Glossary
This glossary is organized to help easily understand key terms that are frequently encountered when using Document Security products.
Quick Navigation
Quickly look up key terms.
| Category | Key Terms |
|---|---|
| Basic Concepts | Document Security, Endpoint, Orchestration |
| Document Security | Security documents, DRM, MIP, encryption, decryption |
| Grade/Label | C/S/O grade, label, security label |
| Permissions/Policies | Permission, ZTCAP, category-based permission, rank-based permission |
| Authentication | SSO, SHIELD ID, unified login, MFA |
| Document Conversion | DRM↔MIP conversion, bidirectional automatic conversion, batch conversion |
| cloud | Microsoft 365, OneDrive, SharePoint |
| Document Control | Access Control, Copy/Paste Control, Screen Capture Control |
| Document Management | Batch Encryption, Secure Document Destruction, Secure Files for External Transmission |
| Logs and Monitoring | Integrated logs, document logs, document visibility |
| Other Terms | Offline login, token, app permissions, user token |
Basic Concepts
Document Security
Encrypting electronic documents generated within companies and organizations to prevent important information from being leaked externally.Endpoint Document Security Orchestration Solutionis.
Main Features:
- Document Encryption and Access Control
- Integration with cloud environments such as Microsoft 365, Azure AD
- Automatic Document Conversion and Security Policy Application
Endpoint
The term refers to end-user devices such as personal computers or laptops where users actually create, edit, and view documents. Document Security encrypts documents and manages security on these endpoints.
**Protected Object:**PC, laptop, etc. user devices
**Protection method:**Document encryption, access control, process protection
Orchestration
It means to harmoniously integrate and manage various security solutions and systems in a unified manner. Document Security provides orchestration capabilities to use internal DRM and cloud security together.
Main Role:
- Support for the Coexistence of Internal DRM and Cloud Security
- Integrated management of document conversion, permission management, and policy application
Document Security
Core Security Technologies
Secure Document
Document Security refers to encrypted documents. Secure documents can only be viewed, edited, and printed by authorized users, preventing unauthorized copying or leakage.
DRM (Digital Rights Management, Digital Rights Management)
It is a technology that controls access and usage rights to documents. It refers to the internal document encryption method used in Document Security, allowing for fine-grained control of permissions such as reading, editing, and printing on a per-user or per-group basis.
MIP (Microsoft Information Protection)
A unified information protection platform provided by Microsoft, encompassing all of Microsoft's information protection technologies, including MIP. Document Security works in conjunction with MIP to provide document security in the Microsoft 365 environment.
Term Relationship
MIP ⊃ label
- MIP is Microsoft's comprehensive information protection platform.
- Label is a security classification mark assigned to documents in MIP.
Encryption Method
Document Security supports various encryption methods:
- Selective Encryption: This is a method where the user directly selects the type of security document (personal security document, access target/permission setting security document, regulatory security document, classification security document) to encrypt.
- Automatic (Forced) Encryption: This is a method that automatically encrypts documents under specific conditions according to the security policy set by the administrator. It is automatically applied when saving, saving as, and at the time of exit.
- Simple Encryption: This is the basic encryption method applied to files of applications that Document Security does not natively support. Basic encryption can be performed regardless of the file extension.
Encryption/Decryption
Encryption: This is the process of converting the contents of a document into an unreadable form using a specific algorithm. Document Security encrypts the document so that unauthorized users cannot view the contents.
Decryption: The process of reverting an encrypted document to its original readable form. Only authorized users can decrypt and access the document.
Document Grade and Label
C/S/O grade system
Document Security supports three security levels:
| Grade | Abbreviation | Security Level | Description |
|---|---|---|---|
| C grade | Classified | high | 기밀The highest security level by grade |
| S grade | Sensitive | middle | 민감Intermediate security level by grade |
| O grade | Open | low | 공개Low security level with a lower grade |
How to Assign Grades
Users can assign a rating to the document through the right-click menu. The rating can be assigned manually according to the ZTCAP policy.
Label-related terms
Security Level: A classification system that indicates the security level of a document. It is a concept used in Document Security.
Label: This is the security classification label assigned to the document. Microsoft MIP uses labels to indicate the sensitivity and protection level of the document, and Document Security manages the documents in conjunction with these labels.
Security Label: A label indicating the security level and protection level of the document. It visually displays the security status of the document, including classification (Label) and protection (Protect) information.
Permissions and Policies
Permission Types
Document Security can grant permissions in various ways:
Category-based permissions: This is a method of classifying documents into categories and granting permissions by category. Security policies can be set for the entire organization or for specific categories through the enterprise category and mandatory category.
Role-based permissions: This is a method of granting permissions based on the document's security level (C/S/O level). Security policies by level can be set through the enterprise level and mandatory level.
Group/User-Based Permissions: This is a method of granting permissions directly to specific groups or users. You can set individual permissions on a document basis or grant enforced permissions.
Types of Permissions
User access and usage permissions for security documents are categorized as follows:
- Reading: Document Viewing Permission
- Edit: Document Edit Permission
- output: Document Print Permission
- Decryption: Document Decryption Permission
- Export: External Document Transfer Permission
- Permission Change: Document Permission Modification Permission
Each permission can be finely controlled by user/group/category/level.
Policy
ZTCAP (Zero Trust Conditional Access Policy): Zero Trust-based conditional access policy. It is a system that automatically applies security policies based on various conditions such as the status of the document, user, location, and time. In Document Security, document conversion, encryption timing, etc. are managed by the ZTCAP policy.
Caution
ZTCAP policy is a core feature of Document Security 6, automatically applying security policies based on various conditions such as document status, user, location, and time. Careful configuration is required when setting up the policy.
Custom Policy: A custom policy set by the administrator to control the operation of Document Security. Policies such as DS_MIP_INIT, DS_MIP_SHELL_MENU, etc. are available.
Execution Policy: It refers to the security policy to be applied during document conversion in ZTCAP. It determines how to convert the document (DRM/MIP), what grade/label to apply, etc.
Conditional Policy: This is a policy that applies only when specific conditions are met. In ZTCAP, different policies can be applied based on conditions such as the document's status, user, path, etc.
Authentication and Login
Authentication Method
SSO (Single Sign-On, Single Login): It is an authentication method that allows automatic access to multiple systems with a single login. Document Security supports SSO with Microsoft 365, Azure AD, etc., providing user convenience.
SHIELD ID: It is an integrated authentication service provided by the Security365 platform. It supports single sign-on for various systems such as Document Security, Azure Active Directory, and SCI servers.
Integrated Login: The feature that allows access to Security365, Azure Active Directory (MS365), and SCI servers with a single login through SHIELD ID.
Authentication Service
Azure AD / Entra ID: A cloud-based directory and authentication service provided by Microsoft. Document Security performs user authentication in conjunction with Azure AD/Entra ID.
Document Conversion
Conversion Type
DRM → MIP Conversion: The process of converting internal DRM encrypted documents to Microsoft MIP documents. This conversion is necessary for use in a cloud environment.
MIP → DRM Conversion: This is the process of converting Microsoft MIP documents into internal DRM encrypted documents. This conversion is necessary for use in an internal security environment.
Bidirectional Automatic Conversion: It refers to the automatic conversion between MIP documents and DRM encrypted documents. According to the ZTCAP policy, it is automatically converted to fit the document's usage environment (local/cloud).
Conversion Method
Document Security can convert documents in various ways:
- Right-click conversion: This is a feature to manually convert documents through the right-click menu. It supports mutual conversion between DRM documents, MIP documents, and regular documents.
- Batch conversion: This is a feature that allows you to convert multiple documents at once. You can perform batch conversion by folder, and you can save and view conversion logs.
- Automatic conversion: Automatic conversion according to the policy. It is automatically converted according to the ZTCAP policy at the time of upload/download.
Transformation Flow
General Document ↔ DRM Document ↔ MIP Document
↑ ↑ ↑
Manual Selection Automatic Conversion Cloud Integration
cloud
Cloud Service
OneDrive: A cloud file storage and sharing service provided by Microsoft. Document Security automatically converts documents uploaded to OneDrive into MIP documents.
SharePoint: A collaboration and document management platform provided by Microsoft. Document Security supports security controls for documents in the SharePoint path.
Automatic Conversion Feature
Automatic conversion during cloud upload: This is a feature that automatically converts documents to MIP documents according to security policies when uploading documents from a local path to cloud storage such as OneDrive/SharePoint.
Automatic conversion during cloud download: This is a feature that automatically converts documents to the appropriate format according to security policies when downloading from cloud storage such as OneDrive/SharePoint to a local path.
Cloud Integration Flow
Local DRM Document → [Upload] → OneDrive/SharePoint MIP Document
OneDrive/SharePoint MIP Document → [Download] → Local DRM Document
Document Control and Protection
Control Function
Document Permission Control: This is a feature that controls user access and usage rights for security documents. Permissions such as reading, editing, printing, and decryption can be finely configured.
Copy/Paste Control: This is a feature that prevents copying or pasting the contents of a secure document into a regular document. Depending on permissions, copying/pasting can be allowed or blocked.
Screen Capture Control: This is a feature that controls the content of the security document so that it cannot be screen captured. An alert or warning message will be displayed when a capture attempt is made.
Output Permission Control: This is a feature that controls the permission to print security documents. You can set printing permissions based on users, groups, categories, and classifications.
Block Virtual Printer Output: This is a feature that prevents unauthorized printing using a virtual printer when outputting files.
Protection Function
Usage period and frequency limit: This is a feature that limits the number of views/prints of a secure document and its validity period. If the limit is exceeded, the document will be automatically destroyed.
Print Marking: This is a feature that inserts tracking information such as user/group information, output time, ownership, etc. into the output document. It allows for tracking in case of document leakage.
Document Management
Encryption Management
Batch Encryption: This is a function that searches for general documents on the local PC and encrypts them in bulk. Encryption policies can be set by user/department.
Selective Encryption: This is a method where the user directly selects the type of security document to encrypt. You can choose from personal security documents, access target/permission setting security documents, regulatory security documents, and classification security documents.
Document Destruction
Destruction of Security Documents: This is a feature that completely deletes security documents, making them irrecoverable.
Automatic Destruction: This is a feature that automatically destroys security documents according to the set policy. It is executed automatically under conditions such as expiration of the validity period or exceeding the usage limit.
External Transmission
Creating Secure Files for External Transmission: This is a feature that creates a simple encrypted secure file (EXE) that can be executed without installing a client program. It is used for sending documents externally.
Logs and Monitoring
Log Types
Integrated Log: It is an integrated log system that records all activities of Document Security. It logs events such as document creation, viewing, editing, printing, and conversion.
Document Log: This is a log that records all activities related to security documents. It includes events such as document creation, release, permission changes, conversion, viewing, editing, output, and destruction.
User Log: This is a log that records the user's product usage activities. It includes events such as product installation, login, and logout.
Monitoring Function
Document Visibility: This is a feature that visualizes the entire lifecycle of a document from creation to distribution and usage. It graphically displays the document distribution path to enhance security management.
Other Terms
Authentication Related
Offline Login: This is a feature that allows you to log in to Document Security and use secure documents even when there is no internet connection. Offline permissions can be set by user/department.
Token: This is a temporary certificate containing user authentication information. Document Security performs user authentication through tokens, and re-authentication is required when the token expires.
Application Permission: This is the permission that the application uses to access Microsoft services. Document Security uses app permissions when releasing MIP documents.
User Token: An authentication token issued for a specific user to access Microsoft services. Document Security uses the user token when creating MIP documents.