WO2013111949A1

WO2013111949A1 - Whitelist synchronization server and client apparatus

Info

Publication number: WO2013111949A1
Application number: PCT/KR2012/011613
Authority: WO
Inventors: 황규범
Original assignee: 주식회사 안랩
Priority date: 2012-01-27
Filing date: 2012-12-27
Publication date: 2013-08-01
Also published as: KR101277623B1

Abstract

The present invention relates to a whitelist synchronization server, to a method for controlling the synchronization of the whitelist synchronization server, to a client apparatus, and to a method for operating the client apparatus. The embodiments of the present invention relate to a technology enabling highly reliable and effective updating and synchronization of a whitelist between the server and the client by allowing the server to divide a whitelist file for each period and provide the client with information for each period, and allowing the whitelist to be updated by collecting/using only the necessary information on the whitelist file included in the client in a corresponding period.

Description

White List Synchronization Server and Client Devices

According to the present invention, in applying a white list in a cloud vaccine service, the server divides the white list file by section and provides section-specific information to the client to collect only necessary information of the section for the white list file held by the client. By using / to update the whitelist, it relates to techniques that can enable reliable and effective whitelist update and synchronization between the server and the client.

Recently, in the method of treating malware infected files, as cloud computing technology is utilized, more users, more malware, and more non-malware files exist.

In addition, as the number of files retained / used in each PC increases, there is a problem of file inspection speed. Therefore, the cloud antivirus service using cloud computing technology prevents rescanning when a file scanned is classified into a white list file.

Therefore, in the case of not re-checking the files separated by the white list file, an update operation of the white list list is required. The reason is that if a file that was whitelisted in the system is infected with a virus or patched maliciously, it will no longer be rescanned even if it is no longer whitelisted.

Cloud-based whitelists are vastly larger than hundreds of millions and differ in file organization of tens of millions of participants, creating a uniform whitelist like the past, unilaterally transferring them to clients, or PCs, or helping with servers. It is not suitable to operate in the form of creating a whitelist with only the client's information.

Therefore, in applying the white list in the cloud vaccine service, a reliable and effective white list update and synchronization method between the cloud server side and the client is required.

In embodiments of the present invention, in applying a white list in a cloud vaccine service, a server divides a white list file by sections and provides section-specific information to a client to collect only necessary information of sections on a white list file held by the client. By using / to update the whitelist, it enables reliable and effective whitelist update and synchronization between server and client.

The whitelist synchronization server according to the first aspect of the present invention for achieving the above object corresponds to a whitelist including at least one whitelist file determined to be in a normal state through a specific inspection, wherein the at least one whitelist is A configuration information generation unit for classifying a white list section based on a file unique number assigned to each file and generating white list configuration information including at least one of file number information and verification information for each white list section; And providing the whitelist configuration information to a specific client device, and comparing the client whitelist configuration information of the whitelist section corresponding to the whitelist held in the specific client device with the provided whitelist configuration information. It includes a synchronization control unit for determining whether to change the retained white list.

According to a second aspect of the present invention, there is provided a client device including: a white list information storage unit configured to store specific white list and client white list configuration information of a white list section corresponding to the specific white list; A check performing unit excluding a white list file included in the specific white list from the specific inspection target when performing a specific inspection on a plurality of previously held files; And whitelist configuration information including at least one of file number information for each whitelist section and verification information divided based on a file unique number from the whitelist synchronization server, when the client whitelist configuration information and the received whitelist are received. It includes a synchronization unit for determining whether to change the pre-stored specific white list by comparing the configuration information.

The synchronization control method of the white list synchronization server according to the third aspect of the present invention for achieving the above object, in response to the white list including at least one white list file determined to be in a normal state through a specific check, The whitelist section is divided based on the file unique number assigned to each of the whitelist files, and the whitelist configuration information including at least one of file number information and verification information for each whitelist section is configured. Information generating step; And providing the whitelist configuration information to a specific client device, and comparing the client whitelist configuration information of the whitelist section corresponding to the whitelist held in the specific client device with the provided whitelist configuration information. And a synchronization control step for determining whether to change the retained white list.

According to a fourth aspect of the present invention, there is provided a method of operating a client device, the method including: a white list information storing step of storing client white list configuration information of a specific white list and a white list section corresponding to the specific white list; Performing a specific check on a plurality of pre-stored files, performing a check of excluding a whitelist file included in the specific whitelist from the specific check target; And whitelist configuration information including at least one of file number information for each whitelist section and verification information divided based on a file unique number from the whitelist synchronization server, when the client whitelist configuration information and the received whitelist are received. And a synchronization step of determining whether the specific white list has been changed by comparing configuration information.

In embodiments of the present invention, in applying a white list in a cloud vaccine service, a server divides a white list file by sections and provides section-specific information to a client to collect only necessary information of sections on a white list file held by the client. By updating the whitelist using /, it is possible to enable reliable and effective whitelist updating and synchronization between the server and the client.

1 is a block diagram showing a white list synchronization system according to a preferred embodiment of the present invention.

2 is a block diagram showing the configuration of a white list synchronization server according to a preferred embodiment of the present invention.

3 is a block diagram showing a configuration of a client device according to a preferred embodiment of the present invention.

4 is a flowchart illustrating a whitelist synchronization procedure according to a preferred embodiment of the present invention.

5 is a flowchart illustrating a flow of a method for controlling synchronization of a white list synchronization server according to an exemplary embodiment of the present invention.

6 is a flowchart illustrating a flow of a method of operating a client device according to a preferred embodiment of the present invention.

7 is an exemplary view showing an example of whitelist configuration information according to a preferred embodiment of the present invention.

8 is an exemplary view showing an example of detailed information for each lower whitelist section provided according to a preferred embodiment of the present invention.

As the invention allows for various changes and numerous embodiments, particular embodiments will be illustrated in the drawings and described in detail in the written description. However, this is not intended to limit the present invention to specific embodiments, it should be understood to include all modifications, equivalents, and substitutes included in the spirit and scope of the present invention. In describing the drawings, similar reference numerals are used for similar elements.

When a component is referred to as being "connected" or "connected" to another component, it may be directly connected to or connected to that other component, but it may be understood that other components may be present in between. Should be. On the other hand, when a component is said to be "directly connected" or "directly connected" to another component, it should be understood that there is no other component in between.

The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting of the present invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, the terms "comprise" or "have" are intended to indicate that there is a feature, number, step, operation, component, part, or combination thereof described in the specification, and one or more other features. It is to be understood that the present invention does not exclude the possibility of the presence or the addition of numbers, steps, operations, components, components, or a combination thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art. Terms such as those defined in the commonly used dictionaries should be construed as having meanings consistent with the meanings in the context of the related art and shall not be construed in ideal or excessively formal meanings unless expressly defined in this application. Do not.

Hereinafter, with reference to the accompanying drawings will be described a preferred embodiment of the present invention.

1 is a diagram illustrating a whitelist synchronization system according to a preferred embodiment of the present invention.

As shown in FIG. 1, the white list synchronization system according to the present invention may include a client device 100, a white list synchronization server 200, and a file server 300.

The white list synchronization server 200 is a server for performing synchronization with each client device 100 for a white list including at least one white list file determined to be in a normal state through a specific inspection.

Correspondingly, the file server 300 is a server that stores / manages files that are subject to the above-mentioned specific inspection, and stores / manages files provided from other systems, including files provided from each client device 100. can do.

For example, the file server 300 may store / manage files by dividing into a malware file, a normal file, an unknown file, or the like.

The white list synchronization server 200 uniquely allocates files corresponding to each of the at least one white list file in response to a white list including at least one white list file determined to be in a normal state through the above-described specific inspection. The whitelist section is classified based on the number, and the whitelist configuration information including at least one of the file number information for each divided whitelist section and verification information for verifying all file unique numbers included in the whitelist section is generated. do.

In more detail, the white list synchronization server 200 may directly perform the above-described specific inspection to generate a white list including at least one white list file determined to be normal. Of course, the white list synchronization server 200 may generate a white list by obtaining information on a white list file according to a specific inspection performed by another server (not shown), or may generate a white list by another server (not shown). It is also possible to acquire the whitelist generated by performing the inspection.

The white list synchronization server 200 may classify the white list section based on the file unique number assigned to each of the at least one white list file in response to the white list.

That is, a file sequence number is preferably assigned to each of at least one whitelist file belonging to the whitelist. The subject assigning the file unique number is the file server 300 and is referred to as the file unique number by the white list synchronization server 200, the file server 300, and another server (not shown).

Accordingly, the white list synchronization server 200 generates a white list section (eg, 1 million file unique number units) based on a file unique number assigned to each of the at least one white list file in response to the white list. Can be distinguished.

In addition, the white list synchronization server 200 may generate, for each divided white list section, white list configuration information including at least one of file number information of a white list file belonging to a corresponding section and verification information for the corresponding section. have. Here, the verification information of the white list section may include information generated using file unique numbers of the white list file belonging to the white list section, that is, the verification value.

Here, the client device 100 may acquire and store / manage a white list including a file held in the client device 100 as a white list file. Preferably, the whitelist synchronization server 200 includes a file held in the client device 100 as a whitelist file through interworking with at least one of the client device 100 and the file server 300. The whitelist may be provided to the client device 100.

Furthermore, the client device 100 may obtain and store / manage the whitelist configuration information of the whitelist section corresponding to the retained whitelist. Preferably, the whitelist synchronization server 200 may provide the client device 100 with whitelist configuration information of a whitelist section corresponding to the whitelist held in the client device 100.

Accordingly, the client device 100 retains the white list generated through the cloud-based specific inspection, and further stores the white list configuration information of the white list section corresponding to the white list owned as the client white list configuration information. Can be managed

Accordingly, the client device 100 performs the specific check as described above with respect to a plurality of files previously stored therein, and excludes the whitelist file included in the stored whitelist from the specific check target. something to do.

Meanwhile, the white list synchronization server 200 provides the white list configuration information to a specific client device 100.

That is, when the whitelist synchronization server 200 newly updates the whitelist configuration information, when a specific cycle time arrives, or when a preset specific providing event occurs, such as when a manual selection is made by an operator, The white list configuration information including at least one of file number information and verification information of the white list file for each white list section generated as described above may be provided to the client device 100.

Accordingly, the client device 100 determines whether the pre-stored specific white list is changed by comparing the client white list configuration information with the received white list configuration information.

That is, the client device 100 may include a whitelist section corresponding to the client whitelist configuration information previously held in the client device 100 based on the verification information for each whitelist section included in the received whitelist configuration information (eg, 400000000 to 429999999). ).

The client apparatus 100 may further include file number information and verification information corresponding to the identified white list section (eg, 400000000 to 429999999) of the received white list configuration information, and file number information of the client white list configuration information. And by comparing the verification information to determine whether the same is the same, it is possible to determine whether the specific whitelist is changed.

Accordingly, if it is determined that there is a change in the white list because the file number information or the verification information is not the same, the client device 100 for each lower white list section in the checked white list section (eg, 400000000 to 429999999) Details may be requested to the whitelist synchronization server 200.

Accordingly, the white list synchronization server 200 may provide the client device 100 with detailed information for each lower white list section in a specific white list section (eg, 400000000 to 429999999).

As described above, by repeating the process of requesting / providing the detailed information for each lower whitelist section in the specific whitelist section between the client device 100 and the whitelist synchronization server 200, the whitelist section is subdivided or multi-leveled. The whitelist section may be narrowed and it may be determined whether to change the specific whitelist based on the narrowed whitelist section.

On the other hand, the client device 100, based on the detailed information for each lower whitelist section of the confirmed whitelist section (for example 400000000 ~ 429999999) or the confirmed whitelist section (for example 400000000 ~ 429999999) of the whitelist configuration information, If it is determined that there is a change in the white list because the number of files or the verification information is not the same, the client device 100 may change the list of change information of the white list section corresponding to the previously held white list to the white list synchronization server 200. ) Can be requested.

Accordingly, the white list synchronization server 200 may include file unique numbers or file unique number sections and change status information of at least one white list file corresponding to the change information when the change information on the white list is generated. The generated / managed change information list will be provided to the client device 100.

Accordingly, the client device 100 may update the internally stored whitelist using the received change information list, or set the whitelist section in which the change occurs as a retest target, and then update the client whitelist configuration information in the above-described specific inspection. Do it.

Hereinafter, the white list synchronization server according to the present invention will be described in more detail with reference to FIG. 2.

The whitelist synchronization server 200 according to the present invention corresponds to a whitelist including at least one whitelist file determined to be in a normal state through a specific check, and allocates the corresponding list to each of the at least one whitelist file. A configuration information generation unit 220 for classifying a white list section based on the file unique number, and generating white list configuration information including at least one of file number information and verification information for each divided white list section, and a specific client device; Providing the white list configuration information to the (100), by comparing the client white list configuration information of the white list section corresponding to the white list previously held in a specific client device 100 and the provided white list configuration information To determine whether any changes have been made to existing whitelists; And a fisherman agent 240.

The white list synchronization server 200 according to the present invention may further include a change information list generation unit 230.

The configuration information generation unit 220 corresponds to a white list including at least one white list file determined to be in a normal state through a specific inspection, and assigns a file unique number assigned to each of the at least one white list file. Based on the whitelist section, and generates whitelist configuration information including at least one of the file number information and verification information for each divided whitelist section.

In more detail, the above-described specific test may include a test for diagnosing malware infection on a file to be scanned.

Accordingly, the whitelist synchronization server 200 directly generates a whitelist including at least one whitelist file determined to be in a normal state, that is, a safe file state not infected by malicious code, or other server (not shown). The white list generated in the above) can be obtained.

Accordingly, the configuration information generation unit 220 may classify the white list section based on the assigned file unique number corresponding to each of the at least one white list file included in the white list.

Accordingly, the configuration information generation unit 220 generates a white list section (eg, 1 million file unique number units) based on a file unique number assigned to each of the at least one white list file in response to the white list. Can be distinguished.

The configuration information generation unit 220 may generate, for each of the divided white list sections, white list configuration information including at least one of file number information of a white list file belonging to a corresponding section and verification information for the corresponding section. have.

Here, when the generated white list configuration information is described in detail, the total number of white list files of the white list configuration information, the creation date of the white list configuration information, the validity period, the number of trusted files for each white list section, the number of general files, and the like It may include at least one of file number information for each whitelist section including at least one of the number of malicious files, verification information of the whitelist for each whitelist section, and detailed information for each lower whitelist section in the whitelist section.

Here, the verification information of the white list section may include information generated using file unique numbers of the white list file belonging to the white list section, that is, the verification value.

Here, the trust file, the general file, and the malicious file are classified by subdividing the white list file, and the white list file having a clear source and author is a trust file, and the white list file having no malicious function in its function and role is general. As a file, a white list file which has not been diagnosed as malicious code for a certain time can be classified as a malicious file.

Thus, the white list configuration information generated by the configuration information generation unit 220 may be as shown in FIG. 7.

That is, as shown in FIG. 7, the white list configuration information includes the total number of white list files (TOTAL W-LIST) of the white list configuration information, the creation date (DATE) of the white list configuration information, and the validity period (VALIDATE TERM). , File count information for each whitelist section, and verification information for each whitelist section, including at least one of the number of trusted files per whitelist section (referred to as normal files in FIG. 7), the number of general files, and the number of malicious files. And detailed information (not shown) for each lower whitelist section in the whitelist section.

Preferably, the white list configuration information as shown in FIG. 7 may be referred to as the highest white list configuration information.

When the change information for the white list is generated, the change information list generation unit 230 includes file unique numbers or file unique number sections and change state information of at least one white list file corresponding to the change information. Create a change information list.

That is, the change information list generation unit 230 generates at least one of the change information corresponding to the generated change information when the change information on the white list generated by the white list synchronization server 200 or obtained by another server (not shown) occurs. File sequence numbers or file sequence number and change status information for one or more whitelist files, for example, adding a new whitelist file, deleting an existing whitelist file, changing an existing whitelist file to a malicious file, etc. The change information list including the change status information may be generated.

On the other hand, it will be apparent that verification information (validation value) that can be given to each whitelist section or to each of at least one whitelist file included in the whitelist is not duplicated due to its characteristics.

Accordingly, the change information list generation unit 230 generates and manages a change information list of at least one white list file corresponding to the changed information, and thus, regarding the changed white list file included in the change information list. In the case of providing verification information (validation value), the verification information (validation value) given for each whitelist section or the verification information (validation value) given to each of at least one whitelist file included in the whitelist is not duplicated. It is desirable to avoid.

Then, the change information list generation unit 230 provides the verification information (verification value) given to the changed whitelist file included in the above-described change information list so as not to overlap with the verification information (verification value) already given and used. ) During the tracking period, which indicates how long to maintain the change information list, and reflects verification information (verification value) for the corresponding changed whitelist file in the white list after the tracking period has elapsed. It will be possible.

The synchronization controller 240 provides the whitelist configuration information to the specific client device 100, and provides the client whitelist configuration information of the whitelist section corresponding to the whitelist previously held in the specific client device 100 and the provision. By comparing the whitelist configuration information, it is determined whether or not the existing whitelist is changed.

In more detail, the synchronization controller 240 may newly update the whitelist configuration information, or when a specific cycle time arrives, or when a preset specific providing event occurs, such as when manual selection by an operator occurs. The client apparatus 100 may provide whitelist configuration information including at least one of file number information and verification information of the whitelist file for each whitelist section generated as described above, that is, the highest whitelist configuration information as illustrated in FIG. 7. .

Accordingly, the client device 100 determines whether the previously stored specific white list is changed by comparing the previously stored client white list configuration information with the white list configuration information provided by the white list synchronization server 200 as described above. Will judge.

After providing the highest white list configuration information as shown in FIG. 7 to the client apparatus 100, the synchronization controller 240 may compare the client white list configuration information with the provided white list configuration information from the client apparatus 100. Accordingly, when the detailed information of the specific whitelist section is requested, the client device 100 provides detailed information for each lower whitelist section in the specific whitelist section.

That is, when the detailed information of a specific white list section (for example, 400000000 to 429999999) is requested from the client device 100, the synchronization controller 240 requests a lower white list section in the requested white list section (for example, 400000000 to 429999999). Star information may be provided to the client device 100.

Here, the detailed information for each lower whitelist section recognizes a specific whitelist section (for example, 400000000 ~ 429999999) corresponding to the upper part as a whole, and thus the total number of whitelist files (TOTAL W-LIST), creation date (DATE), Number of files per lower whitelist section including at least one of validity period (VALIDATE TERM), number of trusted files per lower whitelist section, number of general files and number of malicious files, and verification information for lower whitelist section (verification value) And detailed information (not shown) for each lower whitelist section in the lower whitelist section.

Accordingly, as shown in FIG. 8, the synchronization controller 240 may request a white list section (eg, 400000000 ~) requested by the client device 100 in response to a detailed request of a specific whitelist section (eg, 400000000 to 429999999). 429999999) provides detailed information for each lower whitelist section, and again requests detailed information of a specific lower whitelist section (for example, 418000000 ~ 429999999) among the lower whitelist sections (for example, 418000000 ~ 429999999) The process of providing detailed information for each lower whitelist section may be repeated.

On the other hand, the client device 100, based on the detailed information for each lower whitelist section of the confirmed whitelist section (for example 400000000 ~ 429999999) or the confirmed whitelist section (for example 400000000 ~ 429999999) of the whitelist configuration information, If it is determined that there is a change to the white list because the file number information or the verification information is not the same, the client apparatus 100 sets the corresponding white list section in the previously-listed white list as a re-inspection target and then checks the specific inspection described above. May be reexamined without being excluded from the inspection target, or the whitelist synchronization server 200 may request a change list of the corresponding whitelist section.

Further, when the change information list of the specific white list section is requested from the client apparatus 100 according to a result of comparing the client white list configuration information with the provided white list configuration information, the synchronization controller 240 changes the change information. The client device 100 includes the change information list generated by the list generation unit 230 or the partial change information list included in the specific white list section changed on the change information list last provided to the specific client device from the change information list. To provide.

That is, the synchronization controller 240 may specify a specific whitelist section, for example, a specific whitelist section (for example, 400000000 to 429999999), or a lower whitelist section (for example, 418000000) from the client device 100. When the change information list of ˜429999999 is requested, the change information list generated by the change information list generation unit 230 or the change information list last provided to the client device 100 in response to the requested white list section is displayed. The changed partial change information list may be provided to the client device 100.

Hereinafter, a client device according to the present invention will be described in detail with reference to FIG. 3.

The client device 100 according to the present invention includes a white list information storage unit 110 that stores client white list configuration information of a specific white list and a white list section corresponding to the specific white list, and a plurality of files previously stored. When performing a specific check on the white, separated from the white list file included in the specific white list based on the file unique number from the inspection performing unit 120 and the white list synchronization server 200 When whitelist configuration information including at least one of file number information and verification information for each list section is received, a change is made to the specific whitelist previously stored by comparing the client whitelist configuration information and the received whitelist configuration information. It includes a synchronization unit 130 to determine whether or not.

The white list information storage unit 110 stores client white list configuration information of a specific white list and a white list section corresponding to the specific white list.

That is, the white list information storage unit 110 may acquire and store / manage a specific white list including a file held in the client device 100 as a white list file. Preferably, the whitelist synchronization server 200 includes a file held in the client device 100 as a whitelist file through interworking with at least one of the client device 100 and the file server 300. The whitelist may be provided to the client device 100.

In addition, the white list information storage unit 110 may obtain the white list configuration information of the white list section corresponding to the retained white list and store / manage it as client white list configuration information. Preferably, the whitelist synchronization server 200 may provide the client device 100 with whitelist configuration information of a whitelist section corresponding to the whitelist held in the client device 100.

The inspection performing unit 120 excludes the whitelist file included in the specific whitelist from the specific inspection target when performing a specific inspection on a plurality of previously held files.

The above-described specific test may include a test for diagnosing whether or not a file is a malicious code infection.

Thus, the inspection performing unit 120 may include a client vaccine that performs a test for diagnosing whether or not a malicious code is infected with respect to a plurality of files previously stored.

The inspection performing unit 120 performs a specific inspection as described above on a plurality of files previously stored therein, and excludes the whitelist file included in the stored whitelist from the specific inspection target. something to do.

The synchronization unit 130 receives the white list configuration information including at least one of file number information and verification information for each white list section divided based on the file unique number from the white list synchronization server 200. By comparing the list configuration information and the received white list configuration information, it is determined whether the pre-stored specific white list is changed.

In more detail, the synchronization unit 130 may receive the white list configuration information, for example, the highest white list configuration information, as shown in FIG. 7 from the white list synchronization server 200.

Accordingly, the synchronization unit 130 determines whether to change the previously stored specific white list by comparing the client white list configuration information stored in the white list information storage unit 110 and the received white list configuration information.

More specifically, for example, the synchronizer 130 checks the whitelist section corresponding to the client whitelist configuration information based on the verification information for each whitelist section included in the received whitelist configuration information, and the File number information and verification of the number of files including at least one of the number of trusted files, the number of general files, and the number of un malicious files corresponding to the checked whitelist section of the received whitelist configuration information, and the number of files of the client whitelist configuration information, and verification. By comparing the information and determining the same, it is possible to determine whether or not to change the specific white list.

That is, the synchronization unit 130 may include a white list corresponding to the client white list configuration information previously held in the white list information storage unit 110 based on the verification information for each white list section included in the received white list configuration information. Check the interval (ex: 400000000 ~ 429999999).

Then, the synchronization unit 130, the number of file information corresponding to the identified white list section (e.g. 400000000 ~ 429999999) of the received white list configuration information, that is, the number of trusted files, the number of general files and the number of un malicious files, respectively By comparing the number of files of the client whitelist configuration information previously held in the whitelist information storage unit 110, that is, the number of trusted files, the number of normal files, and the number of un malicious files, respectively, the same is determined. It is possible to determine whether or not the list has been changed.

Accordingly, when it is determined that the specific white list is changed as a result of the comparison of the client white list configuration information and the received white list configuration information, the synchronization unit 130 includes a lower white in the white list section corresponding to the specific white list. The detailed information per list section may be requested to the white list synchronization server 200, and a change area for the specific white list previously stored may be checked based on the received detailed information for each lower white list section.

That is, the synchronization unit 130, if the change of the white list is determined as a result of the comparison of the client white list configuration information and the received white list configuration information, that is, if the file number information or verification information of both information is not the same, The whitelist synchronization server 200 may request detailed information for each lower whitelist section in the whitelist section corresponding to the whitelist.

For example, if it is determined that there is a change in the white list because the file number information or the verification information is not the same, the synchronization unit 130 includes a lower white list in the checked white list section (eg, 400000000 to 429999999). Details of each section may be requested to the white list synchronization server 200.

Accordingly, as shown in FIG. 8, the synchronization unit 130 receives detailed information of each lower whitelist section in the requested specific whitelist section (eg, 400000000 to 429999999) from the whitelist synchronization server 200, and Based on the comparison of the client whitelist configuration information, it is possible to determine whether to change the whitelist, and when the change is determined again, for each lower whitelist section within a specific lower whitelist section (for example, 418000000 to 429999999) among the lower whitelist sections. The process of requesting details can be repeated.

Accordingly, the synchronization unit 130 may check a change region for the specific white list previously stored based on the received detailed information for each lower white list section.

That is, the synchronization unit 130 repeats the process of requesting / compareing detailed information for each lower whitelist section (for example, three times), and then changes the file list number range of the lower whitelist section determined as the whitelist change. Can be checked on the whitelist. For example, the synchronization unit 130 may check (eg, DIRTY) a change area determined as a white list change, that is, a storage area storing a file unique number range.

Meanwhile, when it is determined that the specific white list is changed as a result of comparing the client white list configuration information with the received white list configuration information, the synchronization unit 130 changes information of the white list section corresponding to the specific white list. The list may be requested to the white list synchronization server 200, and a change area for the specific white list may be checked based on the received change information list.

That is, if the change of the white list is determined as a result of the comparison between the client white list configuration information and the received white list configuration information, that is, if the file number information of both pieces of information is not the same, the synchronization unit 130 retains white. The change list of the white list section corresponding to the list (for example, 400000000 to 429999999) may be requested to the white list synchronization server 200.

Alternatively, the synchronization unit 130 repeats the process of requesting / compareing detailed information for each lower whitelist section as described above (for example, three times), and then changes the region determined as a whitelist change, that is, the lower whitelist section (for example, The change information list of 418000000 to 429999999 may be requested to the whitelist synchronization server 200.

The synchronization unit 130 may receive, from the white list synchronization server 200, a partial change information list extracted and generated based on the entire change information list or the file unique number included in the requested white list section.

Accordingly, the synchronization unit 130 may check a change area for the specific white list previously stored based on the received change information list.

That is, the synchronization unit 130 may include file unique numbers or file unique number sections included in the change information list and corresponding change state information (for example, adding a new white list file, deleting an existing white list file, and malicious existing white list file). On the basis of the change to a file, etc.), a white list file corresponding to the file unique number included in the change area determined by the white list change, that is, the par change information list, can be checked. For example, the synchronization unit 130 may check (eg, DIRTY) a change area determined as a white list change, that is, a storage area storing a file unique number.

Thereafter, the synchronization unit 130 may update the internally stored white list.

That is, the synchronization unit 130 obtains state information on at least one file corresponding to the changed area checked in the white list stored internally from the white list synchronization server 200 and according to the obtained state information. It is desirable to update on the whitelist.

For example, when the inspection performing unit 120 starts to perform the above-described specific inspection, the synchronization unit 130 performs the above-mentioned white list on the basis of each file unique number of a plurality of files to be inspected. A file with a file unique number that exists without checking the change area can be recognized as a normal whitelist file and can only be checked for simple file changes or can be skipped and excluded from the check.

On the other hand, when the inspection performing unit 120 starts to perform the above-described specific inspection, the synchronization unit 130 based on the file unique number for each of the plurality of files to be inspected, the above-described change list in the above-described white list Since the file with the file unique number with the check may not be a white list file, state information of the corresponding file is obtained from the white list synchronization server 200 and added, deleted, or deleted from the specific white list according to the obtained state information. It is preferable to update by performing a change or the like.

On the other hand, if it is determined that a change to the specific whitelist is determined as a result of comparing the client whitelist configuration information with the received whitelist configuration information, the synchronization unit 130 re-examines the determined whitelist section from the specific whitelist. Can be set as target.

That is, if it is determined that the change in the white list is determined as a result of the comparison of the client white list configuration information and the received white list configuration information, that is, the file number information or the verification information of both information is not the same, the change is made. The determined whitelist section (eg 400000000 ~ 429999999) can be set as a retest target in the previously saved whitelist.

Alternatively, the synchronization unit 130 repeats the process of requesting / compareing detailed information for each lower whitelist section as described above (for example, three times), and then changes the region determined as a whitelist change, that is, the lower whitelist section (for example, : 418000000 ~ 429999999) can be set as a retest target in the previously saved white list.

Thus, when the inspection performing unit 120 starts to perform the above-described specific inspection, the file of the whitelist section set as the re-inspection target in the synchronization unit 130 loses its meaning as a whitelist file and becomes the inspection target. The inspection will be performed by the inspection performing unit 120, and the synchronization unit 130 updates the white list by performing status information acquisition and / or re-search based on the file unique number of the corresponding file during the inspection process. As a result, the client whitelist configuration information can be rewritten (updated).

Thus, the whitelist held in the client device 100 is updated / synchronized to be the same as the corresponding whitelist of the whitelist synchronization server 200, and thus the whitelist of the client device 100 is the whitelist synchronization server 200. ), The client device 100 may update or change or receive / update the whitelist configuration information to correspond to the updated whitelist.

As described above, in the white list synchronization system including the white list synchronization server and the client device according to the present invention, the white list synchronization server divides the white list section based on the file unique number for all the white list files and verifies each section. And generate whitelist configuration information according to the information, and the client device checks only the information of the whitelist section corresponding to the whitelist configuration information of the whitelist held in the client device based on the whitelist configuration information. By determining whether or not the retained whitelist has been changed, the whitelist is updated by collecting / using only the necessary information of the section of the retained whitelist file on the client device, thereby providing a reliable and effective connection between the server and the client. List may enable updating and synchronization.

Hereinafter, the white list synchronization method according to the present invention will be described with reference to FIGS. 4 to 6. Here, for the convenience of description, the configuration shown in FIGS. 1 to 3 described above will be described with reference to the corresponding reference numerals.

First, a whitelist synchronization procedure according to a preferred embodiment of the present invention will be described with reference to FIG. 4.

The white list synchronization server 200 uniquely allocates files corresponding to each of the at least one white list file in response to a white list including at least one white list file determined to be in a normal state through the above-described specific inspection. The whitelist section is divided based on the number, and whitelist configuration information including at least one of the file number information and the verification information for each divided whitelist section is generated.

The white list synchronization server 200 may classify the white list section based on the file unique number assigned to each of the at least one white list file in response to the white list (S10).

In addition, the white list synchronization server 200 may generate, for each divided white list section, white list configuration information including at least one of file number information of a white list file belonging to a corresponding section and verification information for the corresponding section. There is (S20).

Furthermore, the client device 100 may obtain and store / manage the whitelist configuration information of the whitelist section corresponding to the retained whitelist. Preferably, the white list synchronization server 200 may provide the client device 100 with whitelist configuration information of a whitelist section corresponding to the whitelist held in the client device 100 (S30).

Accordingly, the client device 100 retains the white list generated through the cloud-based specific inspection, and further stores the white list configuration information of the white list section corresponding to the white list owned as the client white list configuration information. Can be managed (S40).

Accordingly, the client device 100 performs the specific check as described above with respect to a plurality of files previously stored therein, and excludes the whitelist file included in the stored whitelist from the specific check target. Will be (S50).

On the other hand, the white list synchronization server 200 provides the white list configuration information to a specific client device 100 (S60).

The client apparatus 100 may further include file number information and verification information corresponding to the identified white list section (eg, 400000000 to 429999999) of the received white list configuration information, and file number information of the client white list configuration information. And by comparing the verification information to determine whether the same (S70), it is possible to determine whether or not to change the specific white list already held (S80).

Accordingly, if it is determined that there is a change in the white list because the file number information or the verification information is not the same, the client device 100 for each lower white list section in the checked white list section (eg, 400000000 to 429999999) The detailed information may be requested to the white list synchronization server 200 (S90).

On the other hand, the client device 100, based on the detailed information for each lower whitelist section of the confirmed whitelist section (for example 400000000 ~ 429999999) or the confirmed whitelist section (for example 400000000 ~ 429999999) of the whitelist configuration information, If it is determined that there is a change to the white list because the file number information and the verification information are not the same, the client device 100 may change the list of change information of the white list section corresponding to the previously held white list to the white list synchronization server 200. ) Can be requested (S90).

Accordingly, the client device 100 may update the internally stored white list by using the received change information list (S100).

Hereinafter, a synchronization control method of a white list synchronization server according to the present invention will be described with reference to FIG. 5.

The synchronization control method of the white list synchronization server according to the present invention is assigned to correspond to each of the at least one white list file in response to a white list including at least one white list file determined to be in a normal state through a specific inspection. The whitelist section is classified based on a file unique number, and whitelist configuration information including at least one of file number information and verification information for each divided whitelist section is generated.

Accordingly, the method for controlling synchronization of the whitelist synchronization server according to the present invention directly generates or generates a whitelist including at least one whitelist file determined to be in a normal state, that is, not infected with malicious code through such a check. A white list generated by a server (not shown) may be obtained (S110).

Accordingly, in the synchronization control method of the white list synchronization server according to the present invention, the white list section may be divided based on the assigned file unique number corresponding to each of the at least one white list file included in the white list (S120). ).

Accordingly, the synchronization control method of the white list synchronization server according to the present invention includes a white list section (eg, 1 million files) based on a file unique number assigned to each of the at least one white list file in response to the white list. Identification number unit).

In addition, the synchronization control method of the white list synchronization server according to the present invention includes, for each divided white list section, a white list including at least one of file number information of the white list file belonging to the section and verification information for the section. Information may be generated (S130).

Here, when the generated white list configuration information is described in detail, the total number of white list files of the white list configuration information, the creation date of the white list configuration information, the validity period, the number of trusted files for each white list section, the number of general files, and the like It may include at least one of file number information for each whitelist section including at least one of the number of malicious files, verification information for each whitelist section, and detailed information for each lower whitelist section in the whitelist section.

Thus, the white list configuration information generated in the synchronization control method of the white list synchronization server according to the present invention may be as shown in FIG. 7. Preferably, the white list configuration information as shown in FIG. 7 may be referred to as the highest white list configuration information.

Meanwhile, in the synchronization control method of the white list synchronization server according to the present invention, the white list configuration information of the white list section corresponding to the white list held in the client device 100 may be provided to the client device 100 (S140). ).

On the other hand, in the synchronization control method of the white list synchronization server according to the present invention, when the change information for the white list (S150), file unique numbers or file unique to the at least one white list file corresponding to the change information A change information list including a number section and change state information is generated (S160).

That is, in the synchronization control method of the white list synchronization server according to the present invention, when the change information on the white list generated by the white list synchronization server 200 or acquired by another server (not shown) occurs, the changed information generated. File sequence numbers or file sequence number and change status information for at least one whitelist file corresponding to, e.g., adding a new whitelist file, deleting an existing whitelist file, or exposing an existing whitelist file The change information list including the change status information about the change etc. may be generated as a file.

In addition, the synchronization control method of the white list synchronization server according to the present invention provides the white list configuration information to a specific client device 100 (S170), and corresponds to the white list previously held in the specific client device 100. By comparing the client whitelist configuration information of the whitelist section with the provided whitelist configuration information, it is determined whether to change the previously stored whitelist.

In more detail, the synchronization control method of the white list synchronization server according to the present invention may be applied to a method such as when the white list configuration information is newly updated, when a specific cycle time arrives, or when manual selection is made by an operator. When the set specific provision event occurs, the client device may include whitelist configuration information including at least one of file number information and verification information of the whitelist file for each whitelist section generated as described above, that is, the highest whitelist configuration information as illustrated in FIG. 7. 100).

After providing the highest white list configuration information as shown in FIG. 7 to the client device 100, the synchronization control method of the white list synchronization server according to the present invention includes the client white list configuration information and the provided white data from the client device 100. When the detailed information of the specific whitelist section is requested according to the comparison result of the list configuration information (S180), the detailed information for the lower whitelist section in the specific whitelist section is provided to the client device 100 (S185).

That is, in the synchronization control method of the white list synchronization server according to the present invention, when the detailed information of a specific white list section (for example, 400000000 to 429999999) is requested from the client device 100, the requested white list section (for example, 400000000 to Detailed information for each lower whitelist section in 429999999 may be provided to the client device 100.

Thus, as shown in Figure 8, the synchronization control method of the white list synchronization server according to the present invention, the white requested by the request of the detailed information of a specific white list period (for example 400000000 ~ 429999999) from the client device 100 Provides detailed information for each lower whitelist section within the list section (eg 400000000 ~ 429999999), and again requests the details of a specific lower whitelist section (eg 418000000 ~ 429999999) among the lower whitelist sections. (Eg 418000000 ~ 429999999) You can repeat the process of providing detailed information for each lower whitelist section.

On the other hand, the client device 100, based on the detailed information for each lower whitelist section of the confirmed whitelist section (for example 400000000 ~ 429999999) or the confirmed whitelist section (for example 400000000 ~ 429999999) of the whitelist configuration information, If it is determined that there is a change to the white list because the file number information or the verification information is not the same, the client device 100 may change the list of change information of the white list section corresponding to the previously held white list to the white list synchronization server 200. ) Can be requested.

Accordingly, in the synchronization control method of the white list synchronization server according to the present invention, when the change information list request is received, the change information list generated / managed as described above will be provided to the client device 100 (S190).

Furthermore, in the synchronization control method of the white list synchronization server according to the present invention, the change information of the specific white list section according to a result of comparing the client white list configuration information and the provided white list configuration information from the client device 100. When the list is requested, the client device 100 provides the changed information list or the partial change information list included in the specific white list section among the changed information list.

That is, the synchronization control method of the white list synchronization server according to the present invention may include a specific white list section, for example, a specific white list section (for example, 400000000 to 429999999), or a lower level, from the client device 100. When a change information list of a white list section (eg, 418000000 to 429999999) is requested, all of the generated change information list or a part changed on the list of change information last provided to the client device 100 in response to the requested white list section The change information list may be provided to the client device 100.

Hereinafter, a method of operating a client device according to the present invention will be described with reference to FIG. 6.

In the method of operating a client device according to the present invention, the client whitelist configuration information of a whitelist and a whitelist section corresponding to the specific whitelist is stored (S200).

That is, the method of operating a client device according to the present invention may acquire and store / manage a specific white list including a file held in the client device 100 as a white list file. Preferably, the whitelist synchronization server 200 includes a file held in the client device 100 as a whitelist file through interworking with at least one of the client device 100 and the file server 300. The whitelist may be provided to the client device 100.

In addition, the method of operating a client device according to the present invention may obtain whitelist configuration information of a whitelist section corresponding to a retained whitelist and store / manage it as client whitelist configuration information. Preferably, the whitelist synchronization server 200 may provide the client device 100 with whitelist configuration information of a whitelist section corresponding to the whitelist held in the client device 100.

In the method of operating a client device according to the present invention, when performing a specific check on a plurality of previously held files, the whitelist file included in the specific whitelist is excluded from the specific check target (S210).

Accordingly, a method of operating a client device according to the present invention may include a client vaccine for performing a test for diagnosing whether a malicious code is infected with a plurality of files previously stored.

In the method of operating a client device according to the present invention, in performing a specific inspection as described above with respect to a plurality of files previously stored therein, a whitelist file included in the stored whitelist may be used at the specific inspection target. Will do so.

In the operating method of the client device according to the present invention, when the whitelist configuration information including at least one of file number information and verification information for each whitelist section divided based on the file unique number is received from the whitelist synchronization server 200 In operation S220, it is determined whether the specific white list is changed by comparing the client white list configuration information with the received white list configuration information in operation S230.

More specifically, in the method of operating the client device according to the present invention, the whitelist configuration information as shown in FIG. 7, for example, the highest whitelist configuration information may be received from the whitelist synchronization server 200.

Accordingly, in the method of operating the client device according to the present invention, the stored white list configuration information is compared with the received white list configuration information to determine whether or not to change the previously stored specific white list.

More specifically, for example, the method of operating a client device according to the present invention may include selecting a whitelist section corresponding to the client whitelist configuration information based on verification information for each whitelist section included in the received whitelist configuration information. A file number information and a file of the client white list configuration information including the number of trusted files and at least one of a normal file number and a malicious file number corresponding to the checked white list section of the received white list configuration information. By comparing the number information and the verification information to determine whether the same, it is possible to determine whether or not to change the specific white list.

That is, in the operating method of the client device according to the present invention, the whitelist section corresponding to the previously stored client whitelist configuration information based on the verification information for each whitelist section included in the received whitelist configuration information (for example, 400000000) ~ 429999999).

In addition, the method of operating a client device according to the present invention may include file number information corresponding to the identified whitelist section (eg, 400000000 to 429999999) of the received whitelist configuration information, that is, the number of trusted files, the number of general files, and the malicious Whether the number of files is changed by comparing the number of files in the client whitelist configuration information, that is, the number of trusted files, the number of normal files, and the number of un malicious files, respectively, to determine whether the files are the same. Can be determined.

Accordingly, in the method of operating a client device according to the present invention, if a change to the specific white list is determined as a result of comparing the client white list configuration information and the received white list configuration information (No), the method corresponds to the specific white list. Requests the whitelist synchronization server 200 for detailed information of each lower whitelist section within the whitelist section, and checks a change area for the specific whitelist previously stored based on the received detailed information of the lower whitelist section. It may be (S250).

That is, in the operation method of the client device according to the present invention, if the change of the white list is determined as a result of the comparison of the client white list configuration information and the received white list configuration information, that is, if the file number information of both information is not the same, The whitelist synchronization server 200 may request detailed information for each lower whitelist section in the whitelist section corresponding to a specific whitelist.

For example, in the operation method of the client device according to the present invention, if it is determined that there is a change in the white list because the file number information or the verification information is not the same, the checked white list section (for example, 400000000 to 429999999) The whitelist synchronization server 200 may request detailed information of each lower whitelist section within the list.

Accordingly, in the method of operating the client device according to the present invention, as shown in FIG. 8, the detailed information for each lower whitelist section in the requested specific whitelist section (eg, 400000000 to 429999999) is received from the whitelist synchronization server 200. On the basis of this, it is possible to determine whether or not to change the white list by comparing with the client white list configuration information, and when the change is determined, the lower part within a specific lower white list section (eg, 418000000 to 429999999) among the lower white list sections. The process of requesting detailed information for each whitelist section can be repeated.

Accordingly, the method of operating the client device according to the present invention may check a change region for the specific white list previously stored based on the received detailed information for each lower whitelist section.

That is, in the operation method of the client device according to the present invention, after repeating (for example, three times) the request / comparison of the detailed information for each lower whitelist section, the changed region determined as the whitelist change, that is, the lower whitelist section You can check the file unique number range in the whitelist. For example, the method of operating a client device according to the present invention may check (eg, DIRTY) a change area determined as a white list change, that is, a storage area storing a file unique number range.

On the other hand, in a method of operating a client device according to the present invention, if it is determined that a change to the specific whitelist is determined as a result of comparing the client whitelist configuration information and the received whitelist configuration information, the whitelist corresponding to the specific whitelist The change information list of the section may be requested to the white list synchronization server 200, and the change region for the specific white list may be checked based on the received change information list (S250).

That is, in the operation method of the client device according to the present invention, if the change of the white list is determined as a result of the comparison of the client white list configuration information and the received white list configuration information, that is, if the file number information of both information is not the same, The whitelist synchronization server 200 may request a list of change information of a whitelist section (eg, 400000000 to 429999999) corresponding to the whitelist.

Alternatively, in the method of operating a client device according to the present invention, as described above, after repeatedly requesting / compareing detailed information for each lower whitelist section (for example, three times), a change area determined as a whitelist change, that is, a lower white. The change information list of the list section (eg, 418000000 to 429999999) may be requested to the white list synchronization server 200.

Accordingly, the method of operating a client device according to the present invention may receive, from the white list synchronization server 200, a partial change information list extracted and generated based on the entire change information list or the file unique number included in the requested white list section. can do.

Accordingly, the method of operating the client device according to the present invention may check a change area for the specific white list previously stored based on the received change information list.

That is, the operation method of the client device according to the present invention includes a file unique number included in the change information list and corresponding change state information (for example, adding a new white list file, deleting an existing white list file, and a malicious white list file as malicious files). On the basis of the change, etc.), the white area of the change area determined as the white list change, that is, the file unique number corresponding white list file included in the wave change information list can be checked. For example, the method of operating a client device according to the present invention may check (eg, DIRTY) a change area determined as a white list change, that is, a storage area storing a file unique number.

Thereafter, the operating method of the client device according to the present invention may update the internally stored white list (S260).

That is, in the operating method of the client device according to the present invention, the state information of at least one file corresponding to the changed region checked in the white list stored in the internal device is obtained from the white list synchronization server 200, and the obtained state information is obtained. It is desirable to update in the specific whitelist according to.

For example, in performing the above-described specific inspection, the operation method of the client device according to the present invention includes the above-described change list in the aforementioned whitelist based on each file unique number of a plurality of files to be inspected. A file with a file unique number that exists without a check can be recognized as a normal whitelist file and can only be checked for simple file changes, or it can be omitted from the check.

On the other hand, in starting to perform the above-described specific inspection, the operation method of the client device according to the present invention, based on each file unique number for the plurality of files to be inspected, the above-described change list check in the above-mentioned white list Since a file having a file unique number may not be a white list file, state information of the corresponding file is obtained from the white list synchronization server 200, and added, deleted, changed, etc. in the specific white list according to the obtained state information. It is preferable to perform the update.

As described above, in the whitelist synchronization method including the whitelist synchronization server and the client device according to the present invention, the whitelist synchronization server divides the whitelist section based on the file unique number for all the whitelist files and verifies the sections. And generate whitelist configuration information according to the information, and the client device checks only the information of the whitelist section corresponding to the whitelist configuration information of the whitelist held in the client device based on the whitelist configuration information. By determining whether or not the retained whitelist has been changed, the whitelist is updated by collecting / using only necessary information of the section of the retained whitelist file in the client device, thereby providing reliable and effective white between the server and the client. Host may enable updating and synchronization.

The security document execution method and the document management method of the terminal device according to an embodiment of the present invention may be implemented in the form of program instructions that can be executed by various computer means and recorded in a computer readable medium. The computer readable medium may include program instructions, data files, data structures, etc. alone or in combination. Program instructions recorded on the media may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic disks, such as floppy disks. Magneto-optical media, and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like. The hardware device described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

In the present invention as described above has been described by the specific embodiments, such as specific components and limited embodiments and drawings, but this is provided to help a more general understanding of the present invention, the present invention is not limited to the above embodiments. For those skilled in the art, various modifications and variations are possible from these descriptions.

Therefore, the spirit of the present invention should not be limited to the described embodiments, and all the things that are equivalent to or equivalent to the claims as well as the following claims will belong to the scope of the present invention. .

Claims

In response to a whitelist including at least one whitelist file determined to be in a normal state through a specific inspection, whitelist sections are classified based on file unique numbers assigned to each of the at least one whitelist file, A configuration information generation unit configured to generate white list configuration information including at least one of file number information and verification information for each whitelist section; And

The whitelist configuration information is provided to a specific client device, and the client whitelist configuration information of the whitelist section corresponding to the whitelist previously held in the specific client device is compared with the provided whitelist configuration information. And a synchronization control unit to determine whether or not the changed white list has been changed.
The method of claim 1,

The white list configuration information,

By whitelist section including at least one of the total number of whitelist files of the whitelist configuration information, the date of creation of the whitelist configuration information, the expiration date, the number of trusted files per whitelist section, and the number of general files and the number of un malicious files And at least one of file number information, whitelist verification information for each whitelist section, and detailed information for each lower whitelist section in the whitelist section.
The method of claim 2,

The synchronization control unit,

If the detailed information of a specific whitelist section is requested according to a result of comparing the client whitelist configuration information and the provided whitelist configuration information from the specific client device, the detailed information of the lower whitelist section in the specific whitelist section is displayed. White list synchronization server, characterized in that provided to the specific client device.
The method of claim 1,

When the change information for the white list is generated, a change information list generation for generating a change information list including file unique numbers or file unique number sections and change status information of at least one or more white list files corresponding to the change information. White list synchronization server further comprises a wealth.
The method of claim 4, wherein

The synchronization control unit,

When a change information list of the specific white list section is requested according to a result of comparing the client white list configuration information and the provided white list configuration information from the specific client device, the specific client of the change information list or the change information list is requested. And providing a specific change information list included in the specific white list section changed on the change information list last provided to the device to the specific client device.
A white list information storage unit for storing client white list configuration information of a specific white list and a white list section corresponding to the specific white list;

A check performing unit excluding a white list file included in the specific white list from the specific inspection target when performing a specific inspection on a plurality of previously held files; And

If whitelist configuration information including at least one of file number information and verification information for each whitelist section divided based on a file unique number is received from a whitelist synchronization server, the client whitelist configuration information and the received whitelist configuration And a synchronization unit to determine whether the specific white list has been changed by comparing information.
The method of claim 6,

The synchronization unit,

Based on the verification information for each whitelist section included in the received whitelist configuration information, a whitelist section corresponding to the client whitelist configuration information is checked, and the whitelist section of the received whitelist configuration information is included in the checked whitelist section. The file number information including at least one of a corresponding trusted file number, a general file number, and a malicious file number, and file number information and verification information of the client white list configuration information are compared to determine the same, and the specific white list is determined. Determining whether to change to the client device.
The method of claim 6,

The synchronization unit,

When it is determined that the change is made to the specific white list as a result of comparing the client white list configuration information with the received white list configuration information, the white list includes detailed information for each lower white list section in the white list section corresponding to the specific white list. Requesting a synchronization server and checking a change area for the specific white list previously stored based on the received details of the lower white list section.
The method of claim 6,

The synchronization unit,

When it is determined that the change to the specific white list is determined as a result of comparing the client white list configuration information and the received white list configuration information, request the change list of the white list section corresponding to the specific white list to the white list synchronization server. And checking a change area for the specific white list previously stored based on the received change information list.
The method of claim 6,

The synchronization unit,

When it is determined that a change to the specific white list is determined as a result of the comparison between the client white list configuration information and the received white list configuration information, the specific white list section determined to be changed is set as a retest target in the specific white list. Client device.
The method according to claim 8 or 9,

The synchronization unit,

And obtaining status information of at least one file corresponding to the changed area checked in the specific white list from the white list synchronization server and updating the specific white list according to the obtained status information. .
In response to a whitelist including at least one whitelist file determined to be in a normal state through a specific inspection, whitelist sections are classified based on file unique numbers assigned corresponding to each of the at least one whitelist file, A configuration information generation step of generating whitelist configuration information including at least one of file number information and verification information for each divided whitelist section; And

The whitelist configuration information is provided to a specific client device, and the client whitelist configuration information of the whitelist section corresponding to the whitelist previously held in the specific client device is compared with the provided whitelist configuration information. And a synchronization control step of determining whether a changed whitelist has been changed.
The method of claim 12,

The white list configuration information,

By whitelist section including at least one of the total number of whitelist files of the whitelist configuration information, the date of creation of the whitelist configuration information, the expiration date, the number of trusted files per whitelist section, and the number of general files and the number of un malicious files And at least one of file number information, whitelist verification information for each whitelist section, verification information, and detailed information for each lower whitelist section in the whitelist section.
The method of claim 13,

If the detailed information of a specific whitelist section is requested according to a result of comparing the client whitelist configuration information and the provided whitelist configuration information from the specific client device, the detailed information of the lower whitelist section in the specific whitelist section is displayed. And providing the specific client device to the whitelist synchronization server.
The method of claim 12,

Generating a change information list including file unique numbers or file unique number sections and change state information of at least one white list file corresponding to the change information when the change information on the white list is generated; And a synchronization control method of the white list synchronization server.
The method of claim 15,

When a change information list of the specific white list section is requested according to a result of comparing the client white list configuration information and the provided white list configuration information from the specific client device, the specific client of the change information list or the change information list is requested. And providing, to the specific client device, a part of the change information list included in the specific white list section changed on the change information list last provided by the device to the specific client device.
A white list information storing step of storing client white list configuration information of a specific white list and a white list section corresponding to the specific white list;

Performing a specific check on a plurality of pre-stored files, performing a check of excluding a whitelist file included in the specific whitelist from the specific check target; And

If whitelist configuration information including at least one of file number information and verification information for each whitelist section divided based on a file unique number is received from a whitelist synchronization server, the client whitelist configuration information and the received whitelist configuration And a synchronization step of determining whether the specific white list has been changed by comparing the information.
The method of claim 17,

The synchronization step,

Based on the verification information for each whitelist section included in the received whitelist configuration information, a whitelist section corresponding to the client whitelist configuration information is checked, and the whitelist section of the received whitelist configuration information is included in the checked whitelist section. The file number information including at least one of a corresponding trusted file number, a general file number, and a malicious file number, and file number information and verification information of the client white list configuration information are compared to determine the same, and the specific white list is determined. Method for operating a client device, characterized in that for determining whether or not to change.
The method of claim 17,

When it is determined that the change is made to the specific white list as a result of comparing the client white list configuration information with the received white list configuration information, the white list includes detailed information for each lower white list section in the white list section corresponding to the specific white list. Requesting a synchronization server, and checking a change area for the specific white list previously stored based on the received details of each lower whitelist section.
The method of claim 17,

When it is determined that the change to the specific white list is determined as a result of comparing the client white list configuration information and the received white list configuration information, request the change list of the white list section corresponding to the specific white list to the white list synchronization server. And checking a change area for the specific white list previously stored based on the received change information list.
The method of claim 17,

When it is determined that a change to the specific white list is determined as a result of the comparison of the client white list configuration information and the received white list configuration information, the specific white list section determined to be changed is set as a retest target in the specific white list. How client devices work.
The method of claim 19 or 20,

And obtaining status information of at least one file corresponding to the changed area checked in the specific white list from the white list synchronization server and updating the specific white list according to the obtained status information. Method of operation.
A computer-readable recording medium having recorded thereon a program for performing the method of claim 12.