WO2017078198A1 - Système de sécurité des données - Google Patents

Système de sécurité des données Download PDF

Info

Publication number
WO2017078198A1
WO2017078198A1 PCT/KR2015/011844 KR2015011844W WO2017078198A1 WO 2017078198 A1 WO2017078198 A1 WO 2017078198A1 KR 2015011844 W KR2015011844 W KR 2015011844W WO 2017078198 A1 WO2017078198 A1 WO 2017078198A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
file
document
user
security agent
Prior art date
Application number
PCT/KR2015/011844
Other languages
English (en)
Korean (ko)
Inventor
배종상
Original Assignee
(주)와우소프트
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)와우소프트 filed Critical (주)와우소프트
Priority to PCT/KR2015/011844 priority Critical patent/WO2017078198A1/fr
Publication of WO2017078198A1 publication Critical patent/WO2017078198A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Definitions

  • the present invention relates to a server-based electronic document management system, and more particularly, to a data security system for preventing security information from being leaked in a process of printing and sharing a document.
  • the technical problem of the present invention is to provide a data security system that can facilitate cooperation while maintaining security by providing a function for delivering electronic documents in consideration of user-specific authority in a server-based electronic document management system. .
  • An object of the present invention is to provide a data security system that can automatically detect the security information when you want to store or output the electronic document in the server-based electronic document management system so that the security information does not leak.
  • the present invention in the data security system comprising a security agent 100 and the server 200,
  • the security agent 100 when the user closes the document, stores the file stored in the local temporary folder or the secure folder on the server and deletes the file;
  • the security agent 100 transmits a log for opening, editing, and storing the file to the server 200;
  • the security agent 100 includes the step of transmitting a log for this to the server 200,
  • security agent 100 providing a interface for a user to transfer document files to a shared folder and to select another user or group to share;
  • the server 200 may not meet the settings by selectively considering the security level of the document file to be shared, the user's authority, the authority of another user to share the file, the authority of the file sharing folder, or the authority of the group to share the file. In case of sharing, stopping the sharing procedure; And
  • the server 200 allows sharing, and the security agent 100, characterized in that it comprises the step of transmitting a log for this, the data security system To solve the technical problem by providing.
  • the security agent 100 transmitting a log thereof to the server 200;
  • the server 200 is to solve the technical problem by providing a data security system, characterized in that it comprises the step of isolating the detected document file or the document being created in a specific folder according to the setting.
  • the security agent 100 transmitting a log including the output image to the server 200;
  • the security agent 100 when the security agent 100 detects a specific pattern or keyword, it transmits a log thereof to the server 200, and the server 200 performs a pattern masking or approval procedure according to the setting;
  • the security agent 100 is to solve the technical problem by providing a data security system, characterized in that it comprises the step of outputting a document by applying a watermark profile received from the server 200.
  • the data security system according to the present invention not only manages a document life cycle of an organization member, but also has an effect of enhancing security by preventing security information from being leaked during a process of printing and sharing a document.
  • Data security system by providing a function to deliver the electronic document in consideration of the user-specific authority in the server-based electronic document management system, it is possible to smoothly work while maintaining security.
  • the data security system may automatically detect security information when a server-based electronic document management system attempts to store or output an electronic document so that the security information does not leak.
  • FIG. 1 is a diagram illustrating a network environment to which a data security system according to the present invention is applied.
  • FIG. 2 is a diagram showing the main configuration of a data security system according to the present invention.
  • FIG. 3 is a diagram showing the main configuration of the manager service module 250 of the data security system according to the present invention.
  • 4 to 7 are schematic diagrams illustrating the operation of the data security system according to the present invention.
  • the security agent 100 when the user closes the document, stores the file stored in the local temporary folder or the secure folder on the server and deletes the file;
  • the security agent 100 transmits a log for opening, editing, and storing the file to the server 200;
  • the security agent 100 includes the step of transmitting a log for this to the server 200,
  • the security agent 200 providing a interface for a user to transfer document files to a shared folder and to select another user or group to share;
  • the server 200 may not meet the settings by selectively considering the security level of the document file to be shared, the user's authority, the authority of another user to share the file, the authority of the file sharing folder, or the authority of the group to share the file. In case of sharing, stopping the sharing procedure; And
  • the server (200) allows sharing, and the security agent (100), characterized in that it comprises the step of transmitting a log for this, the data security system.
  • FIG. 1 is a diagram illustrating a network environment to which a data security system according to the present invention is applied.
  • a plurality of user PCs are connected to a network, and an electronic document can be output to a local printer or a network shared printer.
  • FIG. 2 is a diagram showing the main configuration of a data security system according to the present invention.
  • the data security system includes a security agent 100 and a server 200.
  • the security agent 100 is automatically installed in the user PC and operates simultaneously with the booting of the PC to continuously monitor the user PC.
  • the security agent 100 is configured to be managed and automatically upgraded by the server 200. Depending on the design conditions, the PC may not be used unless the user logs in to the security agent 100.
  • the security agent 100 is configured to include a login agent module 110, a file input / output control unit 120, a file navigation unit 130, and a security control unit 140.
  • the login agent module provides an interface for the user to log in to the security agent 100 at the same time the user PC is booted.
  • the file input / output control unit 120 includes a file open module, a file lock module, a file access log module, and a file uplog module.
  • the file open module is a user interface for navigating a file on a server and selecting a file for a file open command in a document processing application (eg, MS-WORD, MS-EXCEL, etc.) that a user wants to use. Play the role of providing.
  • a document processing application eg, MS-WORD, MS-EXCEL, etc.
  • the file lock module plays a role of saving a file stored in the server in a temporary folder of the user's computer when the application is opened in an application and preventing copying and leaking of the stored file.
  • the security zone is an area in which only allowed processes among the processes of the user computer can process files in the security zone folder.
  • whether or not to allow a process may be set according to a user's authority.
  • users with low privileges may not be able to save files in a temporary folder or a secure folder at all.
  • the file access log module is responsible for transmitting logs for opening and storing files stored in the server.
  • the file upload module is responsible for uploading the stored file to the server and deleting the file from the user's computer.
  • the file navigation means 130 includes a user file navigation interface module and a shared interface module.
  • the user file navigation interface module provides a window explorer-like interface to user files stored on the server to facilitate easy access.
  • the shared interface module provides an interface for transferring files to a shared folder and selecting other users in order to deliver user files stored on the server to other users in the company.
  • the individual or department can be selected.
  • the server 200 may be designed to allow sharing in consideration of both the rights of the user to be shared and the rights of the selected user.
  • the security control means 140 includes an output log transmission module, an authority storage module, a watermark module and a pattern detection module.
  • the output log transmission module performs a function of generating an image and information extracted from the electronic document as a log and transmitting it to the server when the user outputs the electronic document to the printer.
  • the authority storage module provides information to the server 200 by monitoring whether the user performs according to the correct authority while storing the user-specific authority transmitted from the server 200 and performing file input / output, sharing setup, and printing.
  • the watermark module performs a function of automatically inserting image or print information into a printout according to a watermark policy assigned to a user. In addition, when a pattern or keyword including security information is detected, a function of masking security information is performed.
  • the pattern detection module detects whether a pattern or keyword according to security information is included in the document generated by the user and the output document. That is, the server 200 receives information about the pattern of the social security number or the key word keyword and automatically detects whether the pattern or the keyword is included.
  • the server 200 is configured to include a login service module 210, a file log module 220, a file management service module 230, a print log module 240, an administrator service module 250, and a database 260. .
  • the login service module 210 When the user enters his ID and password, the login service module 210 confirms the user and automatically upgrades the security agent 100 in association with other modules in the server 200.
  • the user authority, watermark profile, and pattern detection information are stored in the user's computer.
  • the file log module 220 stores a log generated when a user opens, edits, stores, or deletes a file stored in a server.
  • the file management service module 230 performs a function of storing a file created or stored by a user in a server, providing a navigation function for a file stored in the server, and providing a download service for a file selected by the user. do.
  • an electronic document in which a specific pattern or keyword is detected may be stored in an isolation folder to inform an administrator.
  • the print log module 240 performs a function of storing an output image transmitted from a client in a server and storing output information in a database when outputting a document.
  • the manager service module 250 includes a user-specific permission setting module, a pattern setting module, a pattern masking module, a file history search module, an output approval module, and a sharing setting module. Mainly, functions to provide services such as user authority management, watermark profile management, file storage management, pattern management, log inquiry, output approval, and sharing settings (see FIG. 3).
  • the manager service module 250 may not be limited to the internal network but may access the server 200 using an external network such as the Internet at a remote location to obtain the above result.
  • the database 260 stores all of a user's authority, document file, watermark profile, pattern or security keyword, log information, output image, and the like, and sets a plurality of backup copies for the case.
  • 4 to 7 are schematic diagrams illustrating the operation of the data security system according to the present invention.
  • the security agent 100 detects this and starts monitoring.
  • the user uses the server 200 explorer to load an existing document stored in his or her folder or start creating a new document.
  • the document is saved as a local temporary file, the document is stored on the server after the temporary file is locked, and the local temporary file is deleted.
  • the document may be stored in the local security area and then deleted.
  • the folder in the security area may be set so that files in the folder may not be deleted or copied arbitrarily according to the permission of the process and the user.
  • users with low privilege levels may be designed so that documents are not stored at all.
  • the output log contains an image of the document to be printed.
  • pattern masking is performed according to the server setting.
  • the server determines that the sharing is out of authority setting, it can notify the administrator, prevent the sharing procedure from being performed, or allow the approval process. For example, if the user's permission is not allowed to share the document, the user cannot share the document to a user with a lower level of security than the document's security level, or if the permissions of the shared folder do not match those of the user to be shared.
  • the setting can be mentioned.

Abstract

Selon la présente invention, un système de sécurité de données peut non seulement gérer le cycle de vie de documents d'un élément d'une organisation mais également d'augmenter la sécurité en empêchant une fuite d'informations de sécurité pendant l'impression et le partage de documents. En outre, le système de sécurité de données est doté d'une fonction de transfert d'un document électronique en fonction de l'autorisation de chaque utilisateur dans un système de gestion de documents électroniques sur la base d'un serveur, il est possible d'activer une coopération d'affaires simplifiée tout en maintenant la sécurité, et lorsqu'un document électronique est stocké ou émis, il est possible de détecter automatiquement des informations de sécurité et d'empêcher une fuite des informations de sécurité.
PCT/KR2015/011844 2015-11-05 2015-11-05 Système de sécurité des données WO2017078198A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/KR2015/011844 WO2017078198A1 (fr) 2015-11-05 2015-11-05 Système de sécurité des données

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2015/011844 WO2017078198A1 (fr) 2015-11-05 2015-11-05 Système de sécurité des données

Publications (1)

Publication Number Publication Date
WO2017078198A1 true WO2017078198A1 (fr) 2017-05-11

Family

ID=58662899

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2015/011844 WO2017078198A1 (fr) 2015-11-05 2015-11-05 Système de sécurité des données

Country Status (1)

Country Link
WO (1) WO2017078198A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114979125A (zh) * 2022-08-02 2022-08-30 天津联想协同科技有限公司 文件快速上传网盘方法、装置、终端及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060206486A1 (en) * 2005-03-14 2006-09-14 Mark Strickland File sharing methods and systems
KR20090024336A (ko) * 2007-09-04 2009-03-09 (주)와우소프트 서버기반 데이터보안/관리 시스템
KR20120128412A (ko) * 2011-05-17 2012-11-27 주식회사 링크 네트워크 파일 시스템 제어 장치 및 그 방법
KR101276261B1 (ko) * 2011-09-21 2013-06-20 주식회사 마스터소프트 원격 접속 보안 시스템
US20140165176A1 (en) * 2012-12-07 2014-06-12 Benedict Ow File sharing system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060206486A1 (en) * 2005-03-14 2006-09-14 Mark Strickland File sharing methods and systems
KR20090024336A (ko) * 2007-09-04 2009-03-09 (주)와우소프트 서버기반 데이터보안/관리 시스템
KR20120128412A (ko) * 2011-05-17 2012-11-27 주식회사 링크 네트워크 파일 시스템 제어 장치 및 그 방법
KR101276261B1 (ko) * 2011-09-21 2013-06-20 주식회사 마스터소프트 원격 접속 보안 시스템
US20140165176A1 (en) * 2012-12-07 2014-06-12 Benedict Ow File sharing system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114979125A (zh) * 2022-08-02 2022-08-30 天津联想协同科技有限公司 文件快速上传网盘方法、装置、终端及存储介质
CN114979125B (zh) * 2022-08-02 2023-01-06 天津联想协同科技有限公司 文件快速上传网盘方法、装置、终端及存储介质

Similar Documents

Publication Publication Date Title
WO2015034175A1 (fr) Procédé, système, et appareil d'amélioration de sécurité d'informations internes d'entreprise
JP3927376B2 (ja) データ持ち出し禁止用プログラム
WO2015160118A1 (fr) Procédé et appareil de contrôle d'accès de programme d'application pour zone de mémoire sécurisée
WO2018101727A1 (fr) Procédé et système de prévention de violation d'informations personnelles, dans lesquels une authentification biométrique et une division de phase d'un processus d'authentification sont combinées
WO2018056601A1 (fr) Dispositif et procédé de blocage de rançongiciel à l'aide d'une commande d'accès à un fichier de contenu
EP1950682B1 (fr) Procédé de gestion de données informatiques, programme et support d'enregistrement
US20090319786A1 (en) Electronic data security system and method
WO2011031093A2 (fr) Dispositif et procédé de gestion des droits numériques à l'aide d'une technique de virtualisation
WO2021107177A1 (fr) Procédé et système de blocage d'attaques de logiciels rançonneurs ou d'hameçonnage
WO2018030667A1 (fr) Procédé et système pour bloquer une attaque d'hameçonnage ou de rançongiciel
WO2015034176A1 (fr) Système de gestion de document intégré
WO2015101332A1 (fr) Procédé et système de gestion de classification de mots de passe
WO2017213473A1 (fr) Procédé de gestion de fichiers et appareil l'utilisant
WO2014003516A1 (fr) Procédé et appareil de fourniture de partage de données
WO2013100320A1 (fr) Système, terminal utilisateur, procédé et appareil pour protéger et récupérer un fichier de système
KR100943301B1 (ko) 서버기반 데이터 보안/관리 시스템
WO2009136740A2 (fr) Procédé et appareil de gestion d’information de liaison concernant un module (bundle) installé à distance dans une plate-forme de services osgi
WO2017078198A1 (fr) Système de sécurité des données
WO2018016830A1 (fr) Appareil et procédé de prévention de chiffrement de fichier
WO2014185627A1 (fr) Dispositif et procédé pour la sécurité d'un système de traitement des données
CN105095693A (zh) 一种基于互联网的数字资产安全共享的方法及其系统
WO2018124431A1 (fr) Système de surveillance de site web et procédé de surveillance
WO2018212456A1 (fr) Système de gestion intégré de type à distribution de données
WO2011145889A2 (fr) Terminal d'utilisateur, procédé et appareil de commande de la gestion de ses logiciels
WO2023113081A1 (fr) Procédé, appareil et support d'enregistrement lisible par ordinateur servant à commander l'exécution d'une charge de travail de conteneur dans un schéma de diffusion en continu d'événements dans un environnement infonuagique

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15907861

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15907861

Country of ref document: EP

Kind code of ref document: A1