KR101057743B1 - External user document distribution security system - Google Patents

Abstract

The present invention provides an external user document distribution security system including a document distribution server, a database, and a document receiving client. When an external user requests to receive a document, a printing framework control module included in the document distribution server is configured to include an operating system (OS). By controlling the printing framework, the documents stored in the database are converted and encrypted on a page-by-page basis and transmitted to the document receiving client in real time. The stream processing unit included in the document receiving client decrypts and displays the encrypted data transmitted in real time. The present invention relates to an external user document distribution security system.

Description

External user document distribution security system {A SYSTEM FOR DISTRIBUTING SECURED DOCUMENTS TO OUTSIDE USERS}

The present invention provides an external user document distribution security system including a document distribution server, a database, and a document receiving client. When an external user requests to receive a document, a printing framework control module included in the document distribution server is configured to include an operating system (OS). By controlling the printing framework, the documents stored in the database are converted and encrypted on a page-by-page basis and transmitted to the document receiving client in real time. The stream processing unit included in the document receiving client decrypts and displays the encrypted data transmitted in real time. The present invention relates to an external user document distribution security system.

In addition, the present invention is to further include a document rights policy module in the document distribution server, characterized in that for transmitting the document rights information for each user including the right to print or save the encrypted data transmitted in real time to the document receiving client An external user document distribution system.

The present invention also includes a watermark insertion module in the document distribution server, so that the watermark insertion module inserts the watermark in the process of format conversion and encryption on a page-by-page basis to an external user document distribution security system It is about.

In addition, the present invention relates to an external user document distribution security system, characterized in that to further include a screen capture prevention module in the document receiving client, to prevent the capture of the screen displayed by the stream processing unit.

In addition, the present invention relates to an external user document distribution security system, characterized in that when the external user uses the stream processing unit transmits the document usage information of the user to the document distribution server.

In general, companies or public institutions provide internal technical information or documents such as letters or drawings to external users such as external partners to process the project together.

However, if there are a lot of external partners who provide documents and share information, they cannot be distributed by mail or e-mail, and since most documents contain internal information that requires security, separate outsourcing inside companies or public institutions There is a need to build a system.

In other words, if you simply upload the documents you worked inside to the subcontracting system, the external users authenticate and access the system to download the necessary documents and share the information.

Currently, in the case of an outsource system that is generally used, when the external user downloads the document, the file format of the original document is converted into the PDF format and downloaded, thereby allowing the external user to check the document through the PDF viewer.

However, there are some problems when converting a file to PDF format. First, due to the nature of the file conversion step, the system load increases and the conversion and transfer time takes a lot, thereby increasing the external user waiting time.

Specifically, the process of converting a document's file format to PDF format starts printing the entire page of the document-calling the Postscript driver from the Spooler service-the driver PS for the entire page. Create a file-this involves a process called PDF conversion for the whole page again.

In other words, due to the property of converting PDF through several steps for the entire page of the document, the system load is increased, and the conversion and transfer time is very high.

Second, PDF conversion of entire pages of a document becomes very vulnerable to security. In other words, because it is not a page-by-page conversion, the entire PDF converted file must be transmitted to an external user. Therefore, even if the PDF document is encrypted, the security information can be leaked to a malicious third-party user. There will be only one.

Therefore, by constructing a system that can distribute documents to external users, it is possible to build a system that can easily share information with each other, but with fewer file conversion steps, thereby improving system load and user latency, In addition, there is an urgent need for an external user document distribution security system with enhanced security that can prevent third-party security information leakage.

The following briefly describes prior art approaches and problems with file conversion in the technical field similar to the present invention.

First, Republic of Korea Patent Publication No. 10-2009-0063201 is characterized in that the network printing using the server print spooling method after converting the original document file to PDF format.

This is advantageous in that the original document file can be easily printed without depending on an operating system or a program in the terminal. However, as described above, the process of converting to PDF is used as it is and the server spooling method is adopted. There are limitations in terms of system load and security.

Secondly, Republic of Korea Patent Publication No. 10-0756360 provides a file after converting the user authentication, and determines whether the spooling is completed until the end of the page of the original document file, and extracted again by page, but by dividing the text and image cache It is stored in and then sent to the user as it is.

This is not a file conversion to PDF, but the system load and user waiting time is limited due to the waiting time to spool to the end of the page of the original document.

In addition, since text and images are divided into pages, stored in a cache, and then delivered to the user, the document can be hacked through network packet capture, and there is a very weak limit in security, such as a user editing a document arbitrarily.

An object of the present invention is to build an external user document distribution security system that can easily share information by distributing documents to an external user, but the external file that the file conversion step is small and the system load and user latency can be improved accordingly A user document distribution system is provided.

It is also an object of the present invention to provide an external user document distribution system with improved security by converting a file but converting it in units of pages and simultaneously performing encryption and watermark insertion.

It is also an object of the present invention to perform real-time stream transmission simultaneously with conversion, encryption, and watermark insertion in units of pages, an external user displays stream data through a unique stream viewer, and user usage information is extracted to distribute documents. The present invention provides an external user document distribution system transmitted to a server.

The present invention provides an external user document distribution security system including a document distribution server, a database, and a document receiving client. When an external user requests document reception, a printing framework control module included in the document distribution server is an operating system (OS). By controlling the printing framework of the document, the documents stored in the database can be converted and encrypted on a page-by-page basis and transmitted to the document receiving client in real time, and the stream processing unit included in the document receiving client decrypts and displays the encrypted data transmitted in real time. By providing an external user document distribution security system, it is intended to solve the technical problem.

In the present invention, the external user document distribution security system can easily share information by distributing documents to external users, but by controlling the printing framework, there is a remarkable effect of reducing the file conversion step and thus improving system load and user waiting time. .

In addition, the present invention, the external user document distribution security system has a significant effect that the security function is improved by converting the file in the page unit and at the same time performing encryption and watermark insertion.

In addition, the present invention external user document distribution security system, converting, encrypting and inserting a watermark on a page basis to perform a real-time stream transmission, the external user displays the stream data through a unique stream viewer, the user's usage information By extracting and transmitting to the document distribution server, there is a remarkable effect that the user convenience and security functions are improved.

1 is a schematic conceptual diagram of an external user document distribution security system according to an embodiment of the present invention.
2 is a main configuration diagram of an external user document distribution security system according to an embodiment of the present invention.

The terms and words used in the present specification and claims should not be construed as limited to ordinary or dictionary terms and the inventor may properly define the concept of the term in order to best describe its invention It should be construed as meaning and concept consistent with the technical idea of the present invention.

Therefore, the embodiments described in the present specification and the configurations shown in the drawings are merely the most preferred embodiments of the present invention and are not intended to represent all of the technical ideas of the present invention. Therefore, various equivalents It should be understood that water and variations may be present.

First, the present applicant, as described in the Republic of Korea Patent Registration No. 10-0906628 (printer output monitoring system), the printing framework control module for controlling the printing framework of the operating system (OS) to detect the print execution for the output document Note that the implementation of monitoring the output information and the image file of the printed document.

In addition, the present applicant, as described in Korean Patent Registration No. 10-0919311 (Printer Toner Reduction System), the printing framework control module for controlling the printing framework of the operating system (OS) function together with the output monitoring as well as toner reduction Make sure you've implemented something that works.

Here, the printing framework control module has a function of controlling the printing framework of the operating system (OS), it turns out that the function should be defined according to the design conditions or the interlocking relationship with other constituent means included in each invention. Put it.

Before describing the present invention with reference to the drawings, it is not shown or specifically described for the matters that are not necessary to reveal the gist of the present invention, that is, those skilled in the art can obviously add. Make a note.

1 is a schematic conceptual diagram of an external user document distribution security system according to an embodiment of the present invention, and FIG. 2 is a main configuration diagram of an external user document distribution security system according to an embodiment of the present invention.

External user document distribution security system according to an embodiment of the present invention includes a document distribution server 100, a database 200 and a document receiving client (300).

The document distribution server 100 includes a printing framework control module, a user authentication module, a file processing unit 110, a watermark insertion module, a stream transmission module, and a log management module. The file processing unit 110 includes a page conversion module and a page. It includes an encryption module.

The document receiving client 300 includes a login service module, a document authority processing module, a stream processing unit 310, a screen capture prevention module, a usage information extraction module, and a usage information transmission module. The stream processing unit 310 includes a stream receiving module, It includes a stream decoding module and a stream viewer.

Depending on the design conditions, the document distribution server 100 may be designed to include a separate database, of course.

Preferably, the document distribution server 100 and the document receiving client 300 may be designed to operate in conjunction with a variety of systems, and depending on the conditions, the components included in the document distribution server 100 is a document receiving client ( It is noted that it may be configured to be included in the 300 or vice versa.

In addition, preferably, the document receiving client 300 is included in a mobile device such as a smartphone as well as an office PC can be designed to operate in conjunction with the document distribution server 100, of course.

First, the printing framework control module included in the document distribution server 100 controls the printing framework of the server operating system (OS) to convert and encrypt each page of the document file, and then immediately transmit the stream and extract output information. It is the basis for other modules that perform such functions.

Here, the printing framework refers to a kind of subsystem included in an operating system (OS). When a document is output to a printer, the printing framework and the printer driver are interlocked together.

In other words, when the user issues a print command through the application, the printing framework is activated. The spooler service is called while the spooler service provides the event standard service related to the start and end of the entire print job. When the printer driver of the printer is called, the driver generates output data in a printable format (eg, PS, PCL, etc.).

As described above, the file conversion such as converting to PDF does not control the printing framework of the operating system (OS) separately, but may be regarded as converting using the original function as it is.

The printing framework control module of the present invention controls the printing framework control module to perform the conversion and transmission for each page without going through the output waiting operation and the conversion operation for the entire page.

 For example, if the operating system (OS) is a Windows environment, when there is a request for transmission of a document file, the printing framework control module is first called by the graphics device interface (GDI) service of the printing framework. Afterwards, the GDI service does not call the spooler service, but the data is transferred to the GDI rendering engine so that rendering is performed on a page-by-page basis.

Depending on the design requirements, other printing framework control schemes are possible, typically because operating system (OS) providers allow hardware and software developers to replace or modify their printing framework components.

The user authentication module is basically a module that is responsible for authentication of an external user and is linked with a login service module included in the document receiving client 300.

That is, when an external user attempts to log in to the document distribution server 100, the user is authenticated using a user ID and password information stored in a database or storage means.

Depending on the design conditions, the information sent and received from the user authentication module and the login service module may also be configured to be encrypted and processed.

The document rights policy module specifies the types of documents that can be viewed by an external user, the authority to save, output, or edit the read documents, and transmits the document rights information to the document rights processing module of the document receiving client 300. send.

Preferably, the administrator executes the document rights policy module through the administrator interface and specifies the document rights information for each external user.

Also, preferably, the document authority information is automatically transmitted to the document receiving client 300 after the external user logs in.

According to the design conditions, the document authority information may include a decryption key for decrypting the cipher of the received document stream. The decryption key corresponds to an encryption key formed according to the authority when the administrator designates the authority. It may be formed or formed corresponding to the encryption key used separately in the page encryption module.

The file processing unit 110 converts and encrypts each page of a document by interworking with the printing framework control module when a document reception request is received from an external user, and includes a page conversion module and a page encryption module.

The page conversion module performs conversion for each page of the original document. For example, if the printing framework control module controls the rendering of each page using the GDI rendering engine without spooling the entire document, the page conversion module is for each page. It will form an image.

Preferably, the page conversion module converts each page of each file format such as a Hangul word processor file, a drawing image file, an MS word file, and the like into one image format.

For example, when an external user requests to receive a document, an application that matches the format of the document file operates internally in the system and uses a process in which a printing framework is interlocked, thereby enabling page-by-page conversion for all file types. .

The page encryption module works together to form images for each page in the page conversion module and performs encryption for each page.

According to the design conditions, when performing encryption, encryption is performed using an encryption key formed according to the authority specified in the document authorization information or by using a separate fixed encryption key.

The watermark inserting module inserts a watermark for each page while operating together when page conversion and encryption are performed in the file processor 110.

Preferably, the watermark insertion module is configured to operate according to the company's watermark policy. The watermark insertion module is designed to allow the administrator to designate watermarks of various types to be inserted using the manager interface.

That is, it is designed so that information such as a logo of an agency distributing a document and / or information of an external user can be inserted in the form of text and / or an image.

The stream transmission module transmits data which has been converted for each page, encrypted and inserted into a watermark in real time.

That is, the stream transmission is performed when the work for each page is completed, not when the entire page conversion of the document is completed.

The log management module performs a function of receiving information used by an external user to receive a document and storing the received information in the database 200 or a separate storage means.

Here, the usage information used by the external user is information transmitted from the usage information transmitting module of the document receiving client 300.

The database 200 stores documents uploaded for sharing with external users by companies or public institutions and / or member information and / or document rights information for each user.

Depending on the design conditions, the database 200 may be designed such that the original document is stored as it is, stored in a compressed form, or only a path of a document stored in another database is stored.

The login service module included in the document receiving client 300 interworks with the user authentication module of the server 100, and provides an interface for a user to input ID and password information.

The document rights processing module receives document rights information from the document rights policy module and stores the document rights information in a memory (not shown) included in the document receiving client 300.

The external user can view, save, print or edit the document according to the designated authority according to the stored document authority information.

The stream processing unit 310 is a configuration for processing stream data for each page, and includes a stream receiving module, a stream decoding module, and a stream viewer.

The stream receiving module performs a function of receiving stream data for each page and simultaneously transmits data to the stream decoding module.

The stream decryption module decrypts the encrypted data for each page. Since the stream decryption module decrypts only the stream, the stream decryption module is not stored in the file format on the computer of the external user.

Depending on the design conditions, the page encryption module may be designed to use an encryption key fixed separately or to use an encryption key formed according to the information specified in the document rights information. The stream encryption module receives a corresponding decryption key and receives a stream. Will be decoded.

The stream viewer displays the image for each page decoded by the stream decoding module on a monitor.

Preferably, the stream viewer is separately manufactured for the stream display of the present invention, and is constructed to have basic image viewer functions such as page navigation and zoom in / out according to design conditions.

According to the design conditions, if the document authority information includes the authority to output or save, the document is constructed to enable the output and storage function in the stream viewer.

The screen capture prevention module performs a function of preventing a document displayed in the stream viewer from being captured.

The screen capture prevention module is interlocked with the stream viewer. For example, when the stream viewer is running, the print screen provided by Windows is not operated and / or other capture applications other than the stream viewer are not executed. / Or to prevent other windows from appearing on the stream viewer screen.

The usage information extraction module is a module that extracts usage information when an external user receives and uses a document stream. The user ID, Windows login ID, document name, PC name, PC IP address, print time, printer name and viewer use Information including the time is extracted.

The usage information transmission module performs a function of transmitting the usage information extracted from the usage information extraction module to the log management module of the document distribution server 100.

Meanwhile, the above descriptions using only FIGS. 1 to 2 describe only the main matters of the present invention, and the present invention is limited to the configurations and functions of FIGS. It is obvious that it is not limited.

100: document distribution server 110: file processing unit
200: database 300: document receiving client
310: stream processing unit

Claims (6)

Document distribution server; Database; In an external user document distribution security system including a document receiving client,
When an external user requests to receive a document, the printing framework control module included in the document distribution server controls the printing framework of the operating system (OS), thereby converting and encrypting the document stored in the database on a page-by-page basis and simultaneously receiving the document receiving client. To be sent in real time,
(a) the watermark insertion module included in the document distribution server inserts a watermark in the process of format conversion and encryption in units of pages;
(b) an image for each page is formed during format conversion, encryption, and watermark embedding in units of pages;
Stream processing unit included in the document receiving client external user document distribution security system, characterized in that for decrypting and displaying the encrypted data transmitted in real time.
The method of claim 1,
The document distribution server further includes a document rights policy module,
The document rights policy module is an external user document distribution security system, characterized in that for transmitting the document rights information for each user, including the right to print or store the encrypted data transmitted in real time to the document receiving client. delete The method according to claim 1 or 2,
The document receiving client further includes a screen capture prevention module,
The external user document distribution security system, characterized in that for preventing the capture of the screen displayed on the stream processing unit. delete The method according to claim 1 or 2,
When the document receiving client displays a document in the stream processing unit, the user ID (ID), user IP address, computer name, whether to print, print time, whether to save, storage time, printer name, document name, Windows (Windosws) External user document distribution security system, characterized in that for extracting the use information including two or more of the login ID to the document distribution server.

Images