1. Technical Field
The present invention relates to an access control system that is configured to prevent data (files containing program source code or design drawings), which are integrally managed on a local area network or a shared personal computer, from being leaked by internally authorized persons, and to block access by external persons.
2. Description of the Related Art
Companies or public institutions operate the information security solution such as firewalls and Intruder detection system to block access by persons who do not meet certain requirements or to prevent the intrusion into data at the time of connecting with an external network so as to prevent the illegal leakage of information through unauthorized access from the outside and to protect important internal secret information and other internal information. However, the information security solution is only application preventing external intruders from accessing a Local Area Network (LAN) or a Personal Computer (PC), and are not capable of preventing the case of persons with internal authorization from leaking out the information.
Accordingly, in order to prevent the exposure of companies' or public institutions' important information to the public by internally authorized persons and the illegal leakage of the information, a security system that is conceptually different from such firewalls is demanded.
To meet the demand, conventionally, only a person who has the authority to use a PC is allowed to use the PC because of a booting process continuing only after password input using password authentication process has been performed by a Basic Input and/or Output System (BIOS) before an Operating System (OS) booting process, or, a Data Base (DB) determines whether a client PC gains access by determining whether the client PC, which is requesting access to the DB, has been authorized to access the DB while grouping and separately managing the security-sensitive data at the time of accessing a main server via a LAN.
In addition, only persons who have proper authority are allowed to access a DB in which security-sensitive data is stored or to use a PC using a separate biometric apparatus using biometrics, such as fingerprint or iris recognition.
However, the above-described prior art related to internal authorization remains defenseless with regard to data leakage because the authorized persons may use the DBs and PCs to leak out security-sensitive data themselves. Furthermore, as technology is becoming complicated, subdivided and specialized, access to and editing of shared data by a plurality of authorized persons who are working on a single technology is required, so that all internally authorized persons are allowed to access a DB in which shared data are stored without limiting access to the DB, or security-sensitive data and general data can be integrally managed in a single DB.
Accordingly, in addition to the demand for a technique that prevents data leakage by internally authorized persons, a control system and method that allows access to and editing of data that are integrally managed in a DB or a hard disk are facilitated without the addition of separate high priced equipment, such as a biometric recognition apparatus, or the use of a complicated checking process, such as password input and user authentication.
Meanwhile, in the case of encrypting existing security-sensitive documents or granting authority to use the files, for programs that create a plurality of extensions and temporary files based on file name extensions, such as a Computer Aided Design (CAD) program or a program compiler, the prior art is disadvantageous in that it is difficult to encrypt the corresponding files or grant authority to use the corresponding files.