KR101739415B1 - Apparatus and method for controlling information access in internet - Google Patents

Apparatus and method for controlling information access in internet Download PDF

Info

Publication number
KR101739415B1
KR101739415B1 KR1020150150201A KR20150150201A KR101739415B1 KR 101739415 B1 KR101739415 B1 KR 101739415B1 KR 1020150150201 A KR1020150150201 A KR 1020150150201A KR 20150150201 A KR20150150201 A KR 20150150201A KR 101739415 B1 KR101739415 B1 KR 101739415B1
Authority
KR
South Korea
Prior art keywords
information
result
host
directory
server
Prior art date
Application number
KR1020150150201A
Other languages
Korean (ko)
Other versions
KR20170049169A (en
Inventor
양동권
최재형
김남욱
Original Assignee
주식회사 엘지유플러스
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 엘지유플러스 filed Critical 주식회사 엘지유플러스
Priority to KR1020150150201A priority Critical patent/KR101739415B1/en
Publication of KR20170049169A publication Critical patent/KR20170049169A/en
Application granted granted Critical
Publication of KR101739415B1 publication Critical patent/KR101739415B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • H04L61/1523
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The method includes extracting URL information from a packet requested by a user, dividing URL information into host information and page information, generating a first result by searching whether the host information exists in the first block list, The method of claim 1, further comprising: generating a second result by retrieving whether the information is present in a second block list associated with the first block list; and determining whether the site is a harmful site based on the first result and the second result ≪ / RTI >

Description

[0001] Apparatus and method for controlling information access via the Internet [0002]

More particularly, the present invention relates to an apparatus and method for controlling access to information via the Internet. More specifically, the present invention relates to an apparatus and method for controlling access to information via the Internet, And a harmful site access blocking service method for blocking a malicious site access blocking service system.

The Internet environment is indispensable to modern society which is widely used throughout the society, but it is causing many troubles about the dysfunction. Therefore, the development of information protection technology to cope with the inverse function of the Internet environment is continuously increasing.

Businesses and public institutions are not only burdened with the construction and maintenance of the Internet environment required for their work, but they also incur high costs for bandwidth and network equipment upgrades to accommodate increasing Internet traffic. Therefore, enterprises or public institutions use unnecessary Internet access control by using Internet access control system or harmful site access blocking system to suppress the increase of internet traffic to some extent and increase the efficiency of internet use.

The harmful site blocking service is implemented using a harmful site blocking server that blocks harmful sites in the network. The harmful site blocking server checks the packet transmitted between the Internet and the Internet terminal and blocks the harmful site by blocking the packet if it corresponds to the harmful site.

As the Internet contains more information, there are more and more servers on the Internet that have information that users do not want. However, in order to block such harmful sites, when searching for malicious sites using file-based databases, it may be difficult to search and provide results on the network in real time.

KR 10-2010-0050205 A

The present invention provides an Internet information access control program capable of increasing a search speed by separating a host area and a page area from a URL requested by a user and searching for a harmful site database in two steps of a host search and a page search A recorded computer-readable storage medium and the apparatus therefor.

In addition, the present invention provides a network connection device capable of separating a host area and a page area from a URL requested by a user, searching for a harmful site database in two steps of a host search and a page search, and a management server for a malicious site blocking service .

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, unless further departing from the spirit and scope of the invention as defined by the appended claims. It will be possible.

The present invention can provide a computer-readable storage medium having the Internet information access control program recorded thereon and its apparatus, a network connection apparatus, and a management server.

The method comprising: extracting URL information from a packet requested by a user, the method comprising the steps of: extracting URL information from a packet requested by a user; Dividing the URL information into host information and page information; Retrieving whether the host information is present in a first block list to generate a first result; Retrieving whether the page information is present in a second block list associated with the first block list to generate a second result; And determining whether the site is a harmful site based on the first result and the second result.

The generating of the first result may further include: converting the host information; Searching whether the converted host information matches the information included in the first block list; Recognizing whether or not a lower path exists in the matched first blocking list; And outputting, as the first result, whether or not the first block list matches and whether the lower path exists.

Also, the step of converting the host information may use a message-digest algorithm (MD) message reduction algorithm (MD2, MD4, MD5, MD6).

Also, the step of converting the host information may use a Secure Hash Algorithm (SHA) message reduction algorithm (SHA0, SHA1, SHA2 (SHA224, SHA256, SHA384, SHA512), SHA3).

Also, the step of searching whether the converted host information matches the information included in the first block list uses a lightweight directory access protocol (LDAP) for accessing and managing directory information, The server may first be searched and the primary directory structure describing the server's domain may be performed in a secondary directory structure used by the server extending through the directory assistance document.

The generating of the second result may further include: limiting a search range of the second block list using the first result; Retrieving information matching the page information from the restricted second block list; And generating the second result depending on the presence or absence of matching information.

The generating of the second result may further include converting the page information.

Also, the page information is allowed to be accessed through a lightweight directory access protocol (LDAP) for accessing and managing directory information, and a primary directory structure and a primary directory structure in which the server searches first and describes the domain of the server, It can be stored in the secondary directory structure used by the server extended by the assistant document.

In addition, the first result and the second result may vary depending on the personal information of the user.

In addition, the first result and the second result may vary according to the rating information included in the first block list and the second block list.

The blocking management server for determining whether the URL information included in the packet requested by the user is the blocking target in the blocking management system according to the personal information of the wired / wireless user and the harmfulness degree of the Internet site according to another embodiment of the present invention, A first storage unit for storing information corresponding to host information among the first storage units; A second storage unit for storing information corresponding to page information in the URL information; And connection information for connecting information stored in the first storage unit and information stored in the second storage unit.

The first storage unit may further include personal information of the user and rating information according to the harmfulness level of the Internet site.

The first storage unit may store data to which a Message Digest Algorithm (MD) message reduction algorithm (MD2, MD4, MD5, MD6) is applied.

Also, the first storage unit may store data to which a SHA (Secure Hash Algorithm) message reduction algorithm (SHA0, SHA1, SHA2 (SHA224, SHA256, SHA384, SHA512), SHA3) is applied.

Also, the first storage unit and the second storage unit are allowed access through a lightweight directory access protocol (LDAP) for accessing and managing directory information, and a primary directory structure And a secondary directory structure used by a server that extends the primary directory structure through directory assistance documents.

The network connection device for checking whether the URL information included in the packet requested by the user is a blocking object in the blocking management system according to the personal information of the user and the harmfulness level of the Internet site according to another embodiment of the present invention, To host information and page information; A conversion unit for converting the host information; And a transmitting unit for transmitting the converted host information and the page information.

Also, the host information may be converted using a message-digest algorithm (MD) message reduction algorithm (MD2, MD4, MD5, MD6).

In addition, the step of converting the host information may be converted using a Secure Hash Algorithm (SHA) message reduction algorithm (SHA0, SHA1, SHA2 (SHA224, SHA256, SHA384, SHA512), SHA3).

In addition, the host information and the page information are allowed to be accessed through a lightweight directory access protocol (LDAP) for accessing and managing directory information. The host information and the page information are stored in a primary directory structure The directory structure can be retrieved through the secondary directory structure used by the server that extends the directory assistance document.

In addition, the packet requested by the user may be transmitted to a wired network or a wireless network.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, And can be understood and understood.

Effects of the method and apparatus according to the present invention will be described as follows.

INDUSTRIAL APPLICABILITY According to the present invention, an Internet information access control program and its apparatus can increase a search speed in a large-scale harmful site database and enable real-time monitoring.

In addition, according to the present invention, the blocking management service system can provide a harmful site blocking service in units of an Internet page in the network connection step of the user according to the personal information of the wired and wireless users and the harmfulness degree of the internet site.

In addition, the present invention can increase the capacity and performance of the system by shortening the search time in the block management system according to the personal information of the wired and wireless users and the harmful grade of the internet site, thereby reducing the system construction cost.

The effects obtainable by the present invention are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the following description.

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention. It is to be understood, however, that the technical features of the present invention are not limited to the specific drawings, and the features disclosed in the drawings may be combined with each other to constitute a new embodiment.
1 illustrates a system for a harmful site blocking service.
FIG. 2 illustrates a first analysis method for analyzing a URL requested by a user to determine a harmful site.
FIG. 3 illustrates a first control method for determining a harmful site using the first analysis method illustrated in FIG.
4 illustrates a second analysis method for analyzing a URL requested by a user to determine a harmful site.
FIG. 5 illustrates a second control method for determining a harmful site using the second analysis method illustrated in FIG.
FIG. 6 illustrates the structure of a management server for using the method illustrated in FIG.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, an apparatus and various methods to which embodiments of the present invention are applied will be described in detail with reference to the drawings. The suffix "module" and " part "for the components used in the following description are given or mixed in consideration of ease of specification, and do not have their own meaning or role.

In the description of the embodiments, when it is described as being formed on the "upper" or "lower" of each element, the upper or lower (lower) And that at least one further component is formed and arranged between the two components. Also, the expression "upward" or "downward" may include not only an upward direction but also a downward direction on the basis of one component.

1 illustrates a system for a harmful site blocking service.

As shown in the figure, the blocking management system according to the user's personal information and the harmfulness level of the Internet site is provided with a port mirroring function from the network device 6 connecting the user group 4 and the Internet 2 and the network device 6, And a blocking service management server 8 for determining whether or not to access the harmful site using the packet. Port Mirroring, also referred to as roving analysis port (RAP), monitors network traffic by forwarding a copy of each transmit and receive packet from one port of the network switch to another port capable of examining the packet. . That is, when the user transmits a first packet requesting specific data via the Internet through the network device 6, the network device 6 sends a partial or entire copy of the first packet to the blocking service management server 8 . The blocking service management server 8 compares a packet requested in the first packet with a harmful site (blocking site) list to determine whether to block or not, and notifies the network device 6 of the blocking.

FIG. 2 illustrates a first analysis method of a URL requested by a user to determine a harmful site.

As shown, it is assumed that the URL (10, Internet address) requested by the user is "http://www.all-your-porn.com/sexy/start.html".

According to the first analysis method for determining whether to block or not, the URL 10 requested by the user can be largely analyzed in three forms. First, the host information (http://www.all-your-porn.com) is used to decide whether to block or not. After adding an Internet connection port of ": 80" to the host information, it is converted into a string form using MD-5, which is one of the message reduction algorithms (12). By using the converted character string, it is possible to search for the block list matched in the blocking service management server 8 (see FIG. 1).

It may also decide to block with an Internet address that is one step deeper than the host information (i.e., http://www.all-your-porn.com/sexy/). Similarly, after adding an Internet connection port of ": 80" to the host information, the Internet address is converted into a string form using MD-5 which is one of the message reduction algorithms (14). By using the converted character string, it is possible to search for the block list matched in the blocking service management server 8 (see FIG. 1).

In addition, it is possible to decide whether to block or not by using the entire part of the URL 10 requested by the user. After adding the Internet connection port ": 80" to the host information, the entire Internet address is converted into a string form using MD-5, which is one of the message reduction algorithms (14). In the case of using MD-5, it is preferable that the total URL length does not exceed 64 bytes. By using the converted character string, it is possible to search for the block list matched in the blocking service management server 8 (see FIG. 1).

FIG. 3 illustrates a first control method for determining a harmful site using the first analysis method illustrated in FIG.

As shown in the figure, the first control method includes a step (20) of extracting URL information from a packet requested by the user, a step (22) of determining a blocking target URL from the extracted URL information, an MD- A step 26 of searching the database with the converted data, a step 28 of judging whether or not the site is a harmful site, and the presence or absence of a sub-path in order to reset the URL to be blocked Step 30 may be included.

For example, it is assumed that the URL information extracted from the packet requested by the user is " http://www.all-your-porn.com/sexy/start.html " After determining to use only the host information (http://www.all-your-porn.com) in the step (22) of determining the blocking URL from the extracted URL information, it can be judged whether or not it is a harmful site (28 ). If the host information (http://www.all-your-porn.com) is not a harmful site, the URL information extracted from the packet requested by the user in order to reset the URL to be blocked is added to the sub-path ("/ sexy / start.html ") is present (30). Thereafter, in step 22 of determining the blocking target URL, an Internet address (http://www.all-your-porn.com/sexy/) which is one step deeper than the host information can be determined as the blocking target URL. When the URL to be blocked is newly determined, it can again determine whether the site is a harmful site (28).

In the first control method described with reference to FIG. 3, a URL to be blocked is determined, a search is performed in the database, a URL to be blocked is reset, and the search is rediscovered in the database. Such a harmful site blocking system may have a limitation in the process of searching from the network in real time when searching the file-based database for millions of harmful sites. In addition, a method using hashing based on a message reduction algorithm such as MD-5 (that is, a method of converting a string to a shorter value or key symbolizing the original one) It can not be broken down into blocks. For example, there is a harmful site database provided by a government agency (eg, Ministry of Gender Equality).

4 illustrates a second method of analyzing a URL requested by a user to determine a harmful site.

As shown, it is assumed that the URL 50 (Internet address) requested by the user is "http://www.bad-host.com/directory/subdirectory/index.html".

According to the second analysis method for determining whether to block or not, the URL 50 requested by the user is divided into host information ("http://www.bad-host.com") and page information ("/ directory / subdirectory / index. html "). The second analysis method differs from the first control method in which the HTTP URL is converted into MD-5 using the first analysis method by separating the host region and the page region, Step. It is possible to reduce the search time in the large-scale harmful-site database which can search the harmful site because it is not necessary to perform the repeated search according to the URL depth and the length by proceeding only once to the host information search and page information search. This makes it possible to design a harmful site database with a large capacity, and real-time search service and real-time blocking service can be realized.

First, an Internet connection port ": 80" is added to the host information (http://www.bad-host.com), and then converted into a string form using MD-5, which is one of the message reduction algorithms (52 ). By using the converted character string, it is possible to search for the block list matched in the blocking service management server 8 (see FIG. 1).

MD-5, one of the message reduction algorithms, is an example, and other schemes may be applied. For example, the host information may be converted using a message-digest algorithm (MD) message reduction algorithm (MD2, MD4, MD5, MD6).

The host information may also be converted using a Secure Hash Algorithm (SHA) message reduction algorithm (SHA0, SHA1, SHA2 (SHA224, SHA256, SHA384, SHA512), SHA3).

In the URL 50 requested by the user, the page information (" / directory / subdirectory / index.html ") is distinguished from the host information and can be used for database search (54). A retrieval method using page information will be described with reference to FIG.

FIG. 5 illustrates a second control method for determining a harmful site using the second analysis method illustrated in FIG.

As shown in the figure, the second control method includes a step 60 of extracting URL information from a packet requested by the user, a step 61 of dividing the URL information into host information and page information, (71) retrieving whether the page information is present in a second block list associated with the first block list to generate a second result (63); and generating a first result And a step (74) of judging whether or not the site is a harmful site based on the second result. If it is judged that the site is a harmful site, the network device 6 (see Fig. 1) can stop the transmission of the packet requested by the user.

The step 61 of dividing the URL information into host information and page information may include a step 62 of extracting host information from the URL information and a step 70 of extracting page information from the URL information.

The step 63 of generating a first result may include the steps of translating host information 64, retrieving 66 whether the translated host information matches the information contained in the first block list 66, (Step 68) of recognizing whether or not a sub-path is present in the list, and outputting (not shown) the presence or absence of the matched first blocking list and the presence or absence of the sub-path to the first result.

For example, the step 64 of transforming the host information may use a message-digest algorithm (MD) message reduction algorithm (MD2, MD4, MD5, MD6).

The step 64 of transforming the host information may also use a Secure Hash Algorithm (SHA) message reduction algorithm (SHA0, SHA1, SHA2 (SHA224, SHA256, SHA384, SHA512), SHA3).

The searching step 66 for searching whether the converted host information matches the information included in the first block list uses a lightweight directory access protocol (LDAP) for accessing and managing directory information, Can be performed in the secondary directory structure used by the server, which first searched for and expanded the primary directory structure describing the server's domain through the directory assistance document.

The step 71 of generating the second result may include the step of limiting (73) the search range of the second block list using the first result, retrieving the information matching the page information in the limited second block list ), And generating a second result based on the presence or absence of matching information (not shown).

The page information is accessed through a lightweight directory access protocol (LDAP) for accessing and managing directory information, and the server first searches for and displays the primary directory structure and primary directory structure describing the server's domain, And can be stored in the secondary directory structure used by the server that has been extended through.

In addition, the step 71 of generating the second result may further include the step of converting page information (not shown). In the case of a database using lightweight directory access protocol (LDAP), each entry has an internal directory tree (DIT) and is distinguished by a distinguished name (DN) indicating its own location and uniqueness . (For example, " cn = index, ou = subdirectory, ou = directory, dc = database2 ") so that search is possible in the directory tree structure.

On the other hand, the first result and the second result outputted to the step 63 for generating the first result and the step 71 for generating the second result may vary depending on the user's personal information. Also, the first result and the second result may vary according to the rating information included in the first block list and the second block list.

Although not shown, the network connection device for checking whether the URL information included in the packet requested by the user in the blocking management system according to the personal information of the user and the harmful rating of the Internet site is a blocking object includes the URL information, A converting unit for converting the host information, and a transmitting unit for transmitting the converted host information and the page information.

Such a network connection device may be implemented as a software program and may be included in a portable terminal or a computer used by a user or may be a network device for connecting the user group 4 (see FIG. 1) and the Internet 2 (see FIG. 1) 6, Fig. 1). This network connection device may also be mounted on the blocking service management server 8 (see FIG. 1).

Such a network connection device may forward a packet requested by a user to a wired network or a wireless network.

FIG. 6 illustrates the structure of a management server for using the method illustrated in FIG.

As shown in the figure, the blocking management server for determining whether the URL information included in the packet requested by the user in the blocking management system according to the private information of the wired / wireless user and the harmfulness degree of the Internet site is the blocking object, A first storage unit 80 for storing corresponding information, a second storage unit 90 for storing information corresponding to the page information among the URL information, and a second storage unit 80 for storing information stored in the first storage unit 80, (Sub key) 86 for connecting the information stored in the storage unit 90.

Also, the first storage unit 80 and the second storage unit 90 are allowed access through a lightweight directory access protocol (LDAP) for accessing and managing directory information, and the server searches first and describes the domain of the server The primary directory structure and the primary directory structure can be stored in a secondary directory structure used by the server extended through the directory assistance document.

In operation, the host information 102 is used to perform a method using hashing based on a message reduction algorithm such as MD-5 (i.e., a method of converting a single character string into a shorter length value or key symbolizing the original character Method) to generate the key information 106. [ First, the same value is found in the host table 82 of the first storage unit 80 by using the key information 106. Thereafter, the secondary directory 84 corresponding to the same value is searched step by step, and the final node (node) 86 is searched. Thereafter, when the host value recorded in the last node 86 is compared with the host 102, the host 102 outputs the first result and outputs the sub-key value in the last node 86 to the second storage 90 ). If the same value is found in the sub-path table 92 in the second storage unit 90, the secondary directory 94 is searched in a step-by-step manner. The sub-path of the last node 96 is compared with the page information 104, and the second result is output if they match.

Meanwhile, the first storage unit 80 may further include personal information of the user and rating information according to the harmfulness level of the Internet site.

Also, the first storage unit 80 may store data to which a Message Digest Algorithm (MD) message reduction algorithm (MD2, MD4, MD5, MD6) is applied.

Also, the first storage unit 80 may store data to which a Secure Hash Algorithm (SHA) message reduction algorithm (SHA0, SHA1, SHA2 (SHA224, SHA256, SHA384, SHA512), SHA3) is applied.

As described above, the blocking management system according to the personal information of the wired and wireless users and the harmfulness degree of the internet site can provide the harmful site blocking service in the unit of the internet page in the subscriber.

In addition, the blocking management system according to the personal information of the wired and wireless users and the harmful level of the internet site can increase the capacity and performance of the system, thereby reducing the system construction cost.

The method according to the above-described embodiments may be implemented as a program to be executed by a computer and stored in a computer-readable recording medium. Examples of the computer-readable recording medium include a ROM, a RAM, a CD- , Floppy disks, optical data storage devices, and the like.

The computer readable recording medium may be distributed over a networked computer system so that computer readable code can be stored and executed in a distributed manner. And, functional program, code, and code segments for implementing the above-described method can be easily inferred by programmers in the technical field to which the embodiment belongs.

It will be apparent to those skilled in the art that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.

Accordingly, the above description should not be construed in a limiting sense in all respects and should be considered illustrative. The scope of the present invention should be determined by rational interpretation of the appended claims, and all changes within the scope of equivalents of the present invention are included in the scope of the present invention.

2: Internet
4: User group
6: Network device
8: Blocking service management server
80: First storage unit
90: Second storage unit

Claims (20)

Extracting URL information from a packet requested by the user;
Dividing the URL information into host information and page information distinguished from the host information;
Retrieving whether the host information is present in a first block list to generate a first result;
Retrieving whether the page information is present in a second block list associated with the first block list to generate a second result; And
Determining whether the site is a harmful site based on the first result and the second result
And a computer readable storage medium storing a program for performing an Internet information access control method. The method according to claim 1,
Wherein generating the first result comprises:
Converting the host information;
Searching whether the converted host information matches the information included in the first block list;
Recognizing whether or not a lower path exists in the matched first blocking list; And
Outputting the presence or absence of the matched first blocking list and the presence or absence of the lower path to the first result
And a computer readable storage medium storing a program for performing an Internet information access control method. 3. The method of claim 2,
Wherein the step of converting the host information uses a message-digest algorithm (MD) message reduction algorithm (MD2, MD4, MD5, MD6). 3. The method of claim 2,
Wherein the step of converting the host information uses a Secure Hash Algorithm (SHA) message collapse algorithm (SHA0, SHA1, SHA2 (SHA224, SHA256, SHA384, SHA512), SHA3) ≪ / RTI > 3. The method of claim 2,
The step of searching whether the converted host information matches the information included in the first block list uses a lightweight directory access protocol (LDAP) for accessing and managing directory information, A computer readable storage medium in which a program for performing an Internet information access control method, which is performed in a secondary directory structure used by a server which searches first and which explains a domain of a server through a directory assistance document, . The method according to claim 1,
Wherein generating the second result comprises:
Limiting the search range of the second block list using the first result;
Retrieving information matching the page information from the restricted second block list; And
Generating the second result according to the presence or absence of matching information
And a computer readable storage medium storing a program for performing an Internet information access control method. The method according to claim 6,
Wherein the generating of the second result further comprises converting the page information. ≪ Desc / Clms Page number 21 > The method according to claim 6,
The page information is allowed to be accessed through a lightweight directory access protocol (LDAP) for directory information access and management, and the primary directory structure and the primary directory structure, which the server searches first and describes the domain of the server, And a second directory structure used by a server extended through the second directory structure. The computer-readable storage medium having the program recorded thereon. The method according to claim 1,
Wherein the first result and the second result depend on personal information of the user. ≪ Desc / Clms Page number 20 > The method according to claim 1,
Wherein the first result and the second result depend on class information included in the first block list and the second block list. ≪ Desc / Clms Page number 19 > A blocking management server for determining whether or not URL information included in a packet requested by a user is a blocking object in a blocking management system according to personal information of a wired or wireless user and a harmful level of an Internet site,
A first storage unit for storing information corresponding to host information in the URL information;
A second storage unit for storing information corresponding to page information distinguished from the host information among the URL information; And
And connection information for connecting information stored in the first storage unit and information stored in the second storage unit
Included, blocking management server. 12. The method of claim 11,
Wherein the first storage unit further stores the personal information of the user and the rating information according to the harmful rating of the Internet site. 12. The method of claim 11,
Wherein the first storage unit stores data to which a message-digest algorithm (MD) message reduction algorithm (MD2, MD4, MD5, MD6) is applied. 12. The method of claim 11,
Wherein the first storage unit stores data to which a Secure Hash Algorithm (SHA) message reduction algorithm (SHA0, SHA1, SHA2 (SHA224, SHA256, SHA384, SHA512), SHA3) is applied. 12. The method of claim 11,
The first storage unit and the second storage unit are allowed access through a lightweight directory access protocol (LDAP) for accessing and managing directory information. The first directory structure and the first directory structure, in which the server first searches and describes the domain of the server, A blocking management server that stores the secondary directory structure as a secondary directory structure used by the server that extends the directory assistance document. A network connection apparatus for checking whether URL information included in a packet requested by a user is a blocking object in a blocking management system according to a user's personal information and a harmful rating of an Internet site,
A sensing unit for classifying the URL information into host information and page information;
A conversion unit for converting the host information;
A transmitting unit for transmitting the converted host information and the page information,
And a network connection device. 17. The method of claim 16,
Wherein the host information is converted using a message-digest algorithm (MD) message reduction algorithm (MD2, MD4, MD5, MD6). 17. The method of claim 16,
Wherein the step of converting the host information is converted using a Secure Hash Algorithm (SHA) message reduction algorithm (SHA0, SHA1, SHA2 (SHA224, SHA256, SHA384, SHA512), SHA3). 17. The method of claim 16,
The host information and the page information are allowed to be accessed through a lightweight directory access protocol (LDAP) for accessing and managing directory information. The host information and the page information are stored in a primary directory structure and a primary directory structure Is retrieved through a secondary directory structure used by a server that has been extended through a directory assistance document. 17. The method of claim 16,
Wherein the packet requested by the user is delivered to a wired network or a wireless network.
KR1020150150201A 2015-10-28 2015-10-28 Apparatus and method for controlling information access in internet KR101739415B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150150201A KR101739415B1 (en) 2015-10-28 2015-10-28 Apparatus and method for controlling information access in internet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150150201A KR101739415B1 (en) 2015-10-28 2015-10-28 Apparatus and method for controlling information access in internet

Publications (2)

Publication Number Publication Date
KR20170049169A KR20170049169A (en) 2017-05-10
KR101739415B1 true KR101739415B1 (en) 2017-05-24

Family

ID=58744226

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150150201A KR101739415B1 (en) 2015-10-28 2015-10-28 Apparatus and method for controlling information access in internet

Country Status (1)

Country Link
KR (1) KR101739415B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11681779B1 (en) 2022-04-29 2023-06-20 Franklin Technology Inc. Notification service server capable of providing access notification service to harmful sites and operating method thereof

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110472165B (en) * 2019-08-20 2024-01-16 深圳前海微众银行股份有限公司 URL extraction method, device, equipment and computer readable storage medium
KR102125966B1 (en) * 2019-12-05 2020-06-23 엘에스웨어(주) System for collecting traffic and feature of TOR network using private network and virtual machine
KR102533724B1 (en) 2022-11-17 2023-05-17 김민석 Website access management device with cataloged web address

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100704000B1 (en) 2006-04-18 2007-04-05 주식회사 소프트런 Phishing prevention method for analysis internet connection site and media that can record computer program sources for method thereof
US20140075501A1 (en) 2012-09-07 2014-03-13 Oracle International Corporation Ldap-based multi-tenant in-cloud identity management system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100704000B1 (en) 2006-04-18 2007-04-05 주식회사 소프트런 Phishing prevention method for analysis internet connection site and media that can record computer program sources for method thereof
US20140075501A1 (en) 2012-09-07 2014-03-13 Oracle International Corporation Ldap-based multi-tenant in-cloud identity management system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11681779B1 (en) 2022-04-29 2023-06-20 Franklin Technology Inc. Notification service server capable of providing access notification service to harmful sites and operating method thereof

Also Published As

Publication number Publication date
KR20170049169A (en) 2017-05-10

Similar Documents

Publication Publication Date Title
CN108206802B (en) Method and device for detecting webpage backdoor
US10375102B2 (en) Malicious web site address prompt method and router
KR101739415B1 (en) Apparatus and method for controlling information access in internet
US8312172B2 (en) Method and system for delta compression
CN103348334B (en) Cloud system and the compressing file in cloud system and transfer approach
US8150823B2 (en) Private searching on a public search engine
US8250081B2 (en) Resource access filtering system and database structure for use therewith
CN109768992B (en) Webpage malicious scanning processing method and device, terminal device and readable storage medium
CN104283723B (en) Network access log processing method and processing device
US20210344770A1 (en) Proxy computer system to provide direct links for bypass
CN110430188B (en) Rapid URL filtering method and device
US20100179954A1 (en) Quick Mass Data Manipulation Method Based on Two-Dimension Hash
RU2642833C2 (en) Method and device for mediere resource support
MX2011013052A (en) Cache protection.
US20050138004A1 (en) Link modification system and method
WO2012034518A1 (en) Method and system for providing message including universal resource locator
JP2009530922A (en) Peer-to-peer gateway
CN110929185B (en) Website directory detection method and device, computer equipment and computer storage medium
US9898463B2 (en) Document management server, document management method, and non-transitory storage medium storing program
US9973597B1 (en) Differential dictionary compression of network-accessible content
JP2005352534A (en) Multi vendor support system and support method
JP7131357B2 (en) Communication device, communication method, and communication program
KR101502589B1 (en) Method of identifying terminals using web entity and apparatus thereof
AU2008350240A1 (en) Method, system and device for associating content with a category
KR101018787B1 (en) System for searching information using internet

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant