KR20050081593A - Methodology of the computerized file security using the computer virus concept - Google Patents

Abstract

In general, documents are stored in the electronic form of files on a computer, and if these files are important, each company, research institute, or organization has made great efforts to prevent their leakage. The reality is that due to the factor, the file cannot be leaked. Therefore, the present invention devises a file security and file leakage prevention method using a computer virus principle, and refers to the technical inventions accordingly.

Description

{Methodology of the computerized file security using the computer virus concept}

The present invention relates to the security of computer file data. Conventional file security methods mainly use file encryption at the lower level of the OS, such as file encryption and virtual device drivers to control file input and output. However, security at the lower level of the OS (Operating System) is a fatal disadvantage that is revealed when all the data is retrieved by using a file such as a file by attaching it to another computer by attaching it to another computer and attaching it to a slave mode. In the Encrypt method, basically, a program that can release security on the user's computer that uses the file must be installed so that the secured file can be inquired. In addition, the encryption and decryption method can secure the file when the hard disk is physically stolen, but the program equipped with the decryption algorithm can be leaked, or the file can be easily decrypted if someone knows the security algorithm well. If the decryption function of the decryption program was compromised by an external virus or other hacker attack, it also contained a fatal flaw that even the owner of the data could not see the original file forever. In particular, the security concept at the OS (lower operating system) level is the principle of file control at the kernel level. Therefore, forcibly stopping the process of the kernel responsible for file security often makes security impossible. In many cases, the security functions of the company become useless. In addition, among existing file security solutions, there is a system that authenticates a user of a secured file using communication with a server on a network or the Internet, and determines whether or not to use the file according to the authentication result. This solution does not apply to users who use it, but also has a fatal flaw that the file cannot be used even when the communication is not smooth due to the online communication failure or hardware or software failure of the server system. It was.

.

According to the present invention, a file is inserted by inserting a program execution code equipped with a function of reading authorization setting condition and security setting information that can be released when a security officer of a file attempts to open the file in a file containing data. If the user accesses the file to view the secure file (without installing a separate decryption program or connecting to the Internet), the executable code that was inside the secure file is automatically executed to secure the file. It automatically checks whether the file is opened only in an authorized environment, and if it is not, the file is deleted by itself so that the file cannot be recovered forever or perform other auxiliary functions. . This is generally similar to the well-known virus operation concept and principle of a computer, and its purpose of execution is to turn to file security. The technical core of the present invention will be how to mount a viral security module with executable code in a source file that is a target of security so that a security officer can perform a desired function.

The present invention comprises a computer environment (administrator tool) equipped with a security tool and a computer environment (user environment) where the secured file is located when attempting to open a secured file.

1) In the administrator tool, there is an environment setting part for file security, a security tool for selecting a file and setting the security setting accordingly, and an execution part for mounting a virus type execution module in a file according to the set contents. .

First of all, the preferences section allows you to set up a basic environment for securing your computer. It allows the security officer to call a menu when selecting a file, folder, or drive to easily secure specific file (s). The security tool has a function of setting a condition to be secured according to the contents displayed in the called menu. The process of this process is to specify a specific folder or drive in advance, and to ensure that all the files in it are automatically secured, if the number of files in it increases or decreases or the size of the file changes or the end of the file It includes the concept of a batch process that automatically detects when information, such as the date modified, changes and automatically sets security. The conditions for setting the security of the file (s) are classified as follows.

l Password required to unlock security

The unique number of the computer that can use secure files (CPU unique serial number, LAN card Mac address, Hard Disk Serial Number, etc.)

IP addresses (or ranges of addresses), subnet mask addresses (or ranges of addresses), DNS addresses (or ranges of addresses), gateway addresses (or ranges of addresses), etc. of computers that can use secured files.

The period during which secured files can be unsecured

l Number of times that a secure file can be unsecured

What to do if an unauthorized user tries to use a secured file

Ø Automatic deletion of secured files

Ø The administrator's mail or server operated by the administrator who secured the file over the Internet or other network such as login ID information, IP address, date and time of attempting to open the secured file, etc. Whether to send to the operating system

Ø Auto output of warning message notifying you of unauthorized security

Ø Whether to disable the clipboard function if the secured file is opened normally

Ø If a secured file opens normally, whether or not you want to disable the "Save As" feature found in common applications.

Ø Whether to prevent printing the contents of the opened file if the secured file is opened normally

Ø If the secured file is normally opened, whether to print the contents of the opened file or not to digitally mark the printed contents.

Ø Use of other desired functions

The execution part cleans up the security conditions mentioned above, inserts the information set in the source target file, and adds self-executing code that can compare and check the various security conditions set in advance when attempting to open the secured file. It means the part that plays the role of inserting. The execution part inserts the original source file, security configuration information, and executable code that should be executed when attempting to open the secured file into the header information of the original file, thereby inserting the entire contents into one file. It is structured to play a role. In this case, since the information inserted in the header information includes the executable code, it is placed in the first open part when the file is opened so that the embedded executable code can be executed as a separate process when the file is opened.

2) In the user environment part, when attempting to open a secured file, a part that executes the executable code latent in the file in the form of a virus, an extracting part that extracts the secured setting state according to the program of the executable code, It consists of a verification unit that verifies whether or not a condition for releasing the security file based on the extracted information, and a finishing unit that releases or deletes security according to the verification result.

The execution part tries to open the secured file according to the procedure registered in the operating system by the window message (WM) broadcasted to the system when attempting to open the secured file. At this time, the executable code previously inserted in the file is As the virus works, it executes itself and pauses the execution of the program registered in the system corresponding to the extension of the original file, and starts the operation to check whether it is authorized for security. The extractor extracts and temporarily stores security configuration information in the secured file according to the execution of the execution unit in a computer memory area (or other physical storage location). The verification unit is composed of parts that verify whether the usage condition is authorized or not by comparing the security setting information extracted from the extraction unit with the current computer use environment individually (AND or OR method). If the department is verified as an authorized environment, the function of temporarily disabling the secured file to make the file available to the user, and if unauthorized, delete the file itself according to the extracted security settings, or a warning message. It indicates whether to display or send the information of the user's computer to the security officer's mail. In addition, if the computer using the secured file is an authorized computer environment, the finishing unit opens the file so that the user can use the file normally and at the same time continuously monitors (monitors) whether the file is being used by the user separately. do. If the unsecured file is not in use, it automatically resecures the unsecured file again by the information extracted from the extractor. After that, the extracted and stored information is extracted by the extractor. After the reset (Reset) to finish the role of the finisher.

That is, the present invention is characterized in that it is not necessary to install a separate security release program when a security officer or a user tries to open the file (s) that are automatically secured according to a condition set on a computer in a general application. . This is because secure files contain executable code that can act like a virus on your computer.

In the case of securing the computer-generated files using the present invention, the following effects can be obtained.

1. When IP information is set as the basic condition of security setting, secured data can only be used by the company or internal organization, and the data leaked to the outside can never be opened and the file is not authorized for use. The file itself is deleted itself, ensuring complete data security.

2. Even when sending a file using various Internet tools such as e-mail, messenger, P2P, FTP, etc., the file secured according to the principles of the present invention can never be used externally.

3. Even if you leak the hard disk of the computer in the internal organization, or copy all the data to CD or DVD, Tape, Floppy Disk, USB storage device, ZIP drive, etc., all the files in the external environment are kept intact. do. It also keeps your files safe even if you leave the computer itself.

4. If a file secured by a business with a partner must be used externally, only the conditions of use (available period, number of available times, or available computers, etc.) can be set and used within the scope so that the data can be leaked. Flexibility to adjust the security settings in the city so as not to leave a gap of work. In this case (in case of leakage due to a specific reason), every time the file is opened, the information such as the date and time of access to the file, the IP address of the corresponding computer, etc. are transmitted to the mail set by the administrator or the server system operated by the administrator. By doing so, you can monitor the use of illegal or malicious files.

5. Maintain complete file security even on computers running offline.

6. In the case of the licensor, the file is automatically re-secured without any additional process even after using the file after the security is normally released, thus fundamentally preventing data leakage or security measures caused by poor management after security release. .

Claims (6)

Inserting various security setting condition information and self-executing program code in the electronic file itself into a part of the header information in the original file; or When approaching to use a secured file, the executable program code in the file itself is executed first to create an independent process or Extracting and storing the security setting information which extracts the setting information set in the file secured by the executed independent process and temporarily stores it in the memory area or the physical storage of the computer or The secured file can be unlocked by comparing the hardware or network environment of the computer that is currently trying to use the secured file, the password entered by the user, the period of possible security release, or the number of possible releases with the information extracted in the previous step. Verifying the presence of According to the verification result, in case of an unauthorized user, the file itself does not open, a security warning message is output, the file itself is automatically deleted (Delete or Purge) according to the security setting conditions, or various information of the unauthorized user is automatically extracted from the computer. Execution step of sending mail to the administrator (who originally created the secured file) or sending information extracted from unauthorized computer to the system in the server operated by the administrator or According to the verification result, even if the licensee is released, the file is released after security release by periodically monitoring whether the open file is still in use, and if the file is not in use, applying the extraction information conditions specified in Claim 3 as it is. Method for securing file (s) characterized by the steps of automatically securing