In planning business for creating profit or performing various types of research in the modern society, information and technologies related to corresponding business or research are shared between the experts or members of a corresponding field on condition that security is maintained, and corresponding information and technologies are temporarily disclosed to a third party according to need, so that the information and technologies can be developed into advanced information and technologies.
Although the disclosure of information and technologies (hereinafter referred to as information) on condition that security is maintained may be made through various mediates, the sharing of the information through computer communication is most common.
The sharing of information through computer communication can be achieved by transmitting data, in which the information is contained, to different computers through online communication. Since the prohibition of leakage for the corresponding information has been agreed between information sharers at the time of sharing information, conventional secure transmission system and secure transmission method are only configured such that hacking, which is performed during the transmission and reception of corresponding data, or reading, which is conducted by unauthorized persons, are impossible, under the assumption that there is no leakage of information from the information sharers.
However, there has been a case where an information sharer, who has agreed on security of the corresponding information, unintentionally or intentionally leaks the information to the outside through computer communication. In this case, the conventional secure transmission system and secure transmission method are problematic in that they do not provide against the danger of information leakage.
To aid understanding, conventional problems are described though examples of the conventional secure transmission system and secure transmission method below.
FIGS. 1a, 1b and 1c are conventional block diagrams illustrating a process of securely transmitting information through computer communication.
Referring to a conventional secure transmission process shown in FIG. 1a, information data stored in a file format is encrypted and transmitted to a destination computer. In this case, the information data is encrypted so as to be decrypted only through the input of a specific password in the encryption process, and the received information data can be decrypted in such a manner that the password is separately transmitted to an external user so that the external user receives and decrypts the encrypted information data.
That is, an internal user performs encryption such that corresponding information data is decrypted only through the input of a password, and transmits the encrypted information to an external user through computer communication using electronic (e)-mail or messenger. The password is separately transmitted online through on e-mail or messenger, or offline through telephone or correspondence. Accordingly, the external user can decrypt the corresponding information data.
However, the above-described process is problematic in that the security of the corresponding information may be defeated in the case where the encrypted information data and the password are leaked out by hacking, or the external user unintentionally or intentionally leaks out the decrypted information data through computer communication.
Referring to another conventional secure transmission process shown in FIG. 1b, although the process of the present example is similar to the above-described conventional secure transmission process, it differs from the above-described conventional secure transmission process in that corresponding information data is edited through an application program and is then automatically encrypted, so that nobody except for an external user can view the details thereof. However, this process cannot prevent the information data from being leaked out through computer communication by an external user, who knows the password required for the decryption of the encrypted information data.
Referring to another conventional secure transmission process shown in FIG. 1c, the process of the present example determines whether to perform decryption though user authentication, along with a password, as a means for decrypting encrypted information data.
That is, this process transmits a collection program, which is capable of fetching an external user's intrinsic information, to the external user, collects the intrinsic information, and then records the collected intrinsic information in encrypted information data, so that, even when the corresponding information data is decrypted, whether to perform decryption can be determined by examining the password and the coincidence of the intrinsic information. Furthermore, the corresponding information data is encrypted again when being edited and stored using an application program, so that nobody except for an external user can view the corresponding information.
Accordingly, although the external user intentionally leaks out the information data through computer communication, a third party who has received the information data cannot decrypt the encrypted information data using only a password for decryption due to mismatch of the intrinsic information contained in encrypted information data, so that a problem of security release committed by the external user can be overcome to some extent.
However, in the case where a new file format is made by storing the corresponding information data using a different name, the above-described process is defective in that the information data can be externally leaked out through computer communication. Furthermore, the present process may be effective for general office document files because a single file is independently processed. However, in the case where a single piece of complete information is achieved by linking a plurality of files with each other like Computer Aided Design (CAD) files or program development files, the present process is limited to the application thereof, and has limitation in that it cannot be applied to information data requiring the maintenance of actual security.