KR101745948B1 - Apparatus for collecting history of data in cloud environment, method thereof and computer recordable medium storing the method - Google Patents

Apparatus for collecting history of data in cloud environment, method thereof and computer recordable medium storing the method Download PDF

Info

Publication number
KR101745948B1
KR101745948B1 KR1020150158806A KR20150158806A KR101745948B1 KR 101745948 B1 KR101745948 B1 KR 101745948B1 KR 1020150158806 A KR1020150158806 A KR 1020150158806A KR 20150158806 A KR20150158806 A KR 20150158806A KR 101745948 B1 KR101745948 B1 KR 101745948B1
Authority
KR
South Korea
Prior art keywords
file
log
secret key
history
user terminal
Prior art date
Application number
KR1020150158806A
Other languages
Korean (ko)
Other versions
KR20170055714A (en
Inventor
김태훈
Original Assignee
성신여자대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 성신여자대학교 산학협력단 filed Critical 성신여자대학교 산학협력단
Priority to KR1020150158806A priority Critical patent/KR101745948B1/en
Publication of KR20170055714A publication Critical patent/KR20170055714A/en
Application granted granted Critical
Publication of KR101745948B1 publication Critical patent/KR101745948B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • G06F17/30091
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems

Abstract

The present invention relates to an apparatus and method for collecting data history of a cloud environment capable of safely providing a log file, which is a history of execution activities using user data, and a computer readable recording medium on which the method is recorded. The present invention relates to a data history collecting apparatus in a cloud environment capable of uploading or downloading a file to a cloud server that is connected to the cloud server by using the connection information input from the user terminal. A log creating unit for creating a file-by-file log record of the execution activity of the user terminal for each file during the session connection; A log storage unit for storing log history of each file; A secret key storage unit for storing a secret key corresponding to the file log history; And a secret key input window in response to a request to browse the log history of each file from the administrator terminal, and the secret key input through the secret key input window corresponds to the file log history stored in the secret key storage And an interface controller for displaying the log history of each file in accordance with the secret key.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an apparatus and method for collecting data history in a cloud environment, and a computer-readable recording medium on which the method is recorded.

The present invention relates to an apparatus and method for collecting data history in a cloud environment and a computer readable recording medium on which the method is recorded. More particularly, the present invention relates to a cloud environment capable of safely providing a log file, And a computer-readable recording medium on which the method is recorded.

Cloud Computing is a computer environment in which information is permanently stored on servers on the Internet and is temporarily stored on clients such as desktop devices, notebook computers, netbooks, and smartphones. That is, all the information of the user is stored on the server on the Internet, and the information can be used anytime and anywhere through various IT devices.

In other words, it is a computing service in which computing resources such as hardware and software existing in an intangible form such as a cloud are borrowed as much as they need and a usage fee is paid for the computing resources, Technology that integrates and virtualizes resources. Cloud Computing, an innovative computing technology that provides IT-related services such as data storage, processing, network, and content usage on a server on the Internet that is expressed in the cloud, is defined as 'on-demand outsourcing service of IT resources using the Internet'. With cloud computing, businesses or individuals can reduce the cost of maintaining, maintaining and managing computer systems, the cost of purchasing and installing servers, updating costs, purchasing software, etc., and saving time and manpower. You can contribute. In addition, when data is stored on a PC, data may be lost due to a hard disk failure or the like. However, since data is stored in an external server in a cloud computing environment, the data can be safely stored and the storage space can be overcome. You can view and modify documents you have worked on anywhere.

However, there are many security problems related to the use of cloud computing. To solve this problem, a log is recorded in which a user performs activities in a cloud computing environment, and a method of investigating the hacker as evidence is used have.

However, as described above, the investigation method using the log is not only vulnerable to attacks modifying the log data itself, but also has a problem that it becomes difficult for the investigator to collect forensic evidence data if the log data is damaged.

Korean Patent Publication No. 10-2013-0067607

An object of the present invention is to solve the problems of the prior art described above by providing a method of encrypting log data to input a secret key when reading log data and separately storing a copy of the read log data to help the forensic investigator collect evidence A method and a computer-readable recording medium on which the method is recorded.

According to an aspect of the present invention, there is provided a device for collecting data history of a cloud environment, the device comprising: a data history collection device for collecting and storing data in a cloud environment capable of uploading or downloading a file to or from a cloud server provided by a cloud service provider; A connection unit for logging in to the cloud server using the connection information and maintaining session connection; A log creating unit for creating a file-by-file log record of the execution activity of the user terminal for each file during the session connection; A log storage unit for storing log history of each file; A secret key storage unit for storing a secret key corresponding to the file log history; And a secret key input window in response to a request to browse the log history of each file from the administrator terminal, and the secret key input through the secret key input window corresponds to the file log history stored in the secret key storage And an interface controller for displaying the log history of each file in accordance with the secret key.

According to another aspect of the present invention, there is provided an apparatus for collecting data history of a cloud environment, comprising: a time slice generating unit for generating a time slice when the session connection is started; And a telephone number storage unit for storing a telephone number designated for each user, wherein, when the connection information is inputted from another user terminal within the time interval of the time slice through the connection unit, The special key is transmitted, the special key input window is activated, and the session connection is terminated when the special key is not input within a predetermined time after the transmission.

Here, the log storage unit is an encrypted storage unit, and can be decrypted according to input of a preset password from the administrator terminal.

According to another aspect of the present invention, there is provided a data log collection apparatus for a cloud environment, the log collection system including a first log copy storage unit disposed in the user terminal and storing a copy of log history of each file.

According to another aspect of the present invention, there is provided a device for collecting data history of a cloud environment, the device including a second log copy storage unit disposed in the administrator terminal and storing a copy of log history of each file.

According to another aspect of the present invention, there is provided a data history collection method of a cloud environment capable of uploading or downloading a file to a cloud server provided by a cloud service provider, Logging in to the cloud server using the connection information and maintaining session connection; Creating a file-by-file log history of the activity of the user terminal for each file during the session connection; Storing the per-file log history; Activating a secret key input window upon receiving a request to browse the log history of each file from an administrator terminal; And displaying the log history of each file in accordance with the secret key input through the secret key input window coinciding with the secret key corresponding to the file log history stored in advance.

According to another aspect of the present invention, there is provided a computer-readable recording medium storing a program for executing a method for collecting data history of a cloud environment.

The present invention encrypts log data and stores a copy of log data in a terminal of a visitor when logging log data, thereby enhancing the security of the log data itself and allowing the forensic investigator to use the copy as evidence even in the event of log data corruption The forensic evidence used in the investigation can be easily reconstructed.

In addition, by performing a time-slice-based redundancy check when connecting to the cloud, redundant logins can be reduced and excessive log data generation can be reduced. As a result, forensic investigators can reduce the amount of log data to be examined, .

1 is a diagram illustrating a system including a device for collecting data history in a cloud environment according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating an apparatus for collecting data history in a cloud environment according to an embodiment of the present invention.
FIG. 3 is a view showing log histories collected by the data history collection device of the cloud environment of FIG. 2. FIG.
4A to 4C are diagrams showing screens provided by the interface control unit in the data history collection apparatus of the cloud environment of FIG.
5 is a diagram illustrating a data history collection method in a cloud environment according to an embodiment of the present invention.

The description of the disclosed technique is merely an example for structural or functional explanation and the scope of the disclosed technology should not be construed as being limited by the embodiments described in the text. That is, the embodiments are to be construed as being variously embodied and having various forms, so that the scope of the disclosed technology should be understood to include equivalents capable of realizing technical ideas.

Meanwhile, the meaning of the terms described in the present application should be understood as follows.

The terms " first ", " second ", and the like are used to distinguish one element from another and should not be limited by these terms. For example, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" to another element, it may be directly connected to the other element, but there may be other elements in between. On the other hand, when an element is referred to as being "directly connected" to another element, it should be understood that there are no other elements in between. On the other hand, other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

It is to be understood that the singular " include " or "have" are to be construed as including the stated feature, number, step, operation, It is to be understood that the combination is intended to specify that it is present and not to preclude the presence or addition of one or more other features, numbers, steps, operations, components, parts or combinations thereof.

Each step may take place differently from the stated order unless explicitly stated in a specific order in the context. That is, each step may occur in the same order as described, may be performed substantially concurrently, or may be performed in reverse order.

All terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the disclosed technology belongs, unless otherwise defined. Terms defined in commonly used dictionaries should be interpreted to be consistent with meaning in the context of the relevant art and can not be construed as having ideal or overly formal meaning unless expressly defined in the present application.

FIG. 1 is a diagram illustrating a system including a data history collection apparatus in a cloud environment according to an embodiment of the present invention. FIG. 2 is a diagram illustrating a data history collection apparatus in a cloud environment according to an embodiment of the present invention, The apparatus 200 for collecting data history of a cloud according to an exemplary embodiment of the present invention includes a connection unit 210, a log generation unit 220, a log storage unit 230, a secret key storage unit 240, an interface control unit 250, a time slice generation unit 260, and a telephone number storage unit 270.

The system supporting the apparatus of the present invention may include a user terminal 100, a data history collection device 200 of a cloud environment, a cloud server 300 and an administrator terminal 400 as shown in FIG. 1 .

First, the user terminal 100 downloads a desired file through the connection unit 210 in the cloud environment data history collection device 200, and downloads the downloaded file to a local directory .

The connection unit 210 logs into the cloud server 300 using the connection information input from the user terminal 100, and maintains session connection. The cloud server 300 as shown in FIG. 1 can be operated by a cloud service provider and provides an execution program used by the user terminal 100 or the administrator terminal 400, as well as the user terminal 100 ) Or a space where the administrator terminal 400 can store files downloaded or uploaded.

Meanwhile, when the user terminal 100 logs in, the connection unit 210 receives payment information such as credit card details as connection information in order to pay for the file to be downloaded through the user terminal 100, To a gateway (not shown) for payment. That is, the user terminal 100 not only uses the credit card detailed information for payment, but also authenticates the user terminal 100 itself. When the user terminal 100 downloads image files and the like through the user terminal 100 Thereby maintaining security. In other words, the user terminal 100 can be prohibited from downloading the file without inputting the payment information.

The log creating unit 220 creates a log log for each file of the execution activity of the user terminal 100 for each file during the session connection by the connection unit 210 and transmits the log log to the log storage unit 230 Output. Here, the log history stored in the log creator 220 includes a plurality of log records of activities performed by the plurality of user terminals 100, that is, a name of the user as shown in FIG. 3, Whether it has been read or not, the date and time, and the like.

On the other hand, the log storage unit 230 receives the file log history from the log creator 220, stores the input log history of each file, and stores the log history of each file stored at the request of the interface controller 250 Output. Here, the log storage unit 230 may be placed in a storage where a lock is set by a method such as BitLocker drive encryption.

That is, if a user hacks the system and manipulates the log history, additional copies of the log history can be stored in a separate Java archive file (JAR) that is encrypted using an internal mechanism provided by Java and is not easily accessible Furthermore, since the drives that make up the logs are secured by BitLocker, the entire drive is secured, which can help cloud service providers to rebuild the system after a malicious attack.

The secret key storage unit 240 stores a secret key corresponding to the log history of each file and outputs the stored secret key to the interface control unit 250 at the request of the interface control unit 250. [

The interface control unit 250 activates the secret key input window upon receiving a request to browse the log history of each file from the administrator terminal 400, requests the secret key stored in the secret key storage unit 240, Key, and compares the secret key input through the secret key input window with the secret key input from the secret key storage unit 240. If the two secret keys match, a file-specific log history is displayed on a display unit (not shown) . At this time, if the secret key input through the secret key input window and the secret key input from the secret key storage unit 240 do not match, the interface control unit 250 does not display log history per file. In the case where the log storage unit 230 is located in a storage where a lock is set by bit locker drive encryption or the like, the log storage unit 230 may further store secrets And the password can be decrypted only when the preset password matches the input password.

4A through 4C are diagrams illustrating screens provided by the interface control unit 250. The interface control unit 250 displays various user interface screens for the user terminal 100 and the administrator terminal 400 through the display unit Can be displayed.

When a screen as shown in FIG. 4A is displayed on the user terminal 100, the user can subscribe to the service through the new user subscribe button 251, and the user subscribed to the service can access the service through the store connection button 252 You can access the web store where you can download the files.

In addition, the administrator terminal 400 can proceed to the administrator interface mode as shown in FIG. 4B through the administrator login button 253. [ That is, the administrator can browse the log history per file as shown in FIG. 3 through the log browse button 254, and upload the files to be provided to the user through the file upload button 255. In addition, the administrator may return to the initial screen as shown in FIG. 4A through the logout button 256.

Here, when the administrator selects the log browse button 254 through the administrator terminal 400, the secret key input window as shown in FIG. 4C is displayed on the display unit (not shown) of the administrator terminal 400.

On the other hand, the time slice generation unit 260 generates a time slice when the session connection is started, and provides the generated time slice information to the interface control unit 250.

The phone number storage unit 270 stores a phone number designated for each user using the user terminal 100 and outputs the stored phone number to the interface controller 250 at the request of the interface controller 250. [

At this time, if the connection information is input from another user terminal (not shown) within the time slice time interval through the connection unit 210, the interface control unit 250 transmits the special key to the telephone number designated for each user The special key input window is activated, and if the special key is not input within a predetermined time, for example, about 20 seconds after the transmission, the session connection can be terminated. On the other hand, if the special key is inputted within a predetermined time after transmitting the special key to the telephone number designated for each user by a message or the like, the user using another user terminal is also authenticated as the authenticated user And maintains a session connection.

That is, by providing a time slice-based virtual machine access method, it is possible to reduce the number of redundant logins, reduce the generation of excessive logs, and reduce the time required to examine the log when necessary.

Also, the user terminal 100 may include a first log copy storage unit (not shown) and may store a copy of the log history of each file, and the administrator terminal 400 may also store a second log copy storage unit And may store a copy of log history per file. This allows the cloud service provider to use these copies to rebuild the system after a malicious attack.

FIG. 5 is a diagram illustrating a data history collection method in a cloud environment according to an embodiment of the present invention. The data history collection method in the cloud environment of the present invention will be described below.

The user logs in the cloud server 300 using the connection information input from the user terminal 100 and maintains session connection (S100). At this time, the connection information input from the user terminal 100 may include payment information such as credit card details for simultaneously performing the authentication function of the user.

Next, a file-by-file log record for the performance of the user terminal 100 is created for each file during the session connection (S200). Here, the log history per file may include the name of the user, whether the user has downloaded the data, the date and time, etc., as shown in Fig.

Thereafter, the created log history for each file is stored (S300). Here, it is preferable that the log history of each file is stored in the storage where the lock is set by bit locker drive encryption or the like, and a copy thereof is stored in the user terminal 100 and the administrator terminal 400, Or may be used for system recovery.

Next, upon receiving a request to view the log history of each file from the administrator terminal 400, the secret key input window is activated (S400). That is, the administrator selects the log browse button 254 as shown in FIG. 4B through the administrator terminal 400, and requests the viewing of the log log. The secret key input window shown in FIG. 400 on the display unit.

After that, the secret key input through the secret key input window coincides with the secret key corresponding to the log history of each file stored in advance, thereby displaying log history per file (S500). That is, the log history as shown in FIG. 3 can be displayed through the display unit of the administrator terminal 400. [

The method of collecting data history of the cloud environment according to the present invention can be implemented by a program and stored in a computer-readable recording medium (CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.).

Although the disclosed method and apparatus have been described with reference to the embodiments shown in the drawings for illustrative purposes, those skilled in the art will appreciate that various modifications and equivalent embodiments are possible without departing from the scope of the present invention. I will understand that. Accordingly, the true scope of protection of the disclosed technology should be determined by the appended claims.

100: User terminal
200: Data history collection device
300: Cloud server
400: administrator terminal

Claims (7)

A data history collection device in a cloud environment capable of uploading or downloading a file to a cloud server provided by a cloud service provider,
A connection unit for logging in to the cloud server using the connection information input from the user terminal and maintaining session connection;
A log creating unit for creating a file-by-file log record of the execution activity of the user terminal for each file during the session connection;
A log storage unit for storing log history of each file;
A secret key storage unit for storing a secret key corresponding to the file log history;
A secret key input window is activated upon receipt of a request to browse the log history of each file from the administrator terminal, and a secret key input through the secret key input window is displayed in a secret corresponding to the file log history stored in the secret key storage An interface control unit for displaying the log history of each file in accordance with the key;
A time slice generating unit for generating a time slice when the session connection is started; And
And a telephone number storage unit for storing a telephone number designated for each user,
Wherein the interface control unit comprises:
When the access information is input from a terminal other than the user terminal within a time interval of the time slice through the connection unit, a special key is transmitted to a telephone number designated for each user of the user terminal, a special key input window is activated, And terminates the session connection when the special key is not input within a predetermined time after transmission.
delete The method according to claim 1,
Wherein the log storage unit is an encrypted storage unit and decrypted when a password set in advance is input from the administrator terminal.
The method according to claim 1,
And a first log copy storage unit disposed in the user terminal for storing a copy of log history of each file.
The method of claim 4,
And a second log copy storage unit disposed in the administrator terminal and storing a copy of the log history of each file.
A method for collecting data in a cloud environment capable of uploading or downloading a file to a cloud server provided by a cloud service provider,
The method comprising the steps of: logging in to the cloud server using the connection information input from the user terminal and maintaining a session connection; generating a time slice when a session connection is started; A special key is transmitted to a telephone number designated for each user of the user terminal, a special key input window is activated, and the session connection is terminated when the special key is not input within a predetermined time after the message is transmitted ;
Creating a file-by-file log history of the activity of the user terminal for each file during the session connection;
Storing the per-file log history;
Activating a secret key input window upon receiving a request to browse the log history of each file from an administrator terminal; And
And displaying the per-file log history according to the secret key input through the secret key input window coinciding with the secret key corresponding to the per-file log history stored in advance. Way.
A computer-readable recording medium storing a program for executing the data history collection method of the cloud environment according to claim 6.
KR1020150158806A 2015-11-12 2015-11-12 Apparatus for collecting history of data in cloud environment, method thereof and computer recordable medium storing the method KR101745948B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150158806A KR101745948B1 (en) 2015-11-12 2015-11-12 Apparatus for collecting history of data in cloud environment, method thereof and computer recordable medium storing the method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150158806A KR101745948B1 (en) 2015-11-12 2015-11-12 Apparatus for collecting history of data in cloud environment, method thereof and computer recordable medium storing the method

Publications (2)

Publication Number Publication Date
KR20170055714A KR20170055714A (en) 2017-05-22
KR101745948B1 true KR101745948B1 (en) 2017-06-12

Family

ID=59050057

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150158806A KR101745948B1 (en) 2015-11-12 2015-11-12 Apparatus for collecting history of data in cloud environment, method thereof and computer recordable medium storing the method

Country Status (1)

Country Link
KR (1) KR101745948B1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108153463B (en) * 2017-12-27 2021-04-27 Oppo广东移动通信有限公司 Application interface display control method and device, storage medium and mobile terminal
CN111290910B (en) * 2020-01-20 2023-06-23 Oppo(重庆)智能科技有限公司 Log processing method, device, server and storage medium
CN114500497A (en) * 2021-12-28 2022-05-13 盘石软件(上海)有限公司 Method and system for obtaining evidence of cloud mobile phone

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101475462B1 (en) 2013-08-14 2014-12-23 브레인즈스퀘어(주) System for synchronizing cloud storage and files encrypted with an encryption key of the user

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101475462B1 (en) 2013-08-14 2014-12-23 브레인즈스퀘어(주) System for synchronizing cloud storage and files encrypted with an encryption key of the user

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
김태형 외 2인, '클라우드 환경에서 SLA 적용을 위한 데이터 로그 분석기 설계', 한국인터넷정보학회 2010년도 학술발표대회, 2010.06, pp.251-255
김홍기 외 2인, ‘클라우드 기반의 로그저장 시스템’, 한국통신학회, 한국통신학회 학술대회논문집 , 2015.06, pp.828-829

Also Published As

Publication number Publication date
KR20170055714A (en) 2017-05-22

Similar Documents

Publication Publication Date Title
Ab Rahman et al. Cloud incident handling and forensic‐by‐design: cloud storage as a case study
Quick et al. Cloud storage forensics
EP3451575B1 (en) Methods, systems and computer program product for providing encryption on a plurality of devices
US10452857B2 (en) Systems and methods for providing file level security
US8171108B2 (en) System and method for providing remote forensics capability
US9070112B2 (en) Method and system for securing documents on a remote shared storage resource
CN102469080B (en) Method for pass user to realize safety login application client and system thereof
US9069869B1 (en) Storing on a client device data provided by a user to an online application
US20180294980A1 (en) Management of secret data items used for server authentication
WO2017156160A1 (en) Management of workflows
US11295379B2 (en) Virtual storage system and method of sharing electronic documents within the virtual storage system
CN108667835A (en) A kind of control remote equipment carries out method, system and the storage medium of network forensics
US8850563B2 (en) Portable computer accounts
KR101745948B1 (en) Apparatus for collecting history of data in cloud environment, method thereof and computer recordable medium storing the method
US9331987B2 (en) Virtual storage system and file encryption methods
Shaaban et al. Practical windows forensics
Dargahi et al. Investigating storage as a service cloud platform: pCloud as a case study
US10990688B2 (en) Virtual storage system and method of sharing electronic documents within the virtual storage system
JP2007060581A (en) Information management system and method
Hur et al. A study on cloud data access through browser credential migration in Windows environment
US11301577B2 (en) System and method for protecting information from unauthorized access
Clark Secure Integration of Information Systems in Radiology
Makris Cloud Storage. A remote acquisition method using open-source software and a free credit storage infrastructure.
US20180285581A1 (en) System and Method for Protecting Information from Unauthorized Access
Sundaresan et al. Different Perspectives of Cloud Security

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant