SYSTEM AND METHOD FOR CONTROLLING EXIT OF SAVED DATA FROM SECURITY ZONE

US 20100228937A1
Filed: 05/18/2010
Published: 09/09/2010
Est. Priority Date: 02/24/2004
Status: Active Grant

First Claim

Patent Images

1. A system for controlling exit of saved data from a security zone, comprising an access control device, the access control device comprising an access detection module for detecting access of an application to a security zone and access of an application to a general zone, a target checking module for comparing the application, detected by the access detection module, with a list and then controlling access of the application to the security zone and access of the application to the general zone, and a processing control module for controlling writing of data of the application to the general zone.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for controlling exit of saved data from a security zone, comprising an access control device, the access control device comprising an access detection module for detecting access of an application to a security zone and access of an application to a general zone, a target checking module for comparing the application, detected by the access detection module, with a list and then controlling access of the application to the security zone and access of the application to the general zone, and a processing control module for controlling writing of data of the application to the general zone.

Citations

14 Claims

1. A system for controlling exit of saved data from a security zone, comprising an access control device, the access control device comprising an access detection module for detecting access of an application to a security zone and access of an application to a general zone, a target checking module for comparing the application, detected by the access detection module, with a list and then controlling access of the application to the security zone and access of the application to the general zone, and a processing control module for controlling writing of data of the application to the general zone.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system as set forth in claim 1, wherein the target checking module checks a temporary identification code of the application, and temporary identification codes of applications have been registered in the list.
  - 3. The system as set forth in claim 2, wherein the processing control module additionally registers the temporary identification code of the application in the list if the temporary identification code of the application accessing data of the security zone has not been found in the list.
  - 4. The system as set forth in claim 1, wherein the target checking module identifies the application using a unique identification code used for an authorized application, and unique identification codes of authorized applications have been registered in the list.
  - 5. The system as set forth in any one of claims 1, wherein when the application requests writing of data of the security zone to the general zone, the processing control module stops the writing.
  - 6. The system as set forth in any one of claims 1, wherein when the processing control module detects a request for writing of data of the security zone to the general zone from the application, the data management module creates a dummy file linked to the data, saves the data in the security zone, and saves the dummy file in the general zone.
  - 7. The system as set forth in claim 1, further comprising:
    - a security drive for, in order to set the security zone, occupying a specific space of a hard disk in a file form and then constructing a security image file module, and performing processing so that the security image file module can be recognized as a separate disk volume by an Operating System (OS); and
      
      a security file system module for, under the control of the access control device, processing reading and writing security files saved in the security image file module and processing the access of the application.
  - 8. The system as set forth in claim 7, further comprising an encryption and decryption module for, when a command to write data to the security drive is received from the security file system module, encrypting the data on a sector basis and then recording it in the security image file module, and, when a command to read the data is received, decrypting the data from the security image file module and then transmitting it to the security file system module.

9. A method of controlling exit of saved data from a security zone, comprising:
- an access detecting step of an access detection module detecting access of an application to a general zone and access of an application to a security zone;
  
  a list checking step of a target checking module checking the application and a zone, access to which is being attempted by the application; and
  
  a data processing step of a processing control module detecting a request for writing of data of the security zone to the general zone from the application, and then stopping the writing of the data.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method as set forth in claim 9, wherein the list checking step comprises:
    - a step of a target checking module for searching a list in which temporary identification codes of applications have been registered for the application making an attempt to access; and
      
      a step of the processing control module registering a temporary identification code of the application which has not been registered in the list.
  - 11. The method as set forth in claim 9, wherein the list checking step is configured such that a target checking module searches a list in which unique identification codes of authorized applications have been registered for the application making an attempt to access, and stops access of the application not found in the list to the security zone.
  - 12. The method as set forth in claim 11, wherein:
    - the list checking step is configured such that the target checking module replaces a service table with a security service table; and
      
      the data processing step is configured such that the processing control module transforms a function which is received by the security service table first, and, if a work space of the authorized application is the security zone, restores and processes the transformed function, and, if the work space is the general zone, executes a security table which stops restoration of the transformed function.
  - 13. The method as set forth in claim 9, wherein the data processing step is configured such that in response to a request for writing of data of the security zone to the general zone from the application, the processing control module saves the data in the security zone, and a data management module creates a dummy file linked to the data and then saves it in the general zone.
  - 14. The method as set forth in claim 13, wherein the data management module creates a directory, corresponding to a directory of the general zone in which the dummy file is saved, in the security zone and saves the data linked to the dummy file therein.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SoftCamp Company Limited
Original Assignee
SoftCamp Company Limited
Inventors
Kim, Do-Gyun, Kang, Aiden, Baek, Jong-Deok, Bae, Steve, Seo, Yang-Jin, Lee, Hee-Gook

Granted Patent

US 8,402,269 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 12/1458   by checking the subject acc...

G06F 21/52   during program execution, e...

G06F 21/62   Protecting access to data v...

G06F 21/6281   at program execution time, ...

G06F 21/80   in storage media based on m...

G06F 2221/2105   Dual mode as a secondary as...

SYSTEM AND METHOD FOR CONTROLLING EXIT OF SAVED DATA FROM SECURITY ZONE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR CONTROLLING EXIT OF SAVED DATA FROM SECURITY ZONE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links