APPARATUS AND METHOD FOR MANAGING SECURITY CONTENT USING VIRTUAL FOLDER

US 20150281284A1
Filed: 04/24/2013
Published: 10/01/2015
Est. Priority Date: 11/13/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus for managing security contents comprising:

a data control unit configured to receive an authority policy on contents from a security content server, and stores the received authority policy in a storage means;

a security processing unit configured to encode or decode the contents based on the authority policy provided from the data control unit; and

a security filesystem interface unit configured to create a virtual folder based on position information of a folder to be virtualized and path information of the virtual folder by driving a virtual folder creation module that is operated in a kernel mode and registers the created virtual folder in a filesystem, and provides, to the security processing unit, contents corresponding to an input and output event for contents which have been recorded or are to be recorded in the virtual folder hooked from the kernel mode and instructs the security processing unit to encode or decode the provided contents.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are an apparatus and method for managing security contents using a virtual folder. The apparatus for managing security contents includes a data control unit that receives an authority policy on contents from a security content server, and stores the received authority policy in a storage means, a security processing unit that encodes or decodes the contents based on the authority policy provided from the data control unit, and a security filesystem interface unit that creates a virtual folder based on position information of a folder to be virtualized and path information of the virtual folder by driving a virtual folder creation module that is operated in a kernel mode and registers the created virtual folder in a filesystem, and provides, to the security processing unit, contents corresponding to an input and output event for contents which have been recorded or are to be recorded in the virtual folder hooked from the kernel mode and instructs the security processing unit to encode or decode the provided contents. According to the present invention, it is possible to provide contents created in different environments to a user based on authority information without any separate content conversion operation.

Citations

20 Claims

1. An apparatus for managing security contents comprising:
- a data control unit configured to receive an authority policy on contents from a security content server, and stores the received authority policy in a storage means;
  
  a security processing unit configured to encode or decode the contents based on the authority policy provided from the data control unit; and
  
  a security filesystem interface unit configured to create a virtual folder based on position information of a folder to be virtualized and path information of the virtual folder by driving a virtual folder creation module that is operated in a kernel mode and registers the created virtual folder in a filesystem, and provides, to the security processing unit, contents corresponding to an input and output event for contents which have been recorded or are to be recorded in the virtual folder hooked from the kernel mode and instructs the security processing unit to encode or decode the provided contents.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus for managing security contents of claim 1, wherein the contents are contents to be received from or transmitted to a file sharing server that provides file sharing services.
  - 3. The apparatus for managing security contents of claim 1, wherein the security filesystem interface unit provides, when an event for recording of the contents recorded in the virtual folder is hooked from the kernel mode, contents corresponding to the hooked event to the security processing unit, and instructs the security processing unit to encode the provided contents,the security processing unit encodes the contents corresponding to the hooked event based on the authority policy acquired from the data control unit, and provides the encoded contents to the security filesystem interface unit, andthe security filesystem interface unit changes an extension of the contents corresponding to the hooked event to an extension indicating that the corresponding contents have been encoded, and then records the changed extension in the virtual folder.
  - 4. The apparatus for managing security contents of claim 1, wherein the security filesystem interface unit provides, when an event for reading of the contents recorded in the virtual folder is hooked from the kernel mode, contents corresponding to the hooked event to the security processing unit and instructs the security processing unit to decode the provided contents, andthe security processing unit decodes the contents corresponding to the hooked event based on the authority policy acquired from the data control unit, and provides the decoded contents to the security filesystem interface unit.
  - 5. The apparatus for managing security contents of claim 4, wherein the data control unit confirms authority of a user who requests reading of the contents corresponding to the hooked event based on the authority policy stored in the storage means, andthe security filesystem interface unit provides, when the authority of the user is authenticated from the data control unit, the contents corresponding to the hooked event to the security processing unit, and instructs the security processing unit to decode the provided contents.
  - 6. The apparatus for managing security contents of claim 1, wherein the security filesystem interface unit creates a usage history including at least one of browsing, copy, and correction for each of the contents recorded in the virtual folder, andthe data control unit transmits the usage history to the security content server by a user'"'"'s command or at a predetermined period.
  - 7. The apparatus for managing security contents of claim 6, wherein the security filesystem interface unit acquires, when providing of the usage history of the contents recorded in the virtual folder is requested from the user, the usage history from the security content server and outputs the acquired usage history to the user.
  - 8. The apparatus for managing security contents of claim 1, wherein the data control unit includesa central processing unit that receives the authority policy from the security content server, and transmits, to the security content server, a usage history including at least one of browsing, copy, and correction for each of the contents recorded in the virtual folder created by the security filesystem interface unit,an IPC communication unit that manages communication between processes executed by the data control unit, the security processing unit, and the security filesystem interface unit, anda policy management unit that stores and manages, in the storage means, the authority policy received from the security content server and policy information that has been set directly by a user with respect to each content or the virtual folder, reads the authority policy from the storage means in response to a request for providing of the authority policy from the security processing unit, and provides the read authority policy to the security processing unit.

9. An apparatus for managing security contents comprising:
- a storage means that stores an authority policy on contents received from a security content server and a security content management program for managing security contents; and
  
  a processor that performs security management on the contents by executing the security content management program,wherein the security content management program includesa data control module that stores the authority policy received from the security content server in the storage means,a security processing module that encodes or decodes the contents based on the authority policy provided from the data control module, anda security filesystem interface module that creates a virtual folder based on position information of a folder to be virtualized and path information of the virtual folder by driving a virtual folder creation module that is operated in a kernel mode and registers the created virtual folder in a filesystem, and provides, to the security processing module, contents corresponding to an input and output event for contents which have been recorded or are to be recorded in the virtual folder hooked from the kernel mode and instructs the security processing module to encode or decode the provided contents.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The apparatus for managing security contents of claim 9, wherein the contents are contents to be received from or transmitted to a file sharing server that provides file sharing services.
  - 11. The apparatus for managing security contents of claim 9, wherein the security filesystem interface module provides, when an event for recording of the contents recorded in the virtual folder is hooked from the kernel mode, contents corresponding to the hooked event to the security processing module, and instructs the security processing module to encode the provided contents,the security processing module encodes the contents corresponding to the hooked event based on the authority policy acquired from the data control module, and provides the encoded contents to the security filesystem interface module, andthe security filesystem interface module changes an extension of the contents corresponding to the hooked event to an extension indicating that the corresponding contents have been encoded, and then records the changed extension in the virtual folder.
  - 12. The apparatus for managing security contents of claim 9, wherein the security filesystem interface module provides, when an event for reading of the contents recorded in the virtual folder is hooked from the kernel mode, contents corresponding to the hooked event to the security processing module and instructs the security processing module to decode the provided contents, andthe security processing module decodes the contents corresponding to the hooked event based on the authority policy acquired from the data control module, and provides the decoded contents to the security filesystem interface module.
  - 13. The apparatus for managing security contents of claim 9, wherein the security filesystem interface module creates a usage history including at least one of browsing, copy, and correction for each of the contents recorded in the virtual folder, andthe data control module transmits the usage history to the security content server by a user'"'"'s command or at a predetermined period.
  - 14. The apparatus for managing security contents of claim 13, wherein the security filesystem interface module acquires, when providing of the usage history of the contents recorded in the virtual folder is requested from the user, the usage history from the security content server and outputs the acquired usage history to the user.

15. A method for managing security contents comprising:
- (a) receiving an authority policy on contents from a security content server, and storing the received authority policy in a storage means;
  
  (b) creating a virtual folder based on position information of a folder to be virtualized and path information of the virtual folder by driving a virtual folder creation module that is operated in a kernel mode, and registering the created virtual folder in a filesystem; and
  
  (c) hooking an input and output event for contents which have been recorded or are to be recorded in the virtual folder from the kernel mode, providing contents corresponding to the hooked input and output event to a security processing unit, and instructing the security processing unit to encode or decode the provided contents.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method for managing security contents of claim 15, whereinthe contents are contents to be received from or transmitted to a file sharing server that provides file sharing services.
  - 17. The method for managing security contents of claim 15, wherein the (c) hooking of the input and output event for contents includesencoding, when an event for recording of the contents recorded in the virtual folder is hooked from the kernel mode, contents corresponding to the hooked event based on the authority policy stored in the storage means, andchanging an extension of the contents corresponding to the hooked event to an extension indicating that the corresponding contents have been encoded, and then recording the changed extension in the virtual folder.
  - 18. The method for managing security contents of claim 15, wherein the (c) hooking of the input and output event for contents includes decoding, when an event for reading of the contents recorded in the virtual folder is hooked from the kernel mode, contents corresponding to the hooked event based on the authority policy stored in the storage means.
  - 19. The method for managing security contents of claim 15, further comprising:
    - (d) creating a usage history including at least one of browsing, copy, and correction for each of the contents recorded in the virtual folder; and
      
      (e) transmitting the usage history to the security content server by a user'"'"'s command or at a predetermined period.
  - 20. A computer-readable recording medium that records a program for executing, in a computer, the method for managing security contents described in claim 15.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fasoo, Inc.
Original Assignee
Fasoo Com Co Ltd
Inventors
Cho, Jung-Hyun

Granted Patent

US 9,648,042 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6281   at program execution time, ...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

APPARATUS AND METHOD FOR MANAGING SECURITY CONTENT USING VIRTUAL FOLDER

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR MANAGING SECURITY CONTENT USING VIRTUAL FOLDER

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links