FAQ

What kind of solution is Document Security?

encrypting electronic documents generated within enterprises and organizationsEndpoint Document Security Orchestration Solution to Prevent Important Information from Being Leaked Externallyis.

We bridge the gap between the previously complex internal security and flexible cloud collaboration through integration with cloud environments like Microsoft 365.
A Strategy to Coexist Internal DRM and Cloud Securityresponds to changes.
To solve document security issues arising in cloud environmentsCoexistence and OrchestrationProvides an approach.

What features have been improved in Document Security version 6 compared to previous versions?

Improvements in Security Aspects
- KOSYASResponding to Institutional Requirements
  - Improvement of security vulnerabilities such as offline functionality and header key management
- Enhancing Encrypted Communication and Responding to Latest Protocols
- CC CertificationSecuring Trust through Acquisition
Support for the latest versions of Windows and Office
- DS6 is**Reference**It officially supports Windows 11, Office 2024, and Hangul 2024, and quickly responds to the rapid changes in the IT environment.
UX/UI Improvement
- Improvement of user experience with the introduction of a new UI exclusive to version DS6
- Provides an intuitive and user-friendly interface compared to previous versions.
- Improving accessibility and usability of document security features

What should be prepared before introducing Document Security 6?

The main preparations are as follows.

Understanding the Current Status of Existing DRM Solutions- Review integration options with the currently used document security solution.
Check Cloud Environment Configuration- Preparation for integration with cloud collaboration tools such as Microsoft 365 and Google Workspace
Establishing Security Policies- Document encryption policy, conversion policy when uploading to the cloud, etc.
Network and Firewall Configuration- Setting Up a Network Environment for Secure Communication

SOFTCAMP presents optimized document security orchestration solutions tailored to various scenarios such as the customer's DRM implementation status, cloud environment characteristics, and compliance requirements.

How is integration with cloud environments supported?

Document Security 6 offers the following cloud integration features.

Automatic conversion support when uploading cloud documents
- Internal DRM encryption document automatically converted for optimization in cloud environments.
- Microsoft 365 Support: Automatic Conversion of AIP Documents When Uploading to OneDrive, SharePoint, and Teams
Providing Equality in the Use of Collaboration Tools
- Providing equal access and usability for encrypted documents, regardless of the environment or collaboration tools used.
Cloud Plaintext Document Leakage Prevention
- Real-time detection and policy enforcement for plaintext documents downloaded or shared in cloud services

What is the document visibility feature?

Track the flow of the document since it was created.**Enhancing security management by making distribution channels traceable.**is a function.

Tracking the entire lifecycle from document creation to distribution and usage
Document Access History and Usage Pattern Analysis
Establishing a real-time notification and response system for security policy violations

How do the permissions used for releasing and creating MIP documents differ?

In Document Security 6, permissions are distinguished and used as follows:

MIP Document Release

**Application Permissions (Azure Application Permission)**usage
Processed in the same way as SHIELD DRM

MIP Document Creation

Current user permissions (user token) logged into DS6usage
It is performed with a user token issued by Microsoft, and label permission control is applied based on that user.

What is the reason for the change of ownership during the MIP → DRM → MIP conversion process?

The authority subjects by transformation flow are as follows:

MIP Release: App Permissions
Creating DRM: Current DS6 Login User Permissions
MIP Regeneration: Current DS6 Login User Permissions

Reason for Ownership Change:

The subject is fixed as 'logged-in user' when regenerating the final MIP.
MIP creation is performed with the logged-in user token, and it is not possible to set another user as the owner with only app permissions/user tokens.
Therefore, it can behave as if the "owner/applicable subject" of the original document has changed.

What is the reason for the difference in perceived authority when converting MIP documents?

Due to the current operation of DS6, the following changes in perceived permissions may occur:

MIP Release: Perform with app permissions
Creating MIP: Perform with logged-in user permissions

As a result, during the conversion from MIP → DRM → MIP, the owner/applicant of the final MIP may be attributed to the 'logged-in user', which can change the perception of authority.

Is there another way to solve the owner change issue when creating MIP documents?

Yes, you can resolve the owner change issue when creating MIP documents through policy settings.

How to Set Up DS_MIP_INIT Policy:

"creatorAppAuth" : "use"

Setting Effect:

"creatorAppAuth" : "use"When set, integrated login usersApp PermissionsCreates an MIP document.
This is not the token of the logged-in user.App TokenHow to set up a custom policy to create MIP documents.
This can solve the ownership change issue.

Application Result:

When creating MIP documents, the issue of ownership change is resolved as app permissions are also utilized.
You can maintain a consistent authority subject during the MIP → DRM → MIP conversion process.

What is the reason that the SaveZoneInformation value in the registry changes again when the DSHLdr.exe process is executed, even though it was modified for the purpose of testing ADS value storage?

To test saving the ADS value, the SaveZoneInformation value in the registry was changed to 0 (Able), but when the DSHLdr.exe process of Document Security is executed, that value changes back to 1 (Disable).

Cause:

In the case of DRM encrypted documents downloaded from the internet, there may be instances where the document does not open properly during the opening process due to the SaveZoneInformation setting. This is because the OS blocks access based on security settings when the SaveZoneInformation setting is applied.

System Operation Method:

The settings for SaveZoneInformation are reset when SDSMan.exe is executed and the login is completed.
Specific Operation Method:
- Delete conditions for SaveZoneInformation value:
  - **DS_SHIELDEX_CDR_SERVER_IP**If a custom policy exists
  - **DS_SHIELDEX_CDR_SERVER_IPif the policy does not exist,DS_NOT_USE_SENDLOG_ZONE_IDF**If a custom policy is not set or is set to 0
  - If the above conditions are met, delete the SaveZoneInformation value that exists in the Current User.
- If the above conditions are not met:
  - Forces the SaveZoneInformation value in Current User to 1.

Solution:

To maintain the SaveZoneInformation value at 0 for the ADS value storage test, one of the following settings must be applied.

**DS_NOT_USE_SENDLOG_ZONE_IDF**Set custom policy to 1
**DS_SHIELDEX_CDR_SERVER_IP**Properly configure the policy

What kind of solution is Document Security?​

What features have been improved in Document Security version 6 compared to previous versions?​

What should be prepared before introducing Document Security 6?​

How is integration with cloud environments supported?​

What is the document visibility feature?​

How do the permissions used for releasing and creating MIP documents differ?​

What is the reason for the change of ownership during the MIP → DRM → MIP conversion process?​

What is the reason for the difference in perceived authority when converting MIP documents?​

Is there another way to solve the owner change issue when creating MIP documents?​

What is the reason that the SaveZoneInformation value in the registry changes again when the DSHLdr.exe process is executed, even though it was modified for the purpose of testing ADS value storage?​