Glossary
This glossary is organized to help easily understand key terms frequently encountered when using Document Security products.
Quick Navigation
Quickly look up key terms.
| Category | Key Terms |
|---|---|
| Basic Concepts | Document Security, Endpoint, Orchestration |
| Document Security | Security documents, DRM, MIP, encryption, decryption |
| Grade/Label | C/S/O grade, label, security label |
| Permissions/Policies | Permissions, ZTCAP, category-based permissions, rank-based permissions |
| Authentication | SSO, SHIELD ID, unified login, MFA |
| Document Conversion | DRM↔MIP conversion, bidirectional automatic conversion, batch conversion |
| Cloud | Microsoft 365, OneDrive, SharePoint |
| Document Control | Access Control, Copy/Paste Control, Screen Capture Control |
| Document Management | Batch Encryption, Secure Document Destruction, Secure Files for External Transmission |
| Logs and Monitoring | Integrated logs, document logs, document visibility |
| Other Terms | Offline login, token, app permissions, user token |
Basic Concepts
Document Security
Encrypting electronic documents generated within companies and organizations to prevent the leakage of important information to the outside.Endpoint Document Security Orchestration Solutionis.
Main Features:
- Document Encryption and Access Control
- Integration with cloud environments such as Microsoft 365 and Azure AD
- Automatic Document Conversion and Security Policy Application
Endpoint
The term refers to end-user devices such as personal computers or laptops where users actually create, edit, and view documents. Document Security encrypts documents and manages security on these endpoints.
**Protected Object:**User devices such as PCs and laptops
**Protection Method:**Document Encryption, Access Control, Process Protection
Orchestration
It means to harmoniously integrate various security solutions and systems for unified management. Document Security provides orchestration capabilities to use internal DRM and cloud security together.
Main Role:
- Support for the Coexistence of Internal DRM and Cloud Security
- Integrated management of document conversion, permission management, and policy application
Document Security
Core Security Technologies
Secure DocumentIt refers to encrypted documents through Document Security. Secure documents can only be viewed, edited, and printed by authorized users, preventing unauthorized copying or leakage.
**DRM (Digital Rights Management)**It is a technology that controls access and usage rights for documents. It refers to the internal document encryption method used in Document Security, allowing for detailed control of permissions such as reading, editing, and printing on a per-user or per-group basis.
**MIP (Microsoft Information Protection)**A unified information protection platform provided by Microsoft, encompassing all of Microsoft's information protection technologies, including MIP. Document Security works in conjunction with MIP to provide document security in the Microsoft 365 environment.
- MIP is Microsoft's comprehensive information protection platform.
- A label is a security classification mark assigned to a document in MIP.
Encryption Method
Document Security supports various encryption methods:
-
Selective Encryption: This is a method where the user directly selects the type of security document (personal security document, access target/permission setting security document, regulatory security document, classification security document, etc.) to encrypt.
-
Automatic (Forced) EncryptionThis is a method of automatically encrypting documents under certain conditions according to the security policy set by the administrator. It is automatically applied when saving, saving as, or exiting.
-
Simple Encryption: This is the basic encryption method applied to files of applications that Document Security does not natively support. Basic encryption can be performed regardless of the file extension.
Encryption/Decryption
Encryption: It is the process of converting the contents of a document into an unreadable form using a specific algorithm. Document Security encrypts the document so that unauthorized users cannot access the content.
Decryption: The process of returning an encrypted document to its original readable form. Only authorized users can decrypt and access the document.
Document Grades and Labels
C/S/O grade system
Document Security supports three security levels:
| Grade | Abbreviations | Security Level | Description |
|---|---|---|---|
| C grade | Classified | high | 기밀The highest security level by grade |
| S grade | Sensitive | middle | 민감Intermediate security level by grade |
| O Grade | Open | low | 공개Low security level by grade |
Users can assign ratings to documents through the right-click menu. Ratings can be assigned manually according to the ZTCAP policy.
Terms Related to Labels
Security Level: A classification system that indicates the security level of a document. It is a concept used in Document Security.
Label: This is the security classification label assigned to the document. Microsoft MIP uses labels to indicate the sensitivity and protection level of the document, and Document Security manages the documents in conjunction with these labels.
Security Label: A label that indicates the security level and protection status of the document. It visually represents the security status of the document, including classification (Label) and protection (Protect) information.
Permissions and Policies
Permission Types
Document Security can grant permissions in various ways:
Category-based permissions: This is a method of classifying documents into categories and granting permissions by category. Security policies can be established for the entire organization or for specific categories through the enterprise category and mandatory category.
Role-based permissionsThis is a method of granting permissions based on the security level of the document (C/S/O grade). Security policies can be established by grade through enterprise grade and mandatory grade.
Group/User-Based Permissions: This is a method of granting permissions directly to specific groups or users. You can set individual permissions on a document basis or grant mandatory permissions.
Types of Permissions
User access and usage permissions for security documents are categorized as follows:
- Reading: Document Viewing Permissions
- Edit: Document Edit Permissions
- output: Document Print Permission
- Decryption: Document Decryption Permission
- Export: External Document Transfer Permission
- Permission Change: Document Permission Modification Permission
Each permission can be finely controlled by user/group/category/level.
Policy
ZTCAP (Zero Trust Conditional Access Policy): This is a Zero Trust-based conditional access policy. It is a system that automatically applies security policies based on various conditions such as the document's status, user, location, and time. Document Security manages document conversion, encryption timing, etc., through the ZTCAP policy.
The ZTCAP policy is a core feature of Document Security 6, automatically applying security policies based on various conditions such as document status, user, location, and time. Careful configuration is required when setting up the policy.
Custom Policy: A custom policy set by the administrator to control the operation of Document Security. Policies such as DS_MIP_INIT, DS_MIP_SHELL_MENU, etc. are included.
Execution PolicyIt refers to the security policy to be applied during document conversion in ZTCAP. It determines how to convert the document (DRM/MIP), what grade/label to apply, etc.
Conditional Policy: This is a policy that applies only when specific conditions are met. In ZTCAP, different policies can be applied based on conditions such as the status of the document, the user, and the path.
Authentication and Login
Authentication Method
**SSO (Single Sign-On)**It is an authentication method that allows automatic access to multiple systems with a single login. Document Security supports SSO with Microsoft 365, Azure AD, etc., providing user convenience.
SHIELD ID: It is an integrated authentication service provided by the Security365 platform. It supports single sign-on for various systems such as Document Security, Azure Active Directory, and SCI servers.
Integrated LoginThis is a feature that allows access to Security365, Azure Active Directory (MS365), and SCI servers with a single login through SHIELD ID.
Authentication Service
Azure AD / Entra ID: A cloud-based directory and authentication service provided by Microsoft. Document Security performs user authentication in conjunction with Azure AD/Entra ID.
Document Conversion
Conversion Type
DRM → MIP Conversion: This is the process of converting internal DRM encrypted documents to Microsoft MIP documents. It is a necessary conversion for use in a cloud environment.
MIP → DRM Conversion: This is the process of converting Microsoft MIP documents into internal DRM encrypted documents. This conversion is necessary for use in an internal security environment.
Bidirectional Automatic Conversion: It refers to the automatic conversion between MIP documents and DRM encrypted documents. According to the ZTCAP policy, it is automatically converted to fit the document's usage environment (local/cloud).
Conversion Method
Document Security can convert documents in various ways:
-
Right-click conversion: This is a feature that allows you to manually convert documents through the right-click menu. It supports mutual conversion between DRM documents, MIP documents, and regular documents.
-
batch conversion: This is a feature that allows you to convert multiple documents at once. You can perform batch conversion by folder, and you can save and view conversion logs.
-
Automatic Conversion: This is an automatic conversion according to the policy. It is automatically converted according to the ZTCAP policy at the time of upload/download.
일반 문서 ↔ DRM 문서 ↔ MIP 문서
↑ ↑ ↑
수동 선택 자동 변환 클라우드 연동
Cloud
Cloud Service
OneDrive: A cloud file storage and sharing service provided by Microsoft. Document Security automatically converts documents uploaded to OneDrive into MIP documents.
SharePoint: A collaboration and document management platform provided by Microsoft. Document Security supports security controls for documents in the SharePoint path.
Automatic Conversion Feature
Automatic conversion during cloud upload: This is a feature that automatically converts documents from local paths to MIP documents according to security policies when uploading to cloud storage such as OneDrive/SharePoint.
Automatic conversion during cloud downloadThis is a feature that automatically converts documents to the appropriate format according to security policies when downloading from cloud storage such as OneDrive/SharePoint to a local path.
로컬 DRM 문서 → [업로드] → OneDrive/SharePoint MIP 문서
OneDrive/SharePoint MIP 문서 → [다운로드] → 로컬 DRM 문서
Document Control and Protection
Control Function
Document Permission Control: This is a feature that controls user access and usage permissions for security documents. Permissions such as reading, editing, printing, and decrypting can be finely configured.
Copy/Paste ControlThis is a feature that prevents copying or pasting the contents of a security document into a regular document. Depending on permissions, copying/pasting can be allowed or blocked.
Screen Capture Control: A feature that controls the content of security documents to prevent screen captures. An alert or warning message will be displayed when a capture attempt is made.
Output Permission ControlThis is a feature that controls the permission to print security documents. You can set printing permissions based on users, groups, categories, and classifications.
Block Virtual Printer Output: This is a feature that prevents unauthorized printing using a virtual printer when outputting files.
Protection Features
Usage period and frequency limits: This is a feature that limits the number of views/prints of a security document and its validity period. If the limit is exceeded, the document will be automatically destroyed.
Print MarkingThis is a feature that inserts tracking information such as user/group information, output time, and ownership into the output document. It allows for tracking in case of document leakage.
Document Management
Encryption Management
Batch EncryptionThis is a feature that searches for general documents on the local PC and encrypts them in bulk. Encryption policies can be set by user/department.
Selective EncryptionThis is a method where the user directly selects the type of security document to encrypt. You can choose from personal security documents, access target/permission setting security documents, regulatory security documents, and classification security documents.
Document Destruction
Destruction of Security Documents: This is a feature that completely deletes security documents, making them impossible to recover.
Automatic DestructionThis is a feature that automatically destroys security documents according to the set policy. It is automatically executed under conditions such as expiration of the validity period or exceeding the usage limit.
External Transfer
Creating Secure Files for External Transmission: This is a feature that creates a simple encrypted secure file (EXE) that can be executed without installing a client program. It is used when sending documents externally.
Logs and Monitoring
Log Types
Integrated LogIt is an integrated log system that records all activities of Document Security. It logs events such as document creation, viewing, editing, printing, and conversion.
Document LogThis is a log that records all activities related to security documents. It includes events such as document creation, release, permission changes, conversion, viewing, editing, printing, and destruction.
User Log: This is a log that records the user's product usage activities. It includes events such as product installation, login, and logout.
Monitoring Function
Document VisibilityThis is a feature that visualizes the entire lifecycle of a document from creation to distribution and usage by tracking the document flow. It graphically displays the document distribution path to enhance security management.
Other Terms
Authentication Related
Offline LoginThis is a feature that allows you to log in to Document Security and use secure documents even when there is no internet connection. Offline permissions can be set by user/department.
Token: This is a temporary certificate containing user authentication information. Document Security performs user authentication through tokens, and re-authentication is required when the token expires.
Application Permission: This is the permission used by the application to access Microsoft services. Document Security uses app permissions when releasing MIP documents.
User Token: An authentication token issued for a specific user to access Microsoft services. Document Security uses the user token when creating MIP documents.