WO2010030133A2 - Security file transmission system and transmission method using api in executable file format - Google Patents

Security file transmission system and transmission method using api in executable file format Download PDF

Info

Publication number
WO2010030133A2
WO2010030133A2 PCT/KR2009/005151 KR2009005151W WO2010030133A2 WO 2010030133 A2 WO2010030133 A2 WO 2010030133A2 KR 2009005151 W KR2009005151 W KR 2009005151W WO 2010030133 A2 WO2010030133 A2 WO 2010030133A2
Authority
WO
WIPO (PCT)
Prior art keywords
file
server
client
decryption module
security
Prior art date
Application number
PCT/KR2009/005151
Other languages
French (fr)
Korean (ko)
Other versions
WO2010030133A3 (en
Inventor
이정민
최동규
신민철
Original Assignee
소프트캠프(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 소프트캠프(주) filed Critical 소프트캠프(주)
Publication of WO2010030133A2 publication Critical patent/WO2010030133A2/en
Publication of WO2010030133A3 publication Critical patent/WO2010030133A3/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators

Definitions

  • the present invention allows a file transfer such as uploading and downloading of a security file between a server and a client efficiently, and the security of the security file is a security file transmission system and transmission method using an api of an executable file type that maintains stability. It is about.
  • ERP Enterprise resource planning
  • ERP systems are integrated based on relational databases.
  • ERP system building can include business process analysis, user retraining, and new work procedures.
  • the ERP system is expressed as various programming languages, and in particular, the R / 3 program, which is an ERP system provided by SAP (System analyses und Programmal), is customized and linked based on a specific programming language called Advanced Business Application Programming (ABAP).
  • SAP System analyses und Programmal
  • ABAP Advanced Business Application Programming
  • the ERP system running on the ABAP is not compatible with the files of the DLL and Java class types that are widely used at present.
  • encrypted files could not be executed at all on ERP systems.
  • an apparatus for decryption may be added to the ERP system operating based on the ABAP.
  • file encryption is based on DLL or Java class for general purpose, and ABAP is incompatible with DLL and Java class. Therefore, adding the device to ABAP-based ERP system is systematic. Very anxious and difficult
  • the device may be installed on a client based on a DLL or a Java class, and the file may be first decrypted by the client and then transmitted to the ERP system before the file is transmitted to the ERP system. It could be a vulnerability in file security because it forms a path that can be maliciously decrypted and leaked to the outside.
  • the transmission of the security file for the ERP system has a problem that the work hassle and inefficiency, and the possibility of unauthorized leakage of the security file exists.
  • the present invention has been made to solve the above problems, while improving the processing efficiency for uploading and downloading files while maintaining a stable file transfer between systems running based on a limited programming language, security of the target file
  • the technical problem is to provide a secure file transmission system and a transmission method using an API in the form of an executable file that can improve the performance.
  • a server having a decoding module in a file format executable by a system call of the OS;
  • the interface When requesting a file transfer to the server, the interface checks whether the target file is compatible with the server and calls and removes the decryption module when it is incompatible.
  • a client having a temporary memory for storing and deleting a copy;
  • a server having a decoding module in a file format executed by a system call of an OS;
  • a client having an interface for checking whether a target file is compatible with a server and calling and removing a decryption module when the file is transmitted to the server when the file transfer request is made to the server; in a transmission system comprising: a file transfer request from the client to the server An interface executing step;
  • the worker requests a file transfer to a server, and the interface includes a file transfer request step of recognizing a transfer request;
  • the interface checks the compatibility between the transfer request target file and the server, and if it is confirmed that the server is compatible with the transfer file confirmation step of transmitting the target file to the server;
  • the transfer process for uploading and downloading files is smooth, and the security of the file is secured while stably executing interworking between systems having different operating bases. It is effective to maintain as much as possible.
  • FIG. 1 is a block diagram showing a state of a transmission system according to the present invention.
  • FIG. 2 is a flowchart sequentially showing a first embodiment of a transmission method according to the present invention
  • FIG. 3 is a flowchart specifically showing a file decoding step shown in FIG.
  • FIG. 4 is a flowchart sequentially illustrating a second embodiment of a transmission method according to the present invention.
  • FIG. 1 is a block diagram illustrating a transmission system according to the present invention
  • FIG. 2 is a flowchart sequentially illustrating a first embodiment of a transmission method according to the present invention.
  • the transmission system and the transmission method according to the present invention are in the file transfer between the server (hereinafter referred to as "ERP server") and the client (20, 20 ', 20 "), the file transfer between the client and the client, the server and the client or client Even if the client and the client operate based on different programming languages, or the file to be transmitted is in a format that is incompatible with the programming language of the server or the client, the transmission of the file is maintained as well as security during file transfer.
  • the transmission system includes a decoding module 11 and an interface 21 for communicating with the decoding module 11. That is, the decryption module 11 and the interface 21 maintains the security and stability of the file transfer while performing an API function for the file transfer between the ERP server 10 and the client (20, 20 ', 20 ").
  • the ERP server 10 and a plurality of clients 20, 20 ', and 20 "communicate with each other, and the worker is a DB of the clients 20, 20', and 20". Upload (transfer) the specific file stored in (23) to the ERP server (10).
  • the ERP server 10 since the ERP server 10 operates based on the ABAP, a file of a DLL or a Java class type cannot be executed. Therefore, the dedicated file of the ERP server 10 executable in the ABAP can be sent directly from the client (20, 20 ', 20 ") to the ERP server 10, the encrypted file is to be sent to the ERP server 10
  • the file may be stored in a client 20, 20 ', 20 "; hereinafter' 20 'unless decrypted to a file in a format compatible with the ERP server 10. Transmission to the ERP server 10 is impossible.
  • the ERP server 10 or the client 20 based on a specific programming language includes a decryption module 11 and an interface 21 for smooth file transfer, and the decryption module 11 can process the target file.
  • the decryption module 11 is installed in the ERP server 10
  • the interface 21 and the temporary memory 22 is installed in the client 20.
  • the interface 21 is a device that mediates the communication between the ERP server 10 and the client 20.
  • the interface 21 confirms the format of a file to be transmitted, and accordingly executes the decryption module 11 installed in the ERP server 10. Control and manage whether Therefore, in order to implement the transmission method according to the present invention, the interface 21 must be executed before transmitting the file.
  • the worker manipulates the client 20 to transmit the specific file stored in the client 20 to the ERP server 10.
  • the client 20 may include a DB 23 for storing various types of files, and the files may be configured with information such as documents (text), music (MIDI), pictures (images), and the like. .
  • the interface 21 checks this and checks the format of the transfer target file located in CmdLine, which is a transmission preparation point in the system.
  • the interface 21 compares the format of the file requested for transmission based on the recorded file format, and if it is the same, regards the document as compatible with the ERP server 10, and if not, the file is the ERP server 10. Is considered incompatible with).
  • the file format recorded in the interface 21 is a file which is not compatible with the ERP server 10, so that the format of the file requested for transmission is different from the file format recorded in the ERP server 10. If there is a match, it may be considered to be an incompatible file.
  • an encryption operation may be performed to secure the contents of the file, and the encryption operation may be performed based on a format that is not compatible with the ERP server 10. Therefore, when the file format is * .txt, * .xis, * .xisx, the interface 21 may be set to recognize the transmission target file as an encrypted file.
  • the compatible file check step (S30) if the transmission target file is confirmed as a compatible file of the ERP server 10, and transmits the target file to the ERP server 10.
  • the transmission of the compatible file is a general transmission process between the ERP server 10 and the client 20, a detailed description of the transmission is omitted.
  • the interface 21 calls the decryption module 11 included in the ERP server 10 and transmits it. (Download) receive.
  • the decryption module 11 forms an executable file format such as '* .exe'.
  • the decryption module 11 is located in the ERP server 10 and is transmitted to the client 20 when the interface 21 is called.
  • any file format executable through the SYSTEM CALL function may be applied as a file format of the decryption module 11. Therefore, various executable file formats such as '* .com' may be applied in addition to the '* .exe'. Meanwhile, in the embodiment according to the present invention, the name of the decoding module 11 is referred to as 'DECTool.exe'.
  • the decoding module 11 having an extension of an executable file such as '* .exe' operates based on different programming languages if it can be executed in the form of OS CALL without being dependent on a specific programming language such as a DLL and a Java class.
  • the ERP server 10 and the client 20 can be executed to be compatible with each other, thereby enabling the interworking of the ERP server 10 and the client 20.
  • the decryption module 11 is disposed on the ERP server 10 instead of the client 20, it is possible to reduce the possibility of unauthorized decryption of the secure file without proceeding, and is configured in a policy to secure the file.
  • the prepayment process necessary for the decryption process can be performed simultaneously with the decryption process, thereby improving the efficiency and speed of the task. The prepayment process is described in detail below.
  • the decryption module 11 downloaded from the ERP server 10 is normally executed by the client 20, the encrypted transmission target file is decrypted.
  • the decryption is performed in the client 20
  • the decryption is performed in the following procedure to secure the decrypted file.
  • FIG. 3 is a flowchart specifically illustrating a file decoding step shown in FIG. 2, which will be described with reference to the flowchart.
  • the file to be transferred is copied from the DB 23 and stored in the temporary memory 22.
  • the temporary memory 22 may be designed to not directly access an external device other than the decryption module 11, and may allow the temporary memory 22 itself to be created and destroyed as necessary.
  • the decryption module 11 decrypts the encrypted copy file stored in the temporary memory 22. Since encryption and decryption may have various formats, the decryption module 11 according to the present invention may preferably include all of these formats.
  • the class of the decrypted file may be set during the decryption process. That is, it is possible to decode by limiting the use range of the decrypted file.
  • the decrypted file when uploaded to the ERP server 10, only the ERP server 10 can be read, or the view can be edited as well. This is to confirm whether the user may decrypt the file and upload it to the ERP server 10, thereby maintaining a high level of security for the file.
  • the decrypted file path is moved to the general upload function to the ERP server 10.
  • the target file having a format that is decrypted and compatible with the ERP server 10 is normally transmitted (uploaded) to the ERP server 10 to perform a stable operation.
  • the decrypted target file stored in the temporary memory 22 may be deleted without leaving a log, thereby completely eliminating the possibility of leaking the decrypted target file.
  • the temporary memory 22 may also be destroyed, and the decryption module 11 called from the ERP server 10 may also be removed.
  • an API source for removing the decryption module 11 is described below.
  • the call of the decryption module 11 and the execution of the temporary memory 22 proceed each time a request for transmission to the ERP server 10 is performed for each file, and whether or not permission for decryption performed by the client 20 can be checked and determined.
  • the decrypted file is completely destroyed with the removal of the temporary memory 22.
  • FIG. 4 is a flowchart sequentially illustrating a second embodiment of a transmission method according to the present invention.
  • the second embodiment of the transmission method according to the present invention further includes a step of confirming whether or not the permission of the worker attempting to transfer the file.
  • the worker who attempts to transfer the file to the ERP server 10 should have the authority to transfer the file, and in order to secure the contents contained in the file, a check should be made each time whether or not the authority to transfer the file is requested.
  • the interface 21 drives the authority check module 24 to check whether the operator who attempts the file transfer is an authorized person.
  • the authorization check process for the file transfer before the call to the decryption module 11 that requires communication between the ERP server 10 and the client 20 It would be desirable to proceed.

Abstract

The present invention relates to a security file transmission system transmission method that enables file transmission to be performed efficiently, such as uploading and downloading of a security file between a server and a client, wherein the security of an applicable security file is based on API in an executable format that maintains stability, and comprises a server furnished with a decoding module (11) in a file format that can execute as an OS system call, and a client furnished with an interface (21) that verifies compatibility between a target file and a server upon a request for file transmission to the server and calls and removes the decoding module (11) in case of incompatibility, and with a temporary memory (22) that copies a target file so that the decoding module (11) that is called for installation and execution copies the target file and saves and deletes the copy in order to proceed with the decoding job.

Description

실행파일 형태의 에이피아이를 이용한 보안파일 전송시스템과 전송방법Security file transmission system and method using API in the form of executable file
본 발명은 서버와 클라이언트 간에 보안파일의 업로드 및 다운로드와 같은 파일전송이 효율적으로 이루어지도록 하고, 해당 보안파일의 보안은 안정성을 유지하는 실행파일 형태의 에이피아이를 이용한 보안파일 전송시스템과 전송방법에 관한 것이다.The present invention allows a file transfer such as uploading and downloading of a security file between a server and a client efficiently, and the security of the security file is a security file transmission system and transmission method using an api of an executable file type that maintains stability. It is about.
ERP(enterprise resource planning)란, 제조업을 포함한 다양한 비즈니스 분야에서 생산, 구매, 재고, 주문, 공급자와의 거래, 고객서비스 제공 등, 주요 프로세스의 관리를 돕는 솔루션이다.Enterprise resource planning (ERP) is a solution that helps you manage key processes in manufacturing, procurement, inventory, ordering, trading with suppliers, and providing customer service in a variety of business areas, including manufacturing.
ERP시스템은 관계형 데이터베이스를 기반으로 통합된 형태이고, ERP시스템 구축은 비즈니스 프로세스 분석, 사용자 재훈련, 새로운 작업절차 등을 포함할 수 있다.ERP systems are integrated based on relational databases. ERP system building can include business process analysis, user retraining, and new work procedures.
ERP시스템은 다양한 프로그래밍 언어로서 표현되고, 특히 SAP(Systemanalyse und Programmentwicklung)에서 제공하는 ERP시스템인 R/3프로그램은 ABAP(Advanced Business Application Programming)라는 특정 프로그래밍 언어를 기반으로 커스터마이징 및 연동이 이루어진다.The ERP system is expressed as various programming languages, and in particular, the R / 3 program, which is an ERP system provided by SAP (Systemanalyse und Programmentwicklung), is customized and linked based on a specific programming language called Advanced Business Application Programming (ABAP).
그런데, ABAP을 기반으로 실행되는 ERP시스템은 현재 범용적으로 활용되는 DLL 및 자바클래스 형식의 파일과 호환되지 않는다. 특히, 파일 보안을 위해 암호화된 파일은 ERP시스템에서는 전혀 실행될 수 없었다.However, the ERP system running on the ABAP is not compatible with the files of the DLL and Java class types that are widely used at present. In particular, encrypted files could not be executed at all on ERP systems.
따라서, 암호화된 파일을 ERP시스템에 업로드하기 위해서는, 당해 파일이 ERP시스템에서 정상적으로 처리될 수 있도록 복호화하는 과정이 선행되어야 했다.Therefore, in order to upload the encrypted file to the ERP system, the process of decrypting the file so that it can be processed normally in the ERP system had to be preceded.
하지만, 보안의 대상이 되는 파일을 복호화하기 위해서는 보안성 유지를 위해 정책적으로 책임자의 결제가 필요하고, 업로드 과정에서는 당해 파일의 복호화 작업과 전송절차 작업이 각각 별도로 이루어지므로, 작업자는 ERP시스템과 호환하지 않는 파일을 전송하기 위해 번거로운 과정을 여러 번 걸쳐 진행해야 하는 불편이 있었다.However, in order to decrypt the file to be secured, it is necessary to pay the policy of the person in charge in order to maintain the security. In the uploading process, the decryption operation and the transmission procedure of the file are performed separately, so that the operator is compatible with the ERP system. It was inconvenient to go through several cumbersome processes to transfer files that are not.
이러한 불편을 해소하기 위해 ABAP을 기반으로 동작하는 ERP시스템에 복호화를 위한 장치가 추가될 수 있다. 그러나, 범용적인 활용을 위해 파일의 암호화는 DLL 또는 자바클래스를 기반으로 이루어지고, ABAP은 DLL 및 자바클래스 등과는 호환성이 없으므로, ABAP를 기반으로 하는 ERP시스템에 상기 장치를 추가하는 것은 시스템적으로 매우 불안하고 곤란하다.In order to solve this inconvenience, an apparatus for decryption may be added to the ERP system operating based on the ABAP. However, file encryption is based on DLL or Java class for general purpose, and ABAP is incompatible with DLL and Java class. Therefore, adding the device to ABAP-based ERP system is systematic. Very anxious and difficult
따라서, 상기 장치를 DLL 또는 자바클래스를 기반으로 한 클라이언트에 설치해서 전송할 파일을 ERP시스템으로 전송하기 전, 클라이언트에서 해당 파일을 우선적으로 복호화한 후에 ERP시스템으로 전송할 수도 있을 것이나, 이는 작업자가 암호화된 파일을 악의적으로 무단 복호화해서 외부로 유출할 수 있는 경로를 형성하는 것이므로, 파일 보안에 있어서 취약점이 될 수 있었다.Therefore, the device may be installed on a client based on a DLL or a Java class, and the file may be first decrypted by the client and then transmitted to the ERP system before the file is transmitted to the ERP system. It could be a vulnerability in file security because it forms a path that can be maliciously decrypted and leaked to the outside.
결국, ERP시스템을 대상으로 하는 보안파일의 전송은 작업의 번거로움과 비효율성이 있고, 보안파일의 무단 유출가능성이 존재하는 문제가 있었다.As a result, the transmission of the security file for the ERP system has a problem that the work hassle and inefficiency, and the possibility of unauthorized leakage of the security file exists.
이에 본 발명은 상기와 같은 문제를 해소하기 위해 안출된 것으로, 제한된 프로그래밍 언어를 기반으로 구동하는 시스템 간의 파일 전송을 안정적으로 유지하면서 파일의 업로드 및 다운로드에 대한 처리효율을 개선하고, 대상 파일의 보안성을 향상시킬 수 있는 실행파일 형태의 에이피아이를 이용한 보안파일 전송시스템과 전송방법의 제공을 기술적 과제로 한다.Therefore, the present invention has been made to solve the above problems, while improving the processing efficiency for uploading and downloading files while maintaining a stable file transfer between systems running based on a limited programming language, security of the target file The technical problem is to provide a secure file transmission system and a transmission method using an API in the form of an executable file that can improve the performance.
상기의 기술적 과제를 달성하기 위하여 본 발명은,The present invention to achieve the above technical problem,
OS의 시스템 콜(SYSTEM CALL)로 실행가능한 파일형식의 복호화모듈을 구비한 서버;A server having a decoding module in a file format executable by a system call of the OS;
서버로의 파일전송 요청시 대상 파일과 서버와의 호환 여부를 확인하고 비 호환시 복호화모듈을 호출 및 제거하는 인터페이스와, 호출되어 설치 및 실행되는 복호화모듈이 복호화작업을 진행하도록 대상 파일을 복사해 사본을 저장 및 삭제하는 임시메모리를 구비한 클라이언트;When requesting a file transfer to the server, the interface checks whether the target file is compatible with the server and calls and removes the decryption module when it is incompatible. A client having a temporary memory for storing and deleting a copy;
로 이루어진 실행파일 형태의 에이피아이를 이용한 보안파일의 전송시스템이다.It is a transmission system of a security file using API in the form of an executable file.
상기의 기술적 과제를 달성하기 위하여 본 발명은,The present invention to achieve the above technical problem,
OS의 시스템 콜(SYSTEM CALL)로 실행되는 파일형식의 복호화모듈을 구비한 서버; 서버로의 파일전송 요청시 대상 파일과 서버와의 호환 여부를 확인하고 비 호환시 복호화모듈을 호출 및 제거하는 인터페이스를 구비한 클라이언트;로 이루어진 전송시스템에서, 클라이언트에서 서버로의 파일 전송요청을 인지하는 인터페이스 실행단계;A server having a decoding module in a file format executed by a system call of an OS; A client having an interface for checking whether a target file is compatible with a server and calling and removing a decryption module when the file is transmitted to the server when the file transfer request is made to the server; in a transmission system comprising: a file transfer request from the client to the server An interface executing step;
작업자는 서버로의 파일 전송을 요청하고, 인터페이스는 전송요청을 인식하는 파일전송요청단계;The worker requests a file transfer to a server, and the interface includes a file transfer request step of recognizing a transfer request;
인터페이스는 전송요청된 대상 파일과 서버 간의 호환성 여부를 확인하고, 서버와 호환하는 것으로 확인되면 대상 파일을 서버로 전송하는 호환파일 확인단계;The interface checks the compatibility between the transfer request target file and the server, and if it is confirmed that the server is compatible with the transfer file confirmation step of transmitting the target file to the server;
호환파일 확인단계에서 비 호환하는 것으로 확인되면, 복호화모듈을 클라이언트로 호출하는 복호화모듈 호출단계;Decryption module call step of calling the decryption module to the client if it is determined that the incompatible file in the compatible file check step;
클라이언트로 호출된 복호화모듈이 대상 파일을 복호화하는 파일복호화단계; 및A file decryption step of decrypting a target file by a decryption module called by a client; And
복호화된 파일을 서버로 전송하는 전송단계;Transmitting the decrypted file to the server;
를 포함하는 실행파일 형태의 에이피아이를 이용한 보안파일 전송방법이다.It is a secure file transmission method using an api of the executable file type including a.
상기 본 발명은, 특정 프로그래밍 언어를 기반으로 구동하는 시스템의 종류에 관계없이 파일의 업로드 및 다운로드에 대한 전송처리가 원활하고, 운영기반이 상이한 시스템 간의 연동을 안정적으로 실행하면서 당해 파일에 대한 보안은 최대한 유지하는 효과가 있다.According to the present invention, regardless of the type of system to be driven based on a specific programming language, the transfer process for uploading and downloading files is smooth, and the security of the file is secured while stably executing interworking between systems having different operating bases. It is effective to maintain as much as possible.
도 1은 본 발명에 따른 전송시스템의 모습을 도시한 블록도이고,1 is a block diagram showing a state of a transmission system according to the present invention;
도 2는 본 발명에 따른 전송방법의 제1실시예를 순차 도시한 플로우차트이고,2 is a flowchart sequentially showing a first embodiment of a transmission method according to the present invention;
도 3은 도 2에서 보인 파일복호화단계를 구체적으로 도시한 플로우차트이고,3 is a flowchart specifically showing a file decoding step shown in FIG.
도 4는 본 발명에 따른 전송방법의 제2실시예를 순차 도시한 플로우차트이다.4 is a flowchart sequentially illustrating a second embodiment of a transmission method according to the present invention.
이하 본 발명을 첨부된 예시도면에 의거하여 상세히 설명한다.Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.
도 1은 본 발명에 따른 전송시스템의 모습을 도시한 블록도이고, 도 2는 본 발명에 따른 전송방법의 제1실시예를 순차 도시한 플로우차트인 바, 이를 참조해 설명한다.1 is a block diagram illustrating a transmission system according to the present invention, and FIG. 2 is a flowchart sequentially illustrating a first embodiment of a transmission method according to the present invention.
본 발명에 따른 전송시스템 및 전송방법은 서버(10; 이하 'ERP서버'라 함)와 클라이언트(20, 20', 20") 간의 파일 전송, 클라이언트와 클라이언트 간의 파일 전송에서, 서버와 클라이언트 또는 클라이언트와 클라이언트가 서로 다른 프로그래밍 언어를 기반으로 동작하거나, 전송되는 파일이 해당 서버 또는 클라이언트의 프로그래밍 언어와 호환하지 않는 형식이어도, 당해 파일의 안정적인 전송은 물론 파일 전송 중의 보안성을 유지하도록 된 것이다.The transmission system and the transmission method according to the present invention are in the file transfer between the server (hereinafter referred to as "ERP server") and the client (20, 20 ', 20 "), the file transfer between the client and the client, the server and the client or client Even if the client and the client operate based on different programming languages, or the file to be transmitted is in a format that is incompatible with the programming language of the server or the client, the transmission of the file is maintained as well as security during file transfer.
이를 위해 본 발명에 따른 전송시스템은 복호화모듈(11)과, 상기 복호화모듈(11)과 통신하는 인터페이스(21)를 포함한다. 즉, 복호화모듈(11)과 인터페이스(21)는 ERP서버(10)와 클라이언트(20, 20', 20") 간의 파일 전송을 위한 API 기능을 수행하면서 파일전송에 대한 보안성과 안정성을 유지한다.To this end, the transmission system according to the present invention includes a decoding module 11 and an interface 21 for communicating with the decoding module 11. That is, the decryption module 11 and the interface 21 maintains the security and stability of the file transfer while performing an API function for the file transfer between the ERP server 10 and the client (20, 20 ', 20 ").
도 1에 도시한 전송시스템의 실시예를 보면, ERP서버(10)와 다수의 클라이언트(20, 20', 20")가 상호 통신하고, 작업자는 클라이언트(20, 20', 20")의 DB(23)에 저장된 특정 파일을 ERP서버(10)로 업로드(전송) 한다.In the embodiment of the transmission system shown in FIG. 1, the ERP server 10 and a plurality of clients 20, 20 ', and 20 "communicate with each other, and the worker is a DB of the clients 20, 20', and 20". Upload (transfer) the specific file stored in (23) to the ERP server (10).
앞서 설명한 바와 같이, ERP서버(10)는 ABAP을 기반으로 동작하므로, DLL 또는 자바클래스 형식의 파일은 실행할 수 없다. 따라서, ABAP에서 실행가능한 ERP서버(10)의 전용파일은 클라이언트(20, 20', 20")에서 ERP서버(10)로 직접 전송될 수 있으나, 암호화된 파일은 ERP서버(10)로 전송될 수 없다. 특히, 보안을 위해 암호화 처리된 보안파일의 경우에는 ERP서버(10)와 호환하는 형식의 파일로 복호화하지 않는 이상 당해 파일은 클라이언트(20, 20', 20"; 이하 '20')로부터 ERP서버(10)로의 전송이 불가능하다.As described above, since the ERP server 10 operates based on the ABAP, a file of a DLL or a Java class type cannot be executed. Therefore, the dedicated file of the ERP server 10 executable in the ABAP can be sent directly from the client (20, 20 ', 20 ") to the ERP server 10, the encrypted file is to be sent to the ERP server 10 In particular, in the case of a secure file encrypted for security purposes, the file may be stored in a client 20, 20 ', 20 "; hereinafter' 20 'unless decrypted to a file in a format compatible with the ERP server 10. Transmission to the ERP server 10 is impossible.
따라서, 특정 프로그래밍 언어를 기반으로 하는 ERP서버(10) 또는 클라이언트(20)에서도 원활한 파일 전송을 위한 복호화모듈(11)과 인터페이스(21)가 포함되고, 복호화모듈(11)이 대상 파일을 처리할 수 있는 위치인 임시메모리(22)가 설치된다.Accordingly, the ERP server 10 or the client 20 based on a specific programming language includes a decryption module 11 and an interface 21 for smooth file transfer, and the decryption module 11 can process the target file. Temporary memory 22, which can be a position, is installed.
본 발명에 따른 실시예에서, 복호화모듈(11)은 ERP서버(10)에 설치되고, 인터페이스(21) 및 임시메모리(22)는 클라이언트(20)에 설치된다.In an embodiment according to the invention, the decryption module 11 is installed in the ERP server 10, the interface 21 and the temporary memory 22 is installed in the client 20.
본 발명에 따른 전송시스템을 보다 구체적으로 설명하기 위해 본 발명에 따른 전송방법을 함께 설명한다.In order to describe the transmission system according to the present invention in more detail, the transmission method according to the present invention will be described together.
S10; 인터페이스 실행단계S10; Interface execution step
인터페이스(21)는 ERP서버(10)와 클라이언트(20)의 통신을 매개하는 장치로, 전송 대상이 되는 파일의 형식을 확인하고, 이에 따라 ERP서버(10)에 설치된 복호화모듈(11)의 실행 여부를 제어 및 관리한다. 따라서, 본 발명에 따른 전송방법을 실시하기 위해 인터페이스(21)는 파일을 전송하기 전부터 실행되고 있어야 한다.The interface 21 is a device that mediates the communication between the ERP server 10 and the client 20. The interface 21 confirms the format of a file to be transmitted, and accordingly executes the decryption module 11 installed in the ERP server 10. Control and manage whether Therefore, in order to implement the transmission method according to the present invention, the interface 21 must be executed before transmitting the file.
S20; 파일전송 요청단계S20; File transfer request step
작업자는 클라이언트(20)에 저장된 특정 파일을 ERP서버(10)로 전송하기 위해 클라이언트(20)를 조작한다. 일반적으로, 클라이언트(20)는 다양한 형태의 파일을 저장하는 DB(23)를 포함할 수 있고, 해당 파일은 문서(텍스트), 음악(미디), 그림(이미지) 등의 정보로 구성될 수 있다.The worker manipulates the client 20 to transmit the specific file stored in the client 20 to the ERP server 10. In general, the client 20 may include a DB 23 for storing various types of files, and the files may be configured with information such as documents (text), music (MIDI), pictures (images), and the like. .
S30; 호환파일 확인단계S30; Compatibility File Check Step
작업자의 파일전송 요청이 클라이언트(20)에 입력되면 인터페이스(21)는 이를 확인하고, 시스템 내 전송준비 지점인 CmdLine에 위치한 전송 대상 파일의 형식을 확인한다.When a file transfer request of an operator is input to the client 20, the interface 21 checks this and checks the format of the transfer target file located in CmdLine, which is a transmission preparation point in the system.
ERP서버(10)에서 처리가능한 파일 형식은 이미 공지된 것이므로, 인터페이스(21)에 기록된 파일 형식 이외의 파일 형식은 모두 ERP서버(10)와 호환하지 않는 것으로 간주할 수 있다. 따라서, 인터페이스(21)는 기록된 파일 형식을 근거로 전송이 요청된 파일의 형식을 비교해서, 동일하다면 ERP서버(10)와 호환하는 문서로 간주하고, 동일하지 않다면 당해 파일은 ERP서버(10)와 호환하지 않는 파일로 간주한다. 물론, 전술한 방식과는 반대로 인터페이스(21)에 기록된 파일 형식은 ERP서버(10)와 호환하지 않는 파일로 해서, 전송이 요청된 파일의 형식이 ERP서버(10)에 기록된 파일 형식과 일치한다면 호환하지 않는 파일로 간주하도록 할 수도 있을 것이다.Since the file format that can be processed in the ERP server 10 is already known, any file format other than the file format recorded in the interface 21 can be regarded as incompatible with the ERP server 10. Therefore, the interface 21 compares the format of the file requested for transmission based on the recorded file format, and if it is the same, regards the document as compatible with the ERP server 10, and if not, the file is the ERP server 10. Is considered incompatible with). Of course, in contrast to the above-described method, the file format recorded in the interface 21 is a file which is not compatible with the ERP server 10, so that the format of the file requested for transmission is different from the file format recorded in the ERP server 10. If there is a match, it may be considered to be an incompatible file.
한편, 파일의 내용을 보안하기 위해 암호화작업을 진행할 수 있고, 암호화작업은 ERP서버(10)와 호환하지 않는 형식을 기반으로 이루어질 수 있다. 따라서, 파일형식이 *.txt, *.xis, *.xisx 일 경우엔 인터페이스(21)는 전송 대상 파일이 암호화 처리된 파일로 인식되도록 설정될 수 있을 것이다.Meanwhile, an encryption operation may be performed to secure the contents of the file, and the encryption operation may be performed based on a format that is not compatible with the ERP server 10. Therefore, when the file format is * .txt, * .xis, * .xisx, the interface 21 may be set to recognize the transmission target file as an encrypted file.
S35; 전송단계S35; Transmission step
상기 호환파일 확인단계(S30)에서, 전송 대상 파일이 ERP서버(10)의 호환파일로 확인되면, 대상 파일을 ERP서버(10)로 전송한다.In the compatible file check step (S30), if the transmission target file is confirmed as a compatible file of the ERP server 10, and transmits the target file to the ERP server 10.
호환 파일에 대한 전송은 ERP서버(10)와 클라이언트(20) 간의 일반적인 전송과정이므로, 전송에 대한 상세한 설명은 생략한다.Since the transmission of the compatible file is a general transmission process between the ERP server 10 and the client 20, a detailed description of the transmission is omitted.
S40; 복호화모듈 호출단계S40; Decryption module call step
상기 호환파일 확인단계(S30)에서, 전송 대상 파일이 ERP서버(10)와 호환하지 않는 파일로 확인되면, 인터페이스(21)는 ERP서버(10)에 포함된 복호화모듈(11)을 호출해 전송(다운로드) 받는다.In the step of confirming the compatible file (S30), if the transmission target file is identified as a file that is not compatible with the ERP server 10, the interface 21 calls the decryption module 11 included in the ERP server 10 and transmits it. (Download) receive.
복호화모듈(11)은 '*.exe'와 같은 실행파일 형식을 이루는 것으로, ERP서버(10)에 위치하다가 인터페이스(21)의 호출을 받으면 클라이언트(20)로 전송된다.The decryption module 11 forms an executable file format such as '* .exe'. The decryption module 11 is located in the ERP server 10 and is transmitted to the client 20 when the interface 21 is called.
일반적으로, 대부분의 프로그래밍 언어는 SYSTEM CALL 함수를 이용하는 OS를 기반으로 설계 및 설치되므로, SYSTEM CALL 함수를 통해 실행할 수 있는 모든 파일 형식을 복호화모듈(11)의 파일형식으로서 적용 가능하다. 따라서, 상기 '*.exe' 이외에도 '*.com' 등의 다양한 실행파일 형식이 적용될 수 있을 것이다. 한편, 본 발명에 따른 실시예에서 복호화모듈(11)의 명칭을 'DECTool.exe'로 하였다.In general, since most programming languages are designed and installed based on an OS using the SYSTEM CALL function, any file format executable through the SYSTEM CALL function may be applied as a file format of the decryption module 11. Therefore, various executable file formats such as '* .com' may be applied in addition to the '* .exe'. Meanwhile, in the embodiment according to the present invention, the name of the decoding module 11 is referred to as 'DECTool.exe'.
본 발명에 따른 전송시스템 및 전송방법에서는 '*.exe'를 확장자로 하는 파일을 대상으로 설명하나, 본 발명에 따른 권리는 복호화모듈(11)의 파일 형식이 '*.exe'에 한정하지 않고, 이하의 청구범위를 벗어나지 않는 한도 내에서 다양하게 변형될 수 있을 것이다.In the transmission system and the transmission method according to the present invention, a file having an extension of '* .exe' will be described. However, the right according to the present invention is not limited to the '* .exe' file format of the decryption module 11. However, various modifications may be made without departing from the scope of the following claims.
'*.exe'와 같은 실행파일의 확장자를 갖는 복호화모듈(11)은 DLL 및 자바클래스처럼 특정 프로그래밍 언어에 종속되지 않고 OS의 SYSTEM CALL 형태로 실행만 가능하면, 서로 다른 프로그래밍 언어를 기반으로 동작하는 ERP서버(10)와 클라이언트(20) 모두에 호환하여 실행될 수 있고, 이를 통해 ERP서버(10)와 클라이언트(20)의 연동을 가능케 한다.The decoding module 11 having an extension of an executable file such as '* .exe' operates based on different programming languages if it can be executed in the form of OS CALL without being dependent on a specific programming language such as a DLL and a Java class. The ERP server 10 and the client 20 can be executed to be compatible with each other, thereby enabling the interworking of the ERP server 10 and the client 20.
한편, 복호화모듈(11)이 클라이언트(20)가 아닌 ERP서버(10)에 배치되면서, 보안파일에 대한 허가되지 않은 복호화작업이 무단으로 진행될 가능성을 줄일 수 있고, 파일의 보안을 위해 정책적으로 구성된 복호화과정에 필요한 선결제과정을 복호화 작업과 동시에 진행할 수 있으므로 작업의 효율성과 신속성을 향상시킬 수 있다. 선결제과정과 관련한 사항은 아래에서 상세히 설명한다.On the other hand, as the decryption module 11 is disposed on the ERP server 10 instead of the client 20, it is possible to reduce the possibility of unauthorized decryption of the secure file without proceeding, and is configured in a policy to secure the file. The prepayment process necessary for the decryption process can be performed simultaneously with the decryption process, thereby improving the efficiency and speed of the task. The prepayment process is described in detail below.
표 1 [복호화모듈 다운로드를 위한 API 소스 실시예]
CALL FUNCTION 'DOWNLOAD_WEB_OBJECT' EXPORTING KEY = OBJDATA DESTINATION = C_PATH_FILE IMPORTING RC = RC. IF RC <> 0. RC_TEXT = 'SAP Web저장소에서 파일을 찾을 수 없음.'. EXIT. ENDIF. ENDIF. DATA: PARAMETER TYPE STRING. PARAMETER = LV_DESTINATION.
Table 1 [API source embodiment for decoding module download]
CALL FUNCTION 'DOWNLOAD_WEB_OBJECT' EXPORTING KEY = OBJDATA DESTINATION = C_PATH_FILE IMPORTING RC = RC. IF RC <> 0. RC_TEXT = 'File not found in SAP Web repository.'. EXIT. ENDIF. ENDIF. DATA: PARAMETER TYPE STRING. PARAMETER = LV_DESTINATION.
S50; 파일복호화단계S50; File decryption step
ERP서버(10)로부터 다운로드된 복호화모듈(11)이 클라이언트(20)에 정상적으로 실행되면, 암호화된 전송 대상 파일을 복호화한다.When the decryption module 11 downloaded from the ERP server 10 is normally executed by the client 20, the encrypted transmission target file is decrypted.
복호화는 클라이언트(20)에서 이루어지므로, 복호화된 파일을 보안하기 위해 다음과 같은 절차로 복호화가 진행된다.Since the decryption is performed in the client 20, the decryption is performed in the following procedure to secure the decrypted file.
도 3은 도 2에서 보인 파일복호화단계를 구체적으로 도시한 플로우차트인 바, 이를 참조해 설명한다.3 is a flowchart specifically illustrating a file decoding step shown in FIG. 2, which will be described with reference to the flowchart.
S52; 파일복사단계S52; File copy step
전송 대상인 해당 파일을 DB(23)에서 복사하고, 이를 임시메모리(22)에 저장한다. 임시메모리(22)는 복호화모듈(11) 이외에 외부 장치의 직접적인 접근이 불가하도록 설계되고, 임시메모리(22) 자체가 필요에 따라 생성 및 소멸하도록 할 수도 있을 것이다.The file to be transferred is copied from the DB 23 and stored in the temporary memory 22. The temporary memory 22 may be designed to not directly access an external device other than the decryption module 11, and may allow the temporary memory 22 itself to be created and destroyed as necessary.
S54; 복호화단계S54; Decryption step
복호화모듈(11)은 임시메모리(22)에 저장된 암호화된 복사본 파일을 복호화한다. 암복호화는 다양한 형식을 가질 수 있으므로, 본 발명에 따른 복호화모듈(11)은 이러한 형식을 모두 포함하는 것이 바람직할 것이다.The decryption module 11 decrypts the encrypted copy file stored in the temporary memory 22. Since encryption and decryption may have various formats, the decryption module 11 according to the present invention may preferably include all of these formats.
표 2 [임시메모리에 저장된 암호화된 복사본 파일을 복호화하는 API 소스 실시예]
CALL METHOD CL_GUI_FRONTEND_SERVICES=>EXECUTE EXPORTING* document = file APPLICATION = FILE PARAMETER = PARAMETER* DEFAULT_DIRECTORY =* MAXIMIZED =* MINIMIZED =* SYNCHRONOUS = EXCEPTIONS CNTL_ERROR = 1 ERROR_NO_GUI = 2 BAD_PARAMETER = 3 FILE_NOT_FOUND = 4 PATH_NOT_FOUND = 5 FILE_EXTENSION_UNKNOWN = 6 ERROR_EXECUTE_FAILED = 7 OTHERS = 8. RC = SY-SUBRC. EXFILE = LV_DESTINATION.
TABLE 2 [Api source embodiment for decrypting encrypted copy file stored in temporary memory]
CALL METHOD CL_GUI_FRONTEND_SERVICES => EXECUTE EXPORTING * document = file APPLICATION = FILE PARAMETER = PARAMETER * DEFAULT_DIRECTORY = * MAXIMIZED = * MINIMIZED = * SYNCHRONOUS = EXCEPTIONS CNTL_ERROR = 1 ERROR_NO_FILE_ERROR_ERROR_FO_ERROR 7 OTHERS = 8. RC = SY-SUBRC. EXFILE = LV_DESTINATION.
한편, 복호화과정에서 복호화된 파일의 등급을 설정할 수 있다. 즉, 복호화된 파일에 대한 이용범위를 제한해 복호화시킬 수 있는 것이다.Meanwhile, the class of the decrypted file may be set during the decryption process. That is, it is possible to decode by limiting the use range of the decrypted file.
예를 들면, 복호화된 파일이 ERP서버(10)로의 업로드시 ERP서버(10)에서 열람 만이 가능하도록 하거나, 열람은 물론 편집도 가능하도록 할 수 있다. 이는 해당 사용자가 이 파일을 복호화하여 ERP서버(10)에 업로드를 해도 되는 것인지에 대한 확인을 위한 것으로, 이를 통해 파일에 대한 고도한 보안성을 유지할 수 있다. For example, when the decrypted file is uploaded to the ERP server 10, only the ERP server 10 can be read, or the view can be edited as well. This is to confirm whether the user may decrypt the file and upload it to the ERP server 10, thereby maintaining a high level of security for the file.
이에 대한 결정은 작업자의 권한 정도에 따라 변경될 수 있는데, 이에 대한 설명은 아래에서 상세히 한다.The decision on this can be changed according to the degree of authority of the worker, which will be described in detail below.
S60; 전송단계S60; Transmission step
임시메모리(22)에서 당해 파일의 복호화가 완료되면, 복호화된 파일 경로를 ERP서버(10)로의 일반적인 업로드 function으로 이동시킨다. 결국, 복호화되어 ERP서버(10)와 호환하는 형식의 대상 파일은 정상적으로 ERP서버(10)에 전송(업로드) 되어 안정된 동작을 진행하게 된다.When the decryption of the file is completed in the temporary memory 22, the decrypted file path is moved to the general upload function to the ERP server 10. As a result, the target file having a format that is decrypted and compatible with the ERP server 10 is normally transmitted (uploaded) to the ERP server 10 to perform a stable operation.
S70; 복호화문서 삭제단계S70; Decryption document deletion step
한편, 임시메모리(22)에 저장된 복호화된 대상 파일은 삭제되어 로그(log)를 남기지 않고, 이를 통해 복호화된 대상 파일의 유출 가능성을 완전히 제거할 수 있다. 더불어, 상기 임시메모리(22)도 소멸할 수 있고, ERP서버(10)로부터 호출된 복호화모듈(11) 또한 제거될 수 있다. 참고로, 복호화모듈(11)의 제거를 위한 API 소스의 실시예를 아래에 기재한다.Meanwhile, the decrypted target file stored in the temporary memory 22 may be deleted without leaving a log, thereby completely eliminating the possibility of leaking the decrypted target file. In addition, the temporary memory 22 may also be destroyed, and the decryption module 11 called from the ERP server 10 may also be removed. For reference, an embodiment of an API source for removing the decryption module 11 is described below.
복호화모듈(11)의 호출과 임시메모리(22)의 실행은 파일별로 ERP서버(10)로의 전송이 요청될 때마다 진행되면서, 클라이언트(20)에서 이루어지는 복호화에 대한 허용 여부가 일일이 확인돼 결정될 수 있고 복호화된 파일은 임시메모리(22)의 제거와 더불어 완전히 소멸한다.The call of the decryption module 11 and the execution of the temporary memory 22 proceed each time a request for transmission to the ERP server 10 is performed for each file, and whether or not permission for decryption performed by the client 20 can be checked and determined. The decrypted file is completely destroyed with the removal of the temporary memory 22.
표 3 [클라이언트로 호출된 복호화모듈을 삭제하는 API 소스 실시예]
WAIT UP TO 1 SECONDS.(실행한 파일을 지우기 위해서 1초 기다림)다운로드한 복호화 파일 삭제 CALL METHOD CL_GUI_FRONTEND_SERVICES=>FILE_DELETE EXPORTING FILENAME = FILE CHANGING RC = LV_RC EXCEPTIONS FILE_DELETE_FAILED = 1 CNTL_ERROR = 2 ERROR_NO_GUI = 3 FILE_NOT_FOUND = 4
TABLE 3 [API source embodiment for deleting the decryption module called by the client]
WAIT UP TO 1 SECONDS. (Wait 1 second to delete the executed file) Delete downloaded decrypted file
도 4는 본 발명에 따른 전송방법의 제2실시예를 순차 도시한 플로우차트인 바, 이를 참조해 설명한다.4 is a flowchart sequentially illustrating a second embodiment of a transmission method according to the present invention.
본 발명에 따른 전송방법의 제2실시예는 파일전송을 시도하는 작업자의 권한여부를 확인하는 단계를 더 포함한다.The second embodiment of the transmission method according to the present invention further includes a step of confirming whether or not the permission of the worker attempting to transfer the file.
S37; 권한 확인단계S37; Permission check step
ERP서버(10)로의 파일전송을 시도하는 작업자는 해당 파일에 대한 전송권한이 있어야 하고, 파일에 담긴 내용을 보안하기 위해 파일전송 요청시 전송권한 여부에 대한 확인이 매번 이루어져야 한다.The worker who attempts to transfer the file to the ERP server 10 should have the authority to transfer the file, and in order to secure the contents contained in the file, a check should be made each time whether or not the authority to transfer the file is requested.
따라서, 파일전송 요청이 있다면 인터페이스(21)는 권한확인모듈(24)을 구동해서 파일전송을 시도하는 작업자가 권한이 있는 자인지를 확인한다.Therefore, if there is a file transfer request, the interface 21 drives the authority check module 24 to check whether the operator who attempts the file transfer is an authorized person.
*권한 여부를 확인하기 위해서는 ID/PW 입력을 통한 로그인 단계를 거치도록 하거나, 인증서를 요구하도록 하거나, 지문인식과 같은 생체인식 방식을 통한 본인확인과정을 거치도록 할 수 있다.* To check the permission, you can go through the login step through ID / PW input, require a certificate, or go through a biometric method such as fingerprint identification.
한편, ERP서버(10)와 클라이언트(20) 간의 통신량을 최소화하기 위해서, 파일전송에 대한 권한확인과정은 ERP서버(10)와 클라이언트(20) 간의 통신을 요구하는 복호화모듈(11) 호출 이전에 진행되는 것이 바람직할 것이다.On the other hand, in order to minimize the amount of communication between the ERP server 10 and the client 20, the authorization check process for the file transfer before the call to the decryption module 11 that requires communication between the ERP server 10 and the client 20 It would be desirable to proceed.

Claims (7)

  1. OS의 시스템 콜(SYSTEM CALL)로 실행가능한 파일형식의 복호화모듈(11)을 구비한 서버;A server having a decoding module 11 in a file format executable by a system call of an OS;
    서버로의 파일전송 요청시 대상 파일과 서버와의 호환 여부를 확인하고 비 호환시 복호화모듈(11)을 호출 및 제거하는 인터페이스(21)와, 호출되어 설치 및 실행되는 복호화모듈(11)이 복호화작업을 진행하도록 대상 파일을 복사해 사본을 저장 및 삭제하는 임시메모리(22)를 구비한 클라이언트;When requesting a file transfer to the server, the interface 21 for checking whether the target file is compatible with the server and calling and removing the decryption module 11 when incompatible, and the decryption module 11 that is called and installed and executed are decrypted. A client having a temporary memory 22 for copying a target file to store and deleting a copy of the target file to perform a job;
    로 이루어진 것을 특징으로 하는 실행파일 형태의 에이피아이를 이용한 보안파일의 전송시스템.Security file transmission system using api in the form of an executable file, characterized in that consisting of.
  2. 제 1 항에 있어서,The method of claim 1,
    상기 인터페이스(21)가 파일전송에 대한 요청을 수신하면 파일전송을 요청한 해당 작업자의 권한 여부를 비밀번호 입력, 인증서 확인 또는 작업자의 생체정보 확인 중 선택된 하나의 방식을 통해 확인하는 권한확인모듈(24)을 더 포함하는 것을 특징으로 하는 실행파일 형태의 에이피아이를 이용한 보안파일 전송시스템.When the interface 21 receives the request for file transfer, the authority check module 24 confirms whether the authority of the worker requesting the file transfer is selected through a method selected from a password input, a certificate check, or a biometric information of the worker. Security file transmission system using the api of the executable file type, characterized in that it further comprises a.
  3. OS의 시스템 콜(SYSTEM CALL)로 실행되는 파일형식의 복호화모듈(11)을 구비한 서버(10); 서버(10)로의 파일전송 요청시 대상 파일과 서버와의 호환 여부를 확인하고 비 호환시 복호화모듈(11)을 호출 및 제거하는 인터페이스(21)를 구비한 클라이언트(20);로 이루어진 전송시스템에서, 클라이언트(20)에서 서버(10)로의 파일 전송요청을 인지하는 인터페이스(21) 실행단계;A server 10 having a decryption module 11 in a file format executed by a system call of an OS; Client 20 having an interface 21 for checking the compatibility of the target file and the server when the file transfer request to the server 10, the interface 21 for calling and removing the decryption module 11 when incompatible Executing an interface 21 that recognizes a file transfer request from the client 20 to the server 10;
    작업자는 서버(10)로의 파일 전송을 요청하고, 인터페이스(21)는 전송요청을 인식하는 파일전송요청단계;The worker requests a file transfer to the server 10, and the interface 21 includes a file transfer request step of recognizing a transfer request;
    인터페이스(21)는 전송요청된 대상 파일과 서버(10) 간의 호환성 여부를 확인하고, 서버(10)와 호환하는 것으로 확인되면 대상 파일을 서버(10)로 전송하는 호환파일 확인단계;The interface 21 checks the compatibility between the transfer request target file and the server 10, and if it is confirmed to be compatible with the server 10, transferring the target file to the server 10;
    호환파일 확인단계에서 비 호환하는 것으로 확인되면, 복호화모듈(11)을 클라이언트(20)로 호출하는 복호화모듈 호출단계;Decryption module call step of calling the decryption module 11 to the client 20, if it is confirmed that the incompatible file in the compatible file check step;
    클라이언트(20)로 호출된 복호화모듈(11)이 대상 파일을 복호화하는 파일복호화단계; 및A file decoding step of decrypting the target file by the decryption module 11 called by the client 20; And
    복호화된 파일을 서버(10)로 전송하는 전송단계;A transmission step of transmitting the decrypted file to the server 10;
    를 포함하는 것을 특징으로 하는 실행파일 형태의 에이피아이를 이용한 보안파일 전송방법.Security file transmission method using an api of the executable file type, characterized in that it comprises a.
  4. 제 3 항에 있어서,The method of claim 3, wherein
    상기 파일복호화단계는, 대상 파일을 복사해 임시메모리(22)에 저장하는 파일복사단계와, 임시메모리(22)에 저장된 파일을 복호화하는 복호화단계로 구성되고;The file decoding step includes a file copying step of copying a target file and storing it in the temporary memory 22 and a decoding step of decoding a file stored in the temporary memory 22;
    복호화된 파일이 상기 전송단계를 통해 서버(10)로 전송되면, 임시메모리(22)에 저장된 복호화된 파일이 삭제되는 복호화문서 삭제단계를 더 포함하는 것을 특징으로 하는 실행파일 형태의 에이피아이를 이용한 보안파일 전송방법.When the decrypted file is transmitted to the server 10 through the transmission step, the decrypted document stored in the temporary memory 22 is deleted, further comprising the step of deleting the decrypted document, characterized in that the use of the apia in the form of an executable file How to transfer secure files.
  5. 제 3 항에 있어서,The method of claim 3, wherein
    상기 전송단계에서 복호화된 파일이 서버(10)로 전송되면, 클라이언트(20)에 호출돼 설치된 복호화모듈(11)이 삭제되는 단계를 더 포함하는 것을 특징으로 하는 실행파일 형태의 에이피아이를 이용한 보안파일 전송방법.When the decrypted file is transmitted to the server 10 in the transmitting step, the decryption module 11 installed by being called by the client 20 is further removed. File transfer method.
  6. 제 3 항에 있어서,The method of claim 3, wherein
    상기 파일전송요청단계에서 파일전송 요청이 확인되면, 요청한 작업자의 권한 여부를 확인해서 파일전송 절차의 진행 여부를 결정하는 권한 확인단계를 더 포함하는 것을 특징으로 하는 실행파일 형태의 에이피아이를 이용한 보안파일 전송방법.When the file transfer request is confirmed in the file transfer request step, the security check using the API of the executable file type further comprises a step of checking the authority of the requested worker to determine whether to proceed with the file transfer procedure. File transfer method.
  7. 제 6 항에 있어서,The method of claim 6,
    상기 권한 확인단계는 복호화모듈 호출단계의 실행 이전에 실시되는 것을 특징으로 하는 실행파일 형태의 에이피아이를 이용한 보안파일 전송방법.The authorization check step is a security file transmission method using an api of the executable file type, characterized in that performed before the execution of the decryption module call step.
PCT/KR2009/005151 2008-09-10 2009-09-10 Security file transmission system and transmission method using api in executable file format WO2010030133A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2008-0089212 2008-09-10
KR1020080089212A KR101016615B1 (en) 2008-09-10 2008-09-10 Transmission system and transmission method of Security file by API of executable file type

Publications (2)

Publication Number Publication Date
WO2010030133A2 true WO2010030133A2 (en) 2010-03-18
WO2010030133A3 WO2010030133A3 (en) 2010-07-15

Family

ID=42005640

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2009/005151 WO2010030133A2 (en) 2008-09-10 2009-09-10 Security file transmission system and transmission method using api in executable file format

Country Status (2)

Country Link
KR (1) KR101016615B1 (en)
WO (1) WO2010030133A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116319075A (en) * 2023-05-15 2023-06-23 青岛良谦智能科技有限公司 Secret communication interaction system based on cloud computing

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102335199B1 (en) 2020-05-28 2021-12-07 조성래 System for managing file and method thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010044385A (en) * 2001-02-15 2001-06-05 한상천 Personal information transfer system and method using computer network, and computer-readable media recorded the method
US6308178B1 (en) * 1999-10-21 2001-10-23 Darc Corporation System for integrating data among heterogeneous systems
US20030225736A1 (en) * 2000-02-28 2003-12-04 Reuven Bakalash Enterprise-wide resource planning (ERP) system with integrated data aggregation engine
US20050257048A1 (en) * 2004-04-23 2005-11-17 Microsoft Corporation Fire locker and mechanisms for providing and using same
KR100549644B1 (en) * 2004-11-25 2006-02-06 소프트캠프(주) Control system for access classified application in virtual disk and controling method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6308178B1 (en) * 1999-10-21 2001-10-23 Darc Corporation System for integrating data among heterogeneous systems
US20030225736A1 (en) * 2000-02-28 2003-12-04 Reuven Bakalash Enterprise-wide resource planning (ERP) system with integrated data aggregation engine
KR20010044385A (en) * 2001-02-15 2001-06-05 한상천 Personal information transfer system and method using computer network, and computer-readable media recorded the method
US20050257048A1 (en) * 2004-04-23 2005-11-17 Microsoft Corporation Fire locker and mechanisms for providing and using same
KR100549644B1 (en) * 2004-11-25 2006-02-06 소프트캠프(주) Control system for access classified application in virtual disk and controling method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116319075A (en) * 2023-05-15 2023-06-23 青岛良谦智能科技有限公司 Secret communication interaction system based on cloud computing
CN116319075B (en) * 2023-05-15 2023-08-15 青岛良谦智能科技有限公司 Secret communication interaction system based on cloud computing

Also Published As

Publication number Publication date
KR101016615B1 (en) 2011-02-22
KR20100030319A (en) 2010-03-18
WO2010030133A3 (en) 2010-07-15

Similar Documents

Publication Publication Date Title
WO2018135766A1 (en) Device and method for managing data by using block chain
JP4616956B2 (en) System and method for operating computer files and / or programs
US7047407B2 (en) Network system enabling transmission control
CA2313851C (en) Securing feature activation in a telecommunication system
US7877616B2 (en) Data management system, data processing system, and computer-readable medium having on which data management program is recorded
US20100185852A1 (en) Encryption and decryption method for shared encrypted file
RU2408069C2 (en) Coordinated authority
WO2010087678A2 (en) System and method for clipboard security
WO2015160118A1 (en) Access control method and apparatus of application program for secure storage area
WO2011031093A2 (en) Apparatus and method for managing digital rights using virtualization technique
WO2018151480A1 (en) Authentication management method and system
WO2014003516A1 (en) Method and apparatus for providing data sharing
US9129098B2 (en) Methods of protecting software programs from unauthorized use
JP3573624B2 (en) Network installation system
CN1964272B (en) A method and device to safely exchange computer data
WO2010030133A2 (en) Security file transmission system and transmission method using api in executable file format
EP1854260B1 (en) Access rights control in a device management system
WO2020045826A1 (en) Electronic device for processing digital key, and operation method therefor
WO2018212456A1 (en) Data distribution-type integrated management system
WO2013125883A1 (en) Drm/cas service device and method using security context
WO2021225329A1 (en) Method and system for detecting forgery of mobile application by using user identifier and signature collection
CN2845327Y (en) Device for computer data switching exchange safely
JP2005038124A (en) File access control method and control system
JP4440584B2 (en) Service providing system, service providing method, service providing program, and recording medium
WO2022075519A1 (en) Method for content distribution service for management of access control, and computing apparatus and system for performing same

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09813255

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09813255

Country of ref document: EP

Kind code of ref document: A2