KR20140044961A - Apparatus and method for managing files - Google Patents

Apparatus and method for managing files Download PDF

Info

Publication number
KR20140044961A
KR20140044961A KR1020120098465A KR20120098465A KR20140044961A KR 20140044961 A KR20140044961 A KR 20140044961A KR 1020120098465 A KR1020120098465 A KR 1020120098465A KR 20120098465 A KR20120098465 A KR 20120098465A KR 20140044961 A KR20140044961 A KR 20140044961A
Authority
KR
South Korea
Prior art keywords
file
cleaned
files
user
storage
Prior art date
Application number
KR1020120098465A
Other languages
Korean (ko)
Inventor
우종현
Original Assignee
(주)나무소프트
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)나무소프트 filed Critical (주)나무소프트
Priority to KR1020120098465A priority Critical patent/KR20140044961A/en
Publication of KR20140044961A publication Critical patent/KR20140044961A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention relates to an apparatus and method for managing a file, and more particularly, to an apparatus and method for managing a file in a client terminal for preventing leakage of business document files previously stored in the client terminal and for inducing storing in a designated document storage. .
In accordance with an aspect of the present invention, a file management apparatus includes: a file detector configured to search files stored in a storage medium of a client terminal according to a cleanup policy to detect files to be sorted and to generate a list of the detected files to be sorted; An encryption unit for encrypting a target file, an enumeration unit for providing a list of the file to be cleaned up to the user and receiving a selection of a file to be moved from the user to a file storage, and decrypting the selected encrypted file to be cleaned up; A moving unit for moving to a storage, and a deleting unit for deleting a file which has not been moved to the file storage and has passed an effective storage period among the detected files to be cleaned up.

Description

Apparatus and Method for managing files

The present invention relates to an apparatus and method for managing a file, and more particularly, to an apparatus and method for managing a file in a client terminal for preventing leakage of business document files previously stored in the client terminal and for inducing storing in a designated document storage. .

Recently, various companies are using various information technologies to increase the security and recycling of documents, and typical technologies include document centralization technology that prevents document files from being stored on client terminals, and digital rights management (DRM) that encrypts and stores documents on client terminals. Technology.

However, such document centralization and DRM technology is basically a technology that does not store on the client terminal when the document is generated on the client terminal but is forcibly stored or encrypted by the server. There is a problem that does not apply to documents created and stored in the client terminal.

In order to solve this problem, it is possible to consider forcibly uploading the documents previously stored in the client terminal to the server. In this case, even unrelated documents are uploaded, which wastes storage space on the server and allows the user to access the documents. There is a problem that voluntary classification cannot be induced. In addition, when encrypting and storing all documents of the client, there is a problem that it is difficult to share a document smoothly between users and there is a potential security risk due to physical document retention on the client.

SUMMARY OF THE INVENTION The present invention has been made in view of the above-described problems, and an object of the present invention is to provide a method and apparatus for preventing the leakage of a work document file previously stored in a client terminal and for inducing a user to voluntarily move the work document to a designated file repository.

In accordance with an aspect of the present invention, a file management apparatus includes: a file detection unit configured to search files stored in a storage medium of a client terminal according to a cleanup policy to detect files to be sorted and to generate a list of the detected files to be sorted; An encryption unit for encrypting the detected file to be cleaned, an enumeration unit for providing a list of the file to be cleaned up to the user and receiving a selection of a file to be moved from the user to a file storage, and decrypting the selected encrypted file to be cleaned up; And a moving unit for moving to the file storage, and a deleting unit for deleting a file which has not been moved to the file storage and has passed the effective storage period from the detected file.

According to an aspect of the present invention, there is provided a method for managing a file, the method comprising: detecting a file to be cleaned up by searching a file stored in a storage medium of a client terminal according to a cleanup policy, and generating a list of the detected file to be cleaned; Encrypting a file to be cleaned up, providing the list of files to be cleaned up to the user and receiving a selection of a file to be moved from the user to a file repository; decrypting the selected encrypted file to be cleaned up at the file repository And deleting a file which has not been moved to the file storage and has passed an effective storage period among the detected files to be cleaned up.

According to the present invention, in the process of introducing a file management system for efficient management of business documents in the enterprise, by automatically detecting and encrypting the business document files stored on the client to prevent document leakage, By actively inducing the movement of the corresponding document files in the file repository (eg, file management server), the work transition to the new file management system can be smoothly performed.

In addition, by inducing users to voluntarily participate in the classification and organization of document files previously stored on the client, it is possible to derive user participation in the classification of document files that are technically difficult to automatically classify.

1 schematically shows a system configuration to which a file management apparatus according to an embodiment of the present invention is applied.
2 is a block diagram illustrating a configuration of a file management apparatus according to an embodiment of the present invention.
3 is a flowchart illustrating a file management method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. It should be understood, however, that the invention can be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, but includes modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when an element is referred to as "comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise. In addition, the terms "unit", "module", and the like described in the specification mean a unit that processes at least one function or operation, which means that it may be implemented by one or more pieces of hardware or software or a combination of hardware and software. .

1 schematically illustrates a client-server system configuration to which a file management apparatus according to an embodiment of the present invention is applied. As shown in FIG. 1, the plurality of client terminals 130, 140, and 150 are connected to the file management server 110 through a wired / wireless network 120. Although only three client terminals are shown in the figure, this is only a schematic for convenience and the present invention is not limited to the number of clients.

The file management server 110 receives and stores work-related document files generated by the client terminals 130, 140, and 150 used by users in the enterprise from the terminals, and manages the files according to a management policy set by the enterprise. To perform. The file management server 110 is sufficient to perform the function of integrated management of the work-related document files according to the file management method determined by the enterprise, the file management apparatus and method according to the present invention specific management in the file management server 110 It will be apparent to those skilled in the art without being limited to the manner.

In one embodiment, a program for performing file management according to an embodiment of the present invention may be downloaded from the file management server 110 to be installed on the client terminals connected to the server 110, wherein the program of the client terminal The cleanup policy for file cleanup can also be downloaded.

The client terminals 130, 140, and 150 may be connected to the file management server 110 through a wired and / or wireless network 120 to transmit and receive data, and may be used as an electronic device having a file storage space. It is obvious that all can be included.

The file management apparatus (not shown) according to the present invention is a program module installed in each of the clients 130, 140, and 150 to perform a file management method according to an embodiment of the present invention, or a storage medium on which the program module is recorded. Or, it may refer generically to a client terminal including such a program module.

In one embodiment, the file management apparatus according to the present invention may be automatically driven at the time of initial installation in the client terminal to organize the document file previously stored in the client terminal according to a predetermined grooming policy. The grooming policy may be stored in the client terminal together with the installation file of the file management apparatus, or alternatively, may be received from the file management server 110 through a network. Hereinafter, a file management apparatus according to an embodiment of the present invention will be described in more detail with reference to FIG. 2.

2 is a block diagram illustrating a configuration of a file management apparatus according to an embodiment of the present invention. As illustrated, the file management apparatus 200 is installed in a client terminal having one or more fixed / removable storage media, and includes a file detector 210, a file information storage unit 220, an encryption unit 230, and a column. At least one of the denial 240 and the moving unit 250 may be included.

The storage medium provided in the client terminal is a space in which document files generated in the client terminal are stored and may include at least one or more of fixed and removable storage devices including a hard disk and a ram disk.

In one embodiment, the file detector 2210 searches for files stored in a storage medium of the client terminal according to a cleanup policy to detect files to be cleaned and generates a list of detected files to be stored in the file information storage unit 220. Can be. The cleanup policy includes a rule for detecting and arranging a file to be cleaned up among files previously stored in the client terminal in accordance with the management policy of the file management server 110. In one example, the cleanup policy may include extension information (eg, .doc, .hwp, .xls) and / or keyword information (eg, confidentiality, accounting, finance) of the file to be cleaned up. The cleanup policy may further include information on the valid storage period of the file to be cleaned up (eg, 30 days), and when the file is expired, the file to be cleaned up may be automatically deleted. Alternatively, the cleanup policy may include the storage target storage information, and in this case, the file detector 210 may perform document detection only for the designated storage target storage medium.

In one embodiment, the file detection unit 210 is implemented so as not to be executed any more after detecting the file to be cleaned up once by executing the file management device at the time when the file management device is installed on the client terminal, and prevents selective execution or duplicate execution by the user. Can be.

The file information storage unit 220 stores the list of document files to be cleaned up detected by the file detection unit 210. In one embodiment, the file information storage unit 220 may store the information of the file to be arranged for each storage medium in a table format. In addition, each table may include at least one of a file / directory identifier, a file / directory parent identifier, a file / directory name, and file / directory full path information for each file to be cleaned up.

The encryption unit 230 encrypts the file to be cleaned up by the file detection unit 210 to block a user's random access. Since the encryption unit 230 may perform encryption according to a known encryption algorithm such as SEED block encryption or symmetric encryption, a detailed description of the encryption scheme will be omitted herein.

In one embodiment, the encryption unit 230 may delete the original file of the document to be cleaned up and store the encrypted file in the original location.

In addition, in one embodiment, the encryption unit 230 may conceal the file name of the encrypted file to be cleaned up to prevent the user from accessing or changing the file to be cleaned up using a file system or an application program. In one example, file concealment may be implemented through hooking of a standard hooking function (FastIoDeviceControl) or a ZwQueryInformation function of a file system filter driver (FSFD) operating on a kernel.

In addition, in one embodiment, in order to help the user organize the files to be organized, a preview image of the encrypted file may be generated and provided when the user needs it.

In another embodiment, the encryption unit 230 may additionally provide a function of indicating whether or not the file is encrypted so that the user can distinguish the encrypted cleanup target file from other files.

Alternatively, the encryption unit 230 may store the encrypted file in a storage area specified in a physical location different from the original storage location, for example, a storage medium of the client terminal. When storing an encrypted cleanup target file in a storage area different from the original file location, it is not necessary to separately manage information on the detected document file / directory.

In an actual implementation, the file detector 210 and the encryption unit 230 may cause performance degradation of the user environment temporarily by handling data for a large amount of document files previously stored in the client terminal. Therefore, in order to minimize performance degradation of the client terminal, it may be preferable that the file detector 210 and the encryption unit 230 are executed in an asynchronous thread pool method.

The enumeration unit 240 may display a list of files to be organized to the user and receive a selection of files to be moved from the user to a designated file storage. In one embodiment, the designated file storage may refer to a storage area of the file management server 110, a designated storage area of the client terminal, or a storage area of the groupware system. The file management station is a storage area designated for integrated management of document files according to an enterprise document management policy. In FIG. 2, the file management station is shown to exist outside the client terminal. The location of the file management station may be variously changed according to the embodiment.

In one embodiment of the present invention, the enumeration unit 240 is composed of a user interface based on a single application program technology or a user interface based on SNE (Shell Namespace Extension) technology of a tree navigation type provided by a shell layer of an operating system. The list of files to be organized can be displayed to the user in the form of a virtual drive (or virtual folder) in the file system. In one embodiment, the method of representing the file list to be organized may utilize the physical path of the target file in the client terminal as it is or may be expressed by extension. Alternatively, the file may be listed by the generation period of the file, the modification period, or the like, and may be listed by the condition according to the user's search condition, but is not limited thereto. The user can perform functions such as previewing, renaming, and deleting files to be cleaned up in the virtual drive (or virtual folder), but the movable location of the files to be cleaned is determined by a file storage, for example, a file. It will be limited to the management server 120, the designated storage area in the client terminal, or the designated groupware system.

In addition, the enumeration unit 240 may display whether or not to move to the file management station and / or forced deletion for each file to be organized for the convenience of the user. Information on whether or not each file to be cleaned up or not, forcibly deleted may be stored in the file information storage unit 230.

The moving unit 250 may transmit the file to the file manager after decrypting the encrypted file to be cleaned up by the user. In one embodiment, the mobile unit 250 may transmit the encrypted file to be cleaned up to the file management office in an encrypted state or after decrypting according to the user's selection.

The deletion unit 260 may delete a file whose predetermined valid storage period has elapsed from the files encrypted by the encryption unit 230 in the file list stored in the file information storage unit 230. In one embodiment, the validity retention information may be included in the filing policy.

In addition, the deletion unit 260 may provide the user with a deletion warning message of the file to be cleaned up periodically or before performing the deletion function before the effective retention period elapses. By providing a delete warning message to the user, the user can be encouraged to move the files to be cleaned up to the file manager.

3 is a flowchart illustrating a file management method according to an embodiment of the present invention.

In step 310, a file stored in a storage medium of the client terminal is searched according to a cleanup policy to detect a file to be cleaned and a list of the detected file to be cleaned is generated. In one embodiment, the grooming policy includes at least one of extension information and shelf life information of the grooming target document file.

In step 320, encryption is performed on the detected file. In one embodiment, the source of the cleanup target file is deleted and the encrypted cleanup target file is stored at the original location. In addition, the user may be blocked from access by hiding the file name of the encrypted file.

In step 330, a list of files to be cleaned up is provided to the user and a selection of files to be moved to the file storage is received from the user. Preferably, the file repository is located on a file management server.

In step 340, the selected encrypted grooming target file is decrypted and moved to the file repository. According to an embodiment, the encrypted file to be cleaned may be moved to a file management station in an encrypted state or decrypted according to a user's selection.

In step 350, a file whose valid storage period has elapsed without being moved to the file storage is deleted from the detected file to be cleaned up.

In an embodiment, the method may further include providing a deletion warning message of the file to be cleaned up to the user before the effective retention period elapses.

File management method according to an embodiment of the present invention is implemented in the form of program instructions that can be executed by various computer means may be recorded on a computer readable medium. The computer readable medium may include program instructions, data files, data structures, and the like, alone or in combination.

Program instructions to be recorded on a computer-readable medium may be those specially designed and constructed for the present invention or may be available to those skilled in the computer software arts. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Includes hardware devices specifically configured to store and execute program instructions such as magneto-optical media and ROM, RAM, flash memory, and the like. The above-mentioned medium may also be a transmission medium such as a light or metal wire, wave guide, etc., including a carrier wave for transmitting a signal designating a program command, a data structure and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like.

The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

The embodiments of the present invention have been described above. Those skilled in the art will appreciate that the present invention can be implemented in a modified form without departing from the essential features of the present invention. Therefore, the disclosed embodiments should be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.

110: file management server
120,130,140: client terminal
210: file detector
220: file information storage unit
230: encryption unit
240: enumeration
250: moving part

Claims (14)

A file detector for searching files stored in a storage medium of a client terminal according to a grooming policy to detect files to be sorted and to generate a list of the detected files to be sorted;
An encryption unit for encrypting the detected file to be cleaned up;
An enumeration unit for providing a list of files to be cleaned up to a user and receiving a selection of files to be moved from the user to a file repository;
A moving unit for moving the selected encrypted cleanup target file to an encrypted state or after decrypting the file;
Deletion unit for deleting files that have passed the effective storage period without moving to the file storage in the file to be cleaned up;
To the file management apparatus.
The file management apparatus of claim 1, wherein the grooming policy comprises at least one of extension information and shelf life information of a document file.
The file list of claim 1, wherein the list of file to be organized includes file information for each file to be sorted for each storage medium existing in the client terminal, and the file information includes a file / directory identifier, a file / directory parent identifier, a file / A file management apparatus including at least one of a directory name and file / directory full path information.
The file management apparatus of claim 1, wherein the encryption unit deletes the original file of the file to be cleaned and stores the encrypted file to be stored in the original location.
The file management apparatus of claim 1, wherein the encryption unit blocks a user's access by concealing a file name of the encrypted file.
The method of claim 1, wherein the enumeration unit comprises a user interface based on a single application program technology or the user interface based on a Shell Namespace Extension (SNE) technology of a tree navigation type provided by a shell layer of an operating system. A file management device that displays a list of files to the user as a virtual drive on the file system.
The file management apparatus of claim 1, wherein the file repository is located at a server to which the client terminal is connected.
The file management apparatus of claim 1, wherein the deletion unit provides a deletion warning message of the file to be cleaned up to the user before the effective retention period elapses.
Detecting files to be cleaned up by searching files stored in a storage medium of the client terminal according to a cleansing policy and generating a list of the detected files to be cleaned up;
Encrypting the detected file to be cleaned up;
Providing a list of files to be cleaned up to a user and receiving a selection of files to be moved from the user to a file repository;
Moving the selected encrypted file to be cleaned or decrypted to the file repository;
Deleting a file which has not been moved to the file storage and has passed an effective storage period among the detected file to be cleaned up;
File management method comprising a.
The file management method of claim 9, wherein the grooming policy comprises at least one of extension information and shelf life information of a document file to be organized.
The file management method of claim 9, wherein in the encrypting step, the original file is deleted and the encrypted file is stored in the original location.
The file management method according to claim 9, wherein in the encryption step, the user is blocked from access by hiding the file name of the encrypted file to be cleaned up.
The method of claim 9, wherein the file repository is located at a server to which the client terminal is connected. The file management method of claim 9, wherein the method further comprises providing a deletion warning message of the file to be cleaned up to the user before the effective retention period elapses.
KR1020120098465A 2012-09-05 2012-09-05 Apparatus and method for managing files KR20140044961A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020120098465A KR20140044961A (en) 2012-09-05 2012-09-05 Apparatus and method for managing files

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020120098465A KR20140044961A (en) 2012-09-05 2012-09-05 Apparatus and method for managing files

Publications (1)

Publication Number Publication Date
KR20140044961A true KR20140044961A (en) 2014-04-16

Family

ID=50652644

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020120098465A KR20140044961A (en) 2012-09-05 2012-09-05 Apparatus and method for managing files

Country Status (1)

Country Link
KR (1) KR20140044961A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101631039B1 (en) * 2015-11-30 2016-06-24 (주)클로닉스 System and method for migrating file except for unnecessary file among operating system and data of computer system
KR101893950B1 (en) * 2018-02-06 2018-08-31 주식회사 이스트시큐리티 Apparatus for centralization and security of file based on Wake-on-LAN, method thereof and computer recordable medium storing program to perform the method
KR20180135644A (en) * 2017-06-13 2018-12-21 한국전자통신연구원 Apparatus and method for management of network traffic
KR102542720B1 (en) * 2022-10-27 2023-06-14 주식회사 이노티움 System for providing internet of behavior based intelligent data security platform service for zero trust security

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101631039B1 (en) * 2015-11-30 2016-06-24 (주)클로닉스 System and method for migrating file except for unnecessary file among operating system and data of computer system
KR20180135644A (en) * 2017-06-13 2018-12-21 한국전자통신연구원 Apparatus and method for management of network traffic
KR101893950B1 (en) * 2018-02-06 2018-08-31 주식회사 이스트시큐리티 Apparatus for centralization and security of file based on Wake-on-LAN, method thereof and computer recordable medium storing program to perform the method
WO2019156279A1 (en) * 2018-02-06 2019-08-15 (주)이스트시큐리티 Apparatus for lan booting environment-based file security and centralization, method therefor, and computer-readable recording medium on which program for performing same method is recorded
US11392704B2 (en) 2018-02-06 2022-07-19 Estsecurity Corp. Apparatus for LAN booting environment-based file security and centralization, method therefor, and computer-readable recording medium on which program for performing same method is recorded
KR102542720B1 (en) * 2022-10-27 2023-06-14 주식회사 이노티움 System for providing internet of behavior based intelligent data security platform service for zero trust security

Similar Documents

Publication Publication Date Title
US11892978B2 (en) Suggesting content items to be accessed by a user
US9223999B2 (en) Management of Digital information
US9237170B2 (en) Data loss prevention (DLP) methods and architectures by a cloud service
US8560846B2 (en) Document security system and method
EP3410338B1 (en) Systems and methods for producing, displaying, and interacting with collaborative environments using classification-based access control
US8407241B2 (en) Content mesh searching
US20140259190A1 (en) System and method for enhanced security and management mechanisms for enterprise administrators in a cloud-based environment
CN107078942A (en) The method and system that the messaging and content controlled by sender is shared
US20150121549A1 (en) Accessing protected content for archiving
US20140358868A1 (en) Life cycle management of metadata
KR101033511B1 (en) Method for protecting private information and computer readable recording medium therefor
KR20140036444A (en) A digital forensic audit system for analyzing user's behaviors
EP2778953A1 (en) Encoded-search database device, method for adding and deleting data for encoded search, and addition/deletion program
KR20140044961A (en) Apparatus and method for managing files
CN115630345A (en) Business management system
CN101350034B (en) Mobile memory apparatus and method for visiting file
CN103209179A (en) Secure network storage method and secure network storage system
KR101767104B1 (en) Apparatus and method of message hiding in file system
CN116069729B (en) Intelligent document packaging method, system and medium
GB2505310A (en) Data protection in a cloud service
JP2008234539A (en) Information processing apparatus, file processing method and program
JP2007109160A (en) Cooperation method between document management system and access right management server
KR101458149B1 (en) Method of Controlling File With Backing-up Hidden Files
CN104881489A (en) Steganography-based extensible hidden file system of carrier document library
KR101635005B1 (en) Method for managing metadata in a digital data safe system based on cloud

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E902 Notification of reason for refusal
E601 Decision to refuse application