edited, the distribution document is stored and managed in the local disk virtual drive. The internal user who manages the distribution document generates and provides the distribution folder for each partner company. In the case of the external user client, do. As shown in the attached drawing, when the user of the external A supplier logs in, only the A partner distribution folder is displayed on the external user client, and only the corresponding folder is accessible.

As a result, the partner company distributing the documents can distribute different documents to multiple partners. It is a matter of course that the supplier receiving the distribution document can also be the main partner distributing the document.

1 to 11 are merely the main points of the present invention, and various designs can be made within the technical scope thereof, so that the present invention is limited to the configurations and functions of Figs. 1 to 11 It is self-evident.

100: Document Distribution Client
110: Document distribution means
120: Approval approval means
200: Collaboration security server
210: view collaboration security measures
220: Drive security measures
230: Local disk virtual drive security measures
240: Network virtual drive security measures
300: External user client
310: Stream Viewer
320: drive authentication means

Claims (12)

Document distribution client; Collaborative security server; And external user clients; An external collaborative security system,
Wherein the document distribution client applies a distribution policy to a document to be distributed and stores the document in the collaboration security server,
Wherein the external user client accesses the collaboration security server and is configured to be able to view or edit the distributed document according to the applied deployment policy,
The distribution policy,
Meta information including user information about the document to be distributed; And access authority information including inquiry, edit, printout, screen capture, watermark on printout, whether or not watermarking on screen capture, and distribution validity period,
The distributed document is,
Distributed on the basis of approval approval,
It can only be read or edited with the allowed applications,
Wherein the document stored in the virtual drive is stored in a network virtual drive of the collaboration security server stored in the virtual disk of the external user client or connected to the external user client through a network, Is not allowed,
The collaboration security server includes:
Managing the distribution policy of the distributed document and the version of the distribution file, and managing the document life-cycle from the distribution point of the distributed document to the disposal of the user through the revocation history management of the distributed document Provides a manageable environment,
When the distributed document is prevented or outputting a screen capture, a screen is captured or output by applying a watermark to the distributed document in the case of preventing or outputting a screen capture,
Wherein the external user client is configured to be able to read the distributed document only through a stream viewer, wherein the external user client is capable of reading the distributed document only through a stream viewer,
Wherein the usage history information for the distributed document is stored and managed, wherein the usage history information includes at least one of download, save, output, file name change, move, copy, and delete.
delete delete delete delete delete delete delete delete delete delete delete
KR1020140093538A 2014-07-23 2014-07-23 The system for securing external collaboration KR101516717B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020140093538A KR101516717B1 (en) 2014-07-23 2014-07-23 The system for securing external collaboration

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020140093538A KR101516717B1 (en) 2014-07-23 2014-07-23 The system for securing external collaboration

Publications (1)

Publication Number Publication Date
KR101516717B1 true KR101516717B1 (en) 2015-05-04

Family

ID=53393576

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020140093538A KR101516717B1 (en) 2014-07-23 2014-07-23 The system for securing external collaboration

Country Status (1)

Country Link
KR (1) KR101516717B1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101657496B1 (en) * 2015-10-08 2016-09-19 (주)와우소프트 Management system for destruction of electronic document and output document
CN113794777A (en) * 2021-09-16 2021-12-14 深圳潮数软件科技有限公司 Safety file ferrying system
US11632418B2 (en) 2021-05-28 2023-04-18 Samsung Sds Co., Ltd. Method and apparatus for managing access to file stored in a remote location

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070013500A (en) * 2005-07-26 2007-01-31 삼성전자주식회사 Apparatus and method for forming image with security
KR20130035124A (en) * 2011-09-29 2013-04-08 이청종 Cloud system enhanced security and security management method thereby

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070013500A (en) * 2005-07-26 2007-01-31 삼성전자주식회사 Apparatus and method for forming image with security
KR20130035124A (en) * 2011-09-29 2013-04-08 이청종 Cloud system enhanced security and security management method thereby

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101657496B1 (en) * 2015-10-08 2016-09-19 (주)와우소프트 Management system for destruction of electronic document and output document
US11632418B2 (en) 2021-05-28 2023-04-18 Samsung Sds Co., Ltd. Method and apparatus for managing access to file stored in a remote location
CN113794777A (en) * 2021-09-16 2021-12-14 深圳潮数软件科技有限公司 Safety file ferrying system

Similar Documents

Publication Publication Date Title
US11349819B2 (en) Method and system for digital rights management of documents
US8245306B2 (en) Digital rights management printing system
US20080294899A1 (en) Secure management of document in a client-server environment
US20040125402A1 (en) Document printing program, document protecting program, document protecting system, document printing apparatus for printing out a document based on security policy
US20040039932A1 (en) Apparatus, system and method for securing digital documents in a digital appliance
US20120221944A1 (en) System for digital and remote document revision and execution with document escrow
JP2007072639A (en) Content management server
US8887290B1 (en) Method and system for content protection for a browser based content viewer
CN104036163B (en) Rights management in Distributed Scans system
JP4282301B2 (en) Access control server, electronic data issuing workflow processing method, program thereof, computer apparatus, and recording medium
KR101516717B1 (en) The system for securing external collaboration
KR20150064822A (en) System for management of electronic documents
US8291507B2 (en) Document management system, document management method and computer program
JP2008052645A (en) Image forming system
CN104426898A (en) Server, terminal, digital rights management system and digital rights management method
US20210303640A1 (en) Document management system, processing terminal device, and control device
US11418484B2 (en) Document management system
JP2015158873A (en) management system, management method, and program
JP4410185B2 (en) Information processing apparatus and method, and program
KR101478708B1 (en) Monitoring system of printed matter using mobile device
CN104038656B (en) Metadata in Distributed Scans system is supported
JP2008225645A (en) Document management system, additional edit information management device, document use processor, additional edit information management program and document use processing program
KR102448531B1 (en) Decryption system of the electronic document
US11575805B2 (en) Information processing apparatus and information processing system to process document involving user authentication
JP2008181290A (en) Document management system, document management apparatus, restriction information management apparatus, document management program, and restriction information management program

Legal Events

Date Code Title Description
AMND Amendment
AMND Amendment
X701 Decision to grant (after re-examination)
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20180420

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20190423

Year of fee payment: 5