CN101611396B - System and method for blocking the connection to the harmful information in a internet service provider network - Google Patents

System and method for blocking the connection to the harmful information in a internet service provider network Download PDF

Info

Publication number
CN101611396B
CN101611396B CN200780050122XA CN200780050122A CN101611396B CN 101611396 B CN101611396 B CN 101611396B CN 200780050122X A CN200780050122X A CN 200780050122XA CN 200780050122 A CN200780050122 A CN 200780050122A CN 101611396 B CN101611396 B CN 101611396B
Authority
CN
China
Prior art keywords
harmful information
pop
user
harmful
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200780050122XA
Other languages
Chinese (zh)
Other versions
CN101611396A (en
Inventor
吴采炯
姜德镐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLANTY-NET Ltd
Planty Net Co Ltd
Original Assignee
PLANTY-NET Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLANTY-NET Ltd filed Critical PLANTY-NET Ltd
Publication of CN101611396A publication Critical patent/CN101611396A/en
Application granted granted Critical
Publication of CN101611396B publication Critical patent/CN101611396B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system for blocking connection to harmful information in an Internet service provider (ISP) network is disclosed. In one embodiment, the system includes: a plurality of harmful-in- formation-blocking-system PoPs; a harmful-information-control-list-DB server for transmitting a control list DB of blocking-targeted harmful information to the plurality of harmful-in- formation-blocking-system PoPs in real-time; a subscriber control device for selecting one harmful-information-blocking-system PoP among the plurality of harmful-in- formation-blocking-system PoPs on the basis of state information in a harmful-in- formation-blocking-system-PoP monitoring device, so as to transmit traffic of the harmful-information-blocking-service subscriber thereto. According to the one embodiment, it is possible to stably provide the harmful information blocking service although the number of harmful- information-blocking- service subscribers increases.

Description

Be used for stoping the system and method for the harmful information that is connected to ISP's network
Technical field
The present invention relates to a kind of system and method that is used for stoping the harmful information that is connected to ISP (ISP) network; Said system and method stop subscriber computer according to user's request, utilize http protocol to pass through the URL visit harmful information of harmful site, the perhaps harmful information that provides through file-sharing service (for example P2P, the network hardware etc.) or the application program through special use (for example courier etc.) of visit.More particularly; The present invention relates to a kind of system and method that is used for stoping the harmful information that is connected to the ISP network, said system and method has following design: utilize from a plurality of harmful informations of ISP to stop selectivity is distributed the PoP of system harmful information to stop system's access point (PoP) to stop harmful information to stop specific transactions that comprise, that have harmful information in the business of service-user.
Background technology
Current, there is too many harmful information on the Internet.These too much harmful informations are the porn site for example in specific website not only; And through the file-sharing mode; For example P2P, network hard disc, courier etc. propagate widely, thereby even have formed the environment that a kind of teenager also can visit harmful information at an easy rate.
In order to address this problem, so far, the method and apparatus of the various harmful informations that the multiple computer access that is used to prevent the specific user exists on the Internet has been proposed.Yet most of solution all has limitation, because the function of solution self has many limitations, perhaps adopts solution will cause different problems.
The harmful information prevention scheme of current use electricity roughly is divided into following three kinds of schemes: first kind of scheme is the client scheme, wherein can carry out harmful information and stop the software of function to be installed among the user client PC.Second kind of scheme is to stop the server scheme, wherein is used for stoping the server of harmful information to be installed in the LAN of school, company or corporations.The third scheme is with first kind of scheme and second kind of a kind of scheme that scheme combines.According to the third scheme; In subscriber computer, set up agent functionality by software; Prevention server based on the agency is installed in user's LAN or the public network; Thereby subscriber computer must be through having prevention server and the access internet that harmful information stops function, thereby stoped and being connected of harmful information.
First kind of scheme is generally used for home PC, and its basic inconvenience that causes is to stop software must be installed among user's the PC with the restriction teenager through the access to the Internet harmful information, for example is harmful to website, P2P, network hard disc etc.And; First kind of scheme depends on operating system (OS) and the web browser environment of PC, and has defective, if because the prevention software that is installed among the user PC deleted; Then the prevention of expectation operation will not be performed, and need the head of a family constantly to manage the prevention software in the family.
The harmful information that second kind of scheme needs server administrators to manage and be usually located in school or the corporations stops server, owing to wasted great amount of time with cost and need a concrete management person be responsible for the prevention server, so it has defective.
The third scheme needs following program, and the setting that changes user PC at first will be carried out the setting of agent functionality on the user PC, so that carry out normal running.According to the third scheme, along with the increase of number of users, stop server to be applied in bigger load, thereby postponed the processing of bag, therefore seriously reduced the data rate of the Internet.Therefore, the third scheme is inappropriate for and holds a large amount of users.In addition, similar with first kind of scheme, the defective that the third scheme has is that if if corresponding software is deleted or act on behalf of to be provided with to be changed, it can not provide harmful information to stop function from user PC.
Simultaneously; In addition; Solution as stoping harmful site has a kind of caching scheme that stops the harmful site in the cache server, and is harmful site assigned ip filter list to be stoped in the internet gateway device and the router filtering scheme that stops harmful site.Yet the problem of these schemes is that it has low success rate and instability, and has reduced the data rate of the Internet.In order to solve these problems of the prior art, a kind of network prevention scheme that provides harmful site to stop service through centralized control for the user by ISP (ISP) has been proposed.Stop scheme according to this network, harmful information stops the PoP of system to be installed in the ISP network, when the user attempts to visit harmful site, user's request package and harmful site DB is compared, thereby stops the connection of this harmful site.This network prevention scheme has the high advantage of the success ratio of prevention; The user can not evade harmful information through the method for random deletion software and stop, and it does not need client (for example, school or company) to employ a special keeper; Can not reduce the speed of the Internet; Can real-time update harmful site DB, the stability of prevention is remarkable, and routing function again is provided.Therefore, network stops scheme can be considered to a kind of quite effectively solution.
Yet according to first model of network prevention scheme shown in Figure 1, business is carried out route by the 4th layer of (L4) switch 30 that is included in the prevention system.Then, the L4 switch 30 in the business of the hypervelocity input prevention system does not connect prevention service-user 20 and non-user 10 and do not distinguish harmful information.Subsequently; After the business of service-user 20 is distinguished with the non-user's 10 of service business each other; Non-user's 10 business directly is sent to the Internet; And the business of service-user 20 is applied in to stoping server 40a and 40b according to the rule of setting up in the L4 switch 30, filters, and is transmitted to the Internet then.Therefore, because all business is applied in to L4 switch 30, do not distinguish the service-user 20 and the non-user 10 of service that stop service, a large amount of loads is applied in the switch to L4, therefore causes L4 switch 30 to produce the problem of fault.
For the problem that solves first model and further improve the ISP stability of network, system shown in Figure 2 (registration number referring to being submitted to by the inventor is the Korean Patent of 10-0478899B1) has been proposed.This system is suggested to prevent non-user's 10 business is played a role when the Internet access services and in prevention system 80, breaks down; This system is configured to get into harmful information and stops the user's 10 of service business from accesses network, to be distinguished; And handle by the harmful information disposal system 80 (comprising 81 and 82) of standalone configuration; Because it is independent from existing network 50,60 and 70, therefore can be easily operated and managed.For this purpose, except said structure, propose to adopt tunnel protocol technology (for example, utilizing the scheme of the L2TP Tunnel shown in Fig. 2) and bag mirror image technology.
At length, according to conventional system shown in Figure 2, ISP is through various accesses network, and for example xDSL, cable, wireless Internet, ISDN, industrial siding etc. provide Internet service to the user.The Internet service user of receiving internet service can only need to stop service be provided harmful information by the additional harmful information that provides of ISP to stop service through ordering, and need not to change any setting of he self PC.When the user added harmful information prevention service, ISP stoped the information (for example, MAC Address or ID/ password) of service-user to input to user control harmful information.Then, when harmful information prevention service-user access internet perhaps transmitted bag with the use the Internet, user control was distinguished and is transmitted user 20 business and non-user's 10 business respectively through different routes.For example; Tunnel protocol; Level 2 Tunnel Protocol as shown in Figure 2 (L2TP) can be used to distinguish harmful information and stop the business of service-user and the business that non-harmful information stops service-user, and stops the business of service-user to be sent to the harmful information prevention PoP of system 80 harmful information.Therefore, according to the structure of ISP, can usage policy route (PBR) technology generation transmit the business of harmful information prevention service-user and the business that non-harmful information stops service-user respectively for tunnel protocol.
After receiving the business of harmful information prevention service-user 20 with the form of bag; Harmful information stops system 80 to carry out the bag mirror image operation, and through the mirror image bag is relatively analyzed the mirror image bag that harmful information stops service-user with the harmful information DB that is controlled tabulation DB server real-time update by harmful information.Then; If corresponding bag request harmful information; Harmful information stops the PoP of system 80 to transmit the terminal that stops message to harmful information prevention service-user; And transmit the server that harmful information is provided that connection closed message to harmful information stops service-user to attempt to visit, thereby prevent that the downloading service that comprises harmful information is transferred into harmful information prevention service-user.Therefore, should be expressly understood that when definite said bag during corresponding to normal bag, encapsulating of receiving in the mirror image scheme abandons, even therefore harmful information stops also access internet normally of service-user.
Yet even in system shown in Figure 2, along with harmful information stops the growth of number of service subscribers, concentrating on business that harmful information stops the PoP of system increases and causes ink-bottle effect, thereby has reduced the internet speeds that harmful information stops service-user.Equally, this conventional system has a structure difficult problem, because harmful information stops the PoP of system in whole zone, to install.
In addition, conventional system has variety of issue, for example, and when breaking down among the single prevention PoP of system or during when the ISP unstable networks, even owing to have the Internet service on fault recovery method basis can not offer the user that harmful information stops service.On the other hand; The harmful information prevention service that offers the Internet service user only is a kind of supplemental services that except that the basic Internet service that is provided by ISP, is provided for the user; Therefore do not consider this supplemental services, the most important thing is that basic Internet service is offered the user that harmful information stops service reposefully.Yet; In the system of routine; Stop the fault relevant in the system that serves if taken place such as harmful information with supplemental services; The speed of the Internet is slack-off or can not access internet, thereby the Internet service on basis has been applied bad influence and caused serious harmful effect.
Summary of the invention
Technical matters
Therefore; The present invention is used to solve and occurs in the problems referred to above of the prior art; And the invention provides a kind of system and method that is connected to harmful information that is used to stop; It comprises that a plurality of harmful informations stop the PoP of system, even therefore break down when harmful information stops the PoP of system, the user also can normally be provided basic Internet service and harmful information to stop service.Equally; The invention provides a kind of system and method that is connected to harmful information that is used to stop; It is suitably distributed to a plurality of harmful informations with business and stops the PoP of system; Thereby prevent that excessive business from being focused on the possibility that a specific harmful information stops the PoP of system and reduced the generating bottle neck phenomenon, even therefore harmful information stops the quantity of service-user to increase, service also can be provided reposefully and can not reduce internet speeds.In addition; The invention provides a kind of system and method that is connected to harmful information that is used to stop; It detects the fault that in the harmful information prevention PoP of system, takes place and launches another harmful information and stops the PoP of system to be resumed up to this fault, has therefore improved the reliability of total system.
Technical scheme
According to a scheme of the present invention, provide a kind of comprising that the system that stops the function that is connected to the harmful information in ISP (ISP) network is provided, said system comprises:
A plurality of harmful informations stop the PoP of system, and it is arranged in the backbone network of ISP;
Harmful information control tabulation DB server, it is used for transmitting in real time the extremely a plurality of harmful informations of control tabulation DB that stop the target harmful information and stops the PoP of system;
User control; It comprises customer service differentiation and transfer control; Customer service is distinguished and thereby the transfer control executivecontrol function makes harmful information stop the business of service-user from other business, to be distinguished, and is transferred into a harmful information prevention PoP of system who from a plurality of harmful informations prevention PoP of system, selects; And
Harmful information stops the PoP of system supervising device, and it is used to monitor the current state that harmful information stops the PoP of system, checks that whether normally each harmful information stops the PoP of system operation, and transmits check result to user control, wherein:
A plurality of harmful informations stop the PoP of system to collect the business that the harmful information of being distinguished through the bag mirroring apparatus by user control stops service-user; To stoping the necessary bag of service to filter in the mirroring service that is received from the user who wraps mirroring apparatus; Through bag that will be filtered and the bag that relatively is filtered by harmful information control tabulation DB server harmful information DB real-time or that periodically update with analysis; Confirm whether to comprise in the request package of service-user and be connected to harmful information; The for example request of harmful site, P2P, network hard disc etc. stops to be connected to harmful information when comprising the request that is connected to harmful information in the request package of confirming service-user; And
The customer service of user control is distinguished and transfer control is constructed to stop a plurality of harmful informations of the PoP of system supervising device to stop the status information of the PoP of system to confirm that a harmful information stops the PoP of system based on being received from harmful information, and the transmission harmful information stops business to said definite harmful information of service-user to stop the PoP of system.
According to another aspect of the present invention, a kind of method that is used for stoping the harmful information that is connected to ISP (ISP) network is provided, said method comprises:
The user profile registration step wherein, when the user asks ISP to accept through online or off line adding harmful information prevention service, adds harmful information about the user and stops the information of service to be registered in the user control;
Harmful information stops the PoP of system monitor message transfer step; Wherein, Monitoring a plurality of harmful informations stops the harmful information prevention system monitoring device of the current state of the PoP of system to check that each harmful information stops positional information and the status information of the PoP of system, transmits check result then to user control;
Harmful information stops the PoP of system to confirm step; Wherein, After receiving that harmful information stops the positional information of the PoP of system and stoping the status information of current state of the PoP of system about harmful information, user control stops from a plurality of harmful informations to be selected the PoP of system and confirms that a harmful information stops the PoP of system;
Harmful information stops service-user traffic differentiation and transfer step; Wherein, When subscriber to access Internet or transmission bag; User control is discerned said user and whether is stoped service-user corresponding to harmful information; A route technology of selecting in the route technology group of forming through tunnel protocol or by tactful route (PBR) technology etc., the business that harmful information is stoped service-user distinguishes from non-harmful information stops the business of service-user, customer service is sent at harmful information to stop the PoP of system to confirm the harmful information prevention PoP of system that confirms in the step then;
Harmful information stops service-user bag analytical procedure; Wherein, Stop the customer service of distinguishing and be concentrated to the predetermined harmful information prevention PoP of system in service-user traffic differentiation and the transfer step by bag mirroring apparatus mirror image processing by user control at harmful information; Mirror image encapsulates to be filtered into and stops the necessary bag of service; And relatively the bag that is filtered is analyzed through the bag that will be filtered and the DB server harmful information DB real-time or that periodically update that tabulates by harmful information control, and whether definite user bag asks harmful information; And
Harmful information stops step; Wherein, when confirming when harmful information stops the bag request harmful information of service-user in the service-user bag analytical procedure, to stop message to be transmitted to served user terminals; And connection closed message is transferred into the server that service-user is attempted to visit; On the contrary, when the bag of confirming service-user when not asking the normal bag of harmful information, thereby mirror image encapsulates to abandon and can normally use the Internet.
Here; The present invention may further include the connection of basic the Internet and safeguards step; It allows user control to change professional route; Thereby when not when harmful information stops the PoP of system to confirm to confirm that a harmful information stops the PoP of system in the step, the business of harmful information prevention service-user is transferred into the Internet via non-user's professional route.
Beneficial effect
As stated according to the present invention; Only add ISP and just can prevent effectively in network prevention scheme that harmful information from stoping service-user visit harmful information through the user; For example user capture harmful site is perhaps through P2P or the harmful file of network hard disc visit; Even do not need the change of Any user terminal (for example, PC, PDA etc.).Equally, according to the present invention, a plurality of harmful informations stop the PoP of system to be disposed in the ISP backbone network, its monitored and operation effectively, thus even harmful information stops the quantity of service-user to increase, also can stably provide harmful information to stop service.In addition, according to the present invention,, stop the basic Internet service of service-user not receive such fault effects to harmful information even in a plurality of harmful informations prevention PoP of system, fault has taken place.Equally, according to the present invention, through the holdout device self of duplex, for example the packet filtering device can more stably provide harmful information to stop service.In addition, according to the present invention,,, ISP is used to provide harmful information to stop working strength, time and the expense of service because through the concentrated controling management user, can reducing significantly from the angle of ISP.
Description of drawings
Fig. 1 is the block diagram that explanation provides harmful information to stop the structure of the conventional system of serving, and wherein the business of service-user and the non-user's of service business is all by the L4 switch processes in the ISP network;
Fig. 2 is that explanation provides harmful information to stop the block diagram of the conventional system structure of service through Differentiated Services user's business and the non-user's of service business;
Fig. 3 explains that the harmful information in the ISP network according to an embodiment of the invention connects the integrally-built block diagram of prevention system;
Fig. 4 explains that the harmful information in the ISP network according to an embodiment of the invention connects the detailed diagram of the structure that stops intrasystem user control;
Fig. 5 explains that the harmful information in the ISP network according to an embodiment of the invention connects the detailed diagram that stops intrasystem harmful information to stop the structure of the PoP of system;
Fig. 6 is the integrally-built block diagram that the harmful information in the ISP network of explaining according to another embodiment of the present invention connects the prevention system;
Fig. 7 explains that the harmful information in the ISP network according to an embodiment of the invention connects the process flow diagram of the program of prevention method; And
Fig. 8 is the process flow diagram that the harmful information in the ISP network of explaining according to another embodiment of the present invention connects the program of prevention method.
Embodiment
After this, will illustrate and describe exemplary embodiment of the present invention.In following description and accompanying drawing, identical Reference numeral is used to indicate identical or similar assembly, therefore will be omitted being repeated in this description of identical or similar assembly.
After this, will describe in detail with reference to accompanying drawing and in ISP (ISP) network, be used to stop the system and method that is connected to harmful information according to exemplary embodiment of the present invention.
Referring now to Fig. 3 to 6 system that is used for stoping the harmful information that connects the ISP network according to exemplary embodiment of the present invention is described.
As shown in Figure 3, harmful information connection prevention system comprises according to an embodiment of the invention: a plurality of harmful informations prevention PoP400 of system (that is, harmful information stops the PoP#1400a of system, #2400b ... #N 400c); Harmful information control tabulation DB server 200, it is used for that the control tabulation that stops the target harmful information is sent to a plurality of harmful informations in real time and stops the PoP of system; User control 300; Harmful information in the ISP network stops the PoP of system supervising device 500, and its customer access network through comprising the user capture device is sent to the Internet with Internet service user's business.At length; As shown in Figure 4; This user control 300 comprises: customer service is distinguished and transfer control 320, stops a harmful information of selecting the PoP of system to stop the PoP of system thereby its executivecontrol function makes harmful information stop the business of service-user from whole business, to distinguish and be transferred into from harmful information.Harmful information stops the PoP of system 400 to be arranged in (comprising 400a, 400b and 400c) backbone network of ISP; Collect the business that the harmful information of being distinguished by user control 300 stops service-user through the bag mirroring apparatus; Through should business relatively analyzing the business that is collected, confirm whether the request package of service-user comprises the request that is connected to harmful information with the harmful information DB that perhaps periodically updates in real time by harmful information control tabulation DB server 200; And when the request package of confirming service-user comprises the request that is connected to harmful information, stop to be connected to this harmful information.
Here, user control 300 can further comprise independent certificate server 310, and it is used to manage can make ISP confirm whether the user has added harmful information and stoped the authentication function of serving.Simultaneously, according to the Internet method of attachment that offers the user from ISP (for example, ADSL, VDSL, based on LAN, HFC etc.), diverse ways can optionally be used for distinguishing the business that harmful information stops service-user from whole business.Therefore, be responsible for from whole business, distinguishing harmful information and stop service-user professional customer service differentiation and transfer control 320 can be integrated into customer access network 100, be different from structure shown in Figure 4.In this case, customer service is distinguished and can be constructed in customer access network 100, distinguish mutually with user capture device 110 with transfer control 320, and is as shown in Figure 6 perhaps according to another embodiment of the invention, is integrated in the user capture device 110.Equally, except certificate server 310, other parts of user control 300 comprise that promptly harmful information stops the PoP of system to confirm that the customer service of unit 320A is distinguished and transfer control 320 can be incorporated into customer access network 100, and are as shown in Figure 6.
In addition; Thereby harmful information stops the PoP of system supervising device 500 monitoring harmful informations to stop the current state inspection status information of the PoP of system; For example, whether normally each harmful information stops the PoP of system operation, and transmits check result to user control 300.
Like Fig. 4 and shown in Figure 6; The customer service of user control 300 is distinguished and transfer control 320 comprises that harmful information stops the PoP of system to confirm unit 320A; It is used for stoping a plurality of harmful informations of the PoP of system supervising device 500 to stop the PoP of system 400 (to comprise 400a based on being received from harmful information; 400b, status information 400c) confirms that a harmful information stops the PoP of system.In addition; Preferably; Harmful information stops the PoP of system to confirm that unit 320A comprises: database, and it is used for stoping the harmful information of the PoP of system supervising device 500 to stop the status information of the PoP of system to preserve position and the status information that each harmful information stops the PoP of system based on being received from harmful information; And load sharing algorithm portion, it is used for as long as harmful information stops the service-user access internet or transmits bag, utilizes the position and the status information that are kept at each PoP in the database to select a harmful information to stop the PoP of system.Then; Harmful information stops the PoP of system to confirm that unit 320A stops a plurality of harmful informations of the PoP of system supervising device 500 to stop the PoP of system 400 (to comprise 400a based on being received from harmful information; 400b; Status information 400c) confirms that a harmful information stops the PoP of system, and harmful information stops the business of service-user 20 to send the harmful information prevention PoP of system that is determined to from user capture device 110 (for example, user access server).
Each harmful information stops the PoP of system 400 to comprise: user's coupling arrangement 410, and it is used for when user capture device 110 passes through tunnel effect, tactful route transport services such as (PBR), receiving and handle the business that harmful information stops service-user; And harmful information holdout device 420; Whether its business that is used for confirming harmful information prevention service-user is near harmful information; Wherein shown in accompanying drawing, the user connects the tunneling termination device can be constructed to a PoP, and perhaps a plurality of user's coupling arrangements can PoP of composite construction.
At this, more preferably, harmful information holdout device 420 comprises: as shown in Figure 5; Bag mirroring apparatus 421; It is used to carry out the relevant bag mirror image operation of business that stops service-user with harmful information, and when business was transferred into the ISP backbone network, the bag mirror image operation was transmitted to user's coupling arrangement 410.Packet filtering device 422 and 423, it comprises at least two packet filtering switches so that filter the bag by bag mirroring apparatus 421 mirror image processing; And packet filtering switch supervising device 425, its be used for respectively confirming one of the packet filtering switch for activating switch 422 another is backup switch 423.
The harmful information that is included in according to characteristic of the present invention connects the user control 300 in the prevention system; Being received from harmful information through utilization stops the harmful information of the PoP of system supervising device 500 to stop the status information of the PoP of system 400; Preservation stops the PoP 400a of system about each harmful information; 400b ... the positional information of 400c and the DB of current system state.Harmful information stops the PoP 400a of system, 400b ...; The positional information of 400c can represent that current system state can comprise the details about PoP, for example with the representative IP address that stops the PoP of system; According to each PoP, user's visit capacity (capacity), the portfolio that can handle (capacity); Bag processing delay time (packet delay), and the information that whether breaks down about system.As long as subscriber to access Internet or transmission bag; User control 300 is based on the definite best harmful information prevention of the load sharing algorithm PoP of system that this status information of utilizing PoP is carried out; And notice comprises that the harmful information that is determined stops the customer access network 100 of the user capture device 110 of the PoP of system, stops the PoP of system thereby harmful information stoped the business of service-user 20 suitably to be distributed and distribute to harmful information.
Load sharing algorithm can be implemented as based on parameter selects a harmful information to stop the PoP of system; These parameters comprise in the network distance (for example; Route segment counting) and harmful information stop the network state on the route between service-user and each harmful information prevention PoP of system; And active user and volume of business, through keeper's manual work a harmful information is set then and stops the PoP of system.
When because each harmful information stops the user capacity of the PoP of system to exceed the quata or because during PoP that the system failure can be served more than not having more; User control 300 is no longer distinguished user and non-user's professional route; Thereby and carry out setting operation and make harmful information stop service-user and non-user can both use basic the Internet route, therefore for user's not influence of basic Internet service.
Simultaneously, according to one embodiment of present invention, user control 300 can be constructed by following mode: as shown in Figure 3, user control 300 distinguishes and is included in from customer access network 100 in the existing ISP customer certification system.According to another embodiment of the invention, as shown in Figure 6, user control 300 can comprise that harmful information stops the PoP of system to confirm that the form of unit 320A merges in the customer access network 100 by customer service differentiation and transfer control 320.Under this mode, according to circumstances user control 300 can be implemented as functions such as PBR.Equally, be described below, kinds of schemes can be used to confirm that best harmful information stops the PoP of system.Comprise round-robin method (Round Robin) scheme, it stops the PoP of the system tabulation DB from harmful information and distributes the PoP that can serve one by one; Minimum connectivity scenario, it transmits corresponding business to the specific PoP that comprises minimum current accessed number of users or minimal service amount; And weighting scheme, thereby it stops the PoP of system to provide different weightings according to harmful information to make specific harmful information stop the PoP of system can hold more relatively user capture.Preferably, the present invention is implemented as according to being provided with of keeper and selects and change algorithm (for example, scheme).
Equally, harmful information stops the PoP of system supervising device 500 to monitor each harmful information in real time through various parameters and stops the PoP of system, thereby whether each PoP normally moves in inspection.Being used to monitor harmful information stops the parameter of the PoP of system can comprise a plurality of variablees; For example; About whether being included in all normally operations of each device in the harmful information prevention system, the user of each corresponding PoP and volume of business (for example, current capacity and maximum can be held the ratio of capacity); The user wraps processing delay time (packet delay), and by the information of the artificial strategy that is provided with of keeper.Harmful information stops the PoP of system watch-dog 500 to transmit these information that measures to user controls 300 in real time, thereby makes user's traffic differentiation and conveyer 320 can use said Information Selection to be suitable for holding the best harmful information prevention PoP of system of customer service.Equally, the keeper can change the best harmful information prevention PoP of system through revising these parameters.When monitoring PoP; When harmful information stops the PoP of system supervising device 500 to confirm that harmful informations stop the PoP of system because user capacity exceeds the quata or the system failure and can not hold the user again the time; Harmful information stops the PoP of system supervising device 500 to transmit failure message to the user control 300 about PoP in real time, thereby prevents that harmful information from stoping the business of service-user to be transferred into corresponding PoP.Therefore, harmful information stops service to be provided constantly by different stable PoP, even perhaps under the worst case that all PoP break down, also basic Internet service can be provided.
At this; As shown in Figure 6; When user control 300 comprised that with customer service differentiation and transfer control 320 harmful information stops the PoP of system to confirm that the form of unit 320A merges to customer access network 100, harmful information stoped the PoP of system supervising device 500 also can be incorporated into customer access network 100 with user control 300.
Fig. 5 be explanation according to exemplary embodiment of the present invention be used for prevent that when receive customer service the user is connected to the block diagram of structure of harmful information holdout device of the harmful information of the harmful information prevention PoP of system.According to embodiments of the invention, be used to stop the device of harmful information to have duplex structure, thereby more stable service can be provided.
As stated, harmful information stops the business of service-user 20 to be transmitted to the harmful information of being set by user control 300 from customer access network 100 and stops user's coupling arrangement 410 of one the PoP400 of system.
The business that sends user's coupling arrangement 410 to is transferred into the ISP backbone network, and the bag mirroring apparatus 421 through harmful information holdout device 420 is sent to packet filtering device 422 and 423 then.In this case, packet filtering device 422 and 423 has by activating duplex structure that switch 422 and backup switch 423 constitute stably to stop harmful information, and bag mirroring apparatus 421 transmits identical customer service to two a packet filtering switch 422 and 423.In packet filtering switch 422 and 423, when the packet filtering switch 422 normal process users' that are set to state of activation bag when stoping harmful information, the packet filtering device 423 that is set to holding state abandons user's bag of receiving so that normal service to be provided.If in activating switch 422, break down, backup switch 423 moves the bag with process user as activating switch, thereby even when a packet filtering switch breaks down, also can stably provide harmful information to stop service.This operation that activates switch 422 and backup switch 423 is by 425 controls of switch supervising device.Switch supervising device 425 is periodically checked the packet filtering device through SNMP, ICMP etc., and normally whether promptly aforementioned activation switch 422 and backup switch 423 operation.In this monitoring, when in confirm activating switch 422, fault having taken place, thereby switch supervising device 425 is changed into state of activation with the setting of backup switch 423 and can normally be provided harmful information to stop function.
Packet filtering switch 422 and 423 distinguish and filter stoping service institute must wrap in the user's bag that is received from bag mirroring apparatus 421, and the bag that will be filtered is distributed and is sent to a plurality of prevention server 424a.In the case; Preferably; Packet filtering switch 422 with 423 through TCP/UDP port monitoring, SNMP, ICMP, monitor the operation of prevention server 424a with stoping the relevant connection status of server 424a; Thereby whether normally inspection stops server 424a operation, and when specific prevention server did not normally move, packet filtering switch 422 and 423 no longer was sent to said specific prevention server to handle the fault that stops server 424a adaptively with user's bag.
Fig. 7 and 8 is based on the explanation process flow diagram that is used to stop the method embodiment that is connected to harmful information of the present invention of another scheme of the present invention.As shown in Figure 7; The method that is used for stoping the harmful information that is connected to the ISP network according to first embodiment of the invention comprises user profile registration step S100; Harmful information stops the PoP of system monitor message transfer step S200, and harmful information stops the PoP of system to confirm step S300, and harmful information stops service-user traffic differentiation and transfer step S400; Harmful information stops service-user bag analytical procedure S500, and harmful information stops step S600.
In user profile registration step S100, when the user asks ISP to accept through online or off line adding harmful information prevention service, add harmful information about the user and stop the information of service to be registered in the user control.Stop among the PoP of the system monitor message transfer step S200 at harmful information; Monitoring a plurality of harmful informations stops the harmful information prevention system monitoring device of the current state of the PoP of system to check that each harmful information stops positional information and the status information of the PoP of system, transmits check result then to user control.Stop the PoP of system to confirm among the step S300 at harmful information; After the positional information and the status information about its current state that receive the harmful information prevention PoP of system, user control stops from a plurality of harmful informations to be selected the PoP of system and definite harmful information prevention PoP of system.
Preferably; Stop the PoP of system to confirm in the step at harmful information; Utilization is received from harmful information and stops the harmful information of the PoP of system supervising device to stop the status information of the PoP of system, and user control stops positional information and the status information of the PoP of system to save as database each harmful information.Key information stops the subscriber to access Internet of service or transmits bag, utilizes the positional information of each PoP in the database and status information and load sharing algorithm to select a harmful information prevention PoP of system.
Here; The positional information of the harmful information prevention PoP of system can be corresponding to the representative IP address that stops the PoP of system; Harmful information stops the status information of the PoP of system can comprise at least one that from the status information group, select; According to each PoP, said status information group is by user capture amount, the portfolio that can handle, bag processing delay time, and forms about the information that fault whether occurred.Preferably; Load sharing algorithm can be implemented as based on parameter selects a harmful information to stop the PoP of system; These parameters comprise the distance in the network, and harmful information stops service-user and each harmful information to stop the network state on the route between the PoP of system, active user and volume of business.In addition, more preferably, load sharing algorithm may be implemented as the keeper can manual work be provided with a harmful information prevention PoP of system.
Stop among service-user traffic differentiation and the transfer step S400 at harmful information; When subscriber to access Internet or transmission bag; User control is discerned said user and whether is stoped the user who serves corresponding to harmful information; A route technology of selecting in the route technology group of forming through tunnel protocol or by tactful route (PBR) technology etc.; Harmful information is stoped the business of service-user from non-user's business, distinguish, transmit customer service then to stop the PoP of system to confirm that the harmful information of confirming in the step stops the PoP of system at harmful information.Stop among the service-user bag analytical procedure S500 at harmful information; Stop the customer service of distinguishing and be concentrated to the predetermined harmful information prevention PoP of system in service-user traffic differentiation and the transfer step to be wrapped mirror bag mirroring apparatus mirror image processing by user control at harmful information; Mirror image encapsulates to be filtered into and stops the necessary bag of service; And relatively the bag that is filtered is analyzed through bag that will be filtered and the harmful information DB that perhaps periodically updates in real time by harmful information control tabulation DB server, and whether definite user bag asks harmful information.Stop among the step S600 at harmful information, if in service-user bag analytical procedure, confirm the bag request harmful information of service-user, prevention message is transmitted to served user terminals and connection closed message is transmitted to the server that service-user is attempted to visit.On the contrary, if the bag of confirming service-user corresponding to the normal bag of not asking harmful information, thereby mirror image encapsulates to abandon and can normally use the Internet.
Fig. 8 show according to a second embodiment of the present invention be used to stop the method that is connected to harmful information.According to a second embodiment of the present invention; Be used to stop the method that is connected to harmful information to comprise further that basic the Internet connects and keep step S700; It allows user control 300 to change professional route; Thereby when not when harmful information stops the PoP of system to confirm to confirm that a harmful information stops the PoP of system among the step S300, the business of harmful information prevention service-user is transferred into the Internet via non-user's professional route.
Although for for explanatory purposes certain exemplary embodiment of the present invention being described; Those skilled in the art must be appreciated that under the situation that does not deviate from disclosed scope of the present invention of the claim of enclosing and spirit, can carry out various improvement, increase and be equal to replacement.Therefore, it should be understood that the foregoing description only is not is to limit the present invention by any way from explanation and illustrative purposes.
Therefore, protection scope of the present invention is not to be confirmed by said embodiment, but is confirmed by the scope that is equal to the replacement permission on claim and the legal sense thereof.

Claims (17)

1. system that is used for stoping the harmful information that is connected to ISP's network, wherein Internet service user's business is transferred into the Internet through the customer access network that comprises the user capture device, and said system comprises:
A plurality of harmful informations stop the PoP of system, and it is arranged in said ISP's backbone network;
Harmful information control tabulation DB server, it is used for transmitting in real time control tabulation to the said a plurality of harmful informations that stop the target harmful information and stops the PoP of system;
User control; It comprises customer service differentiation and transfer control; Said customer service is distinguished and thereby the transfer control executivecontrol function makes harmful information stop the business of service-user from other business, to be distinguished, and is transferred into a harmful information prevention PoP of system who from said a plurality of harmful informations prevention PoP of system, selects; And
Harmful information stops the PoP of system supervising device; It is used to monitor the current state that said harmful information stops the PoP of system, and whether normally the inspection status information for example stops the PoP of the system information of operation about each harmful information; And transmit check result to said user control, wherein:
Said a plurality of harmful information stops the PoP of system to collect the business that the said harmful information of being distinguished through the bag mirroring apparatus by said user control stops service-user; To stoping the necessary bag of service to filter described in the user's that is received from said bag mirroring apparatus the mirroring service; Compare to analyze the said bag that is filtered through bag that will be filtered and the harmful information DB that perhaps periodically updates in real time by said harmful information control tabulation DB server; Confirm whether comprise the request that is connected to harmful information in the request package of service-user, when comprising the request that is connected to harmful information in the request package of confirming said service-user, stop to be connected to said harmful information; And
The customer service differentiation of said user control and transfer control are constructed to stop said a plurality of harmful informations of the PoP of system supervising device to stop the status information of the PoP of system to confirm that a harmful information stops the PoP of system based on being received from said harmful information, and the said user capture device of business from said customer access network of said harmful information prevention service-user is sent to the said harmful information prevention PoP of system that determines.
2. the system of claim 1 is used for wherein confirming that the harmful information whether user has added said ISP's network stops the certificate server of service to be mounted, so that said certificate server is connected to said customer access network.
3. the system of claim 1, wherein said user control further comprise and are used for confirming that harmful information that whether user has added said ISP's network stops the certificate server of service.
4. the system of claim 1, wherein said user control is integrated into said customer access network.
5. system as claimed in claim 4, wherein said harmful information stops the PoP of system supervising device to be integrated into said customer access network with said user control.
6. the system of claim 1, wherein each harmful information stops the PoP of system to comprise:
User's coupling arrangement, it is used for when said user capture device passes through tunnel protocol or tactful route transport service, receiving and handle the business that said harmful information stops service-user; And
The harmful information holdout device, whether its business that is used for confirming said harmful information prevention service-user is near said harmful information.
7. system as claimed in claim 6, wherein the harmful information holdout device comprises:
The bag mirroring apparatus, it is used to carry out the relevant bag mirror image operation of business that stops service-user with said harmful information, and when said business had been transferred into ISP's core network, said bag mirror image operation was transmitted to said user's coupling arrangement;
The packet filtering device, it comprises at least two packet filtering switches, to filter the bag by said bag mirroring apparatus mirror image processing; And
Packet filtering switch supervising device, it is used for distinguishing and confirms that another is backup switch in order to activate switch for of said packet filtering switch.
8. system as claimed in claim 7; Whether normally wherein said packet filtering switch supervising device periodically checks the operation of said activation switch and said backup switch through SNMP or ICMP mode; And when said activation switch broke down, the setting of said backup switch was changed to moving as activating switch.
9. like each described system in the claim 1 to 8, wherein:
The said customer service of said user control is distinguished and transfer control comprises that harmful information stops the PoP of system to confirm the unit; It is used for stoping a plurality of harmful informations of the PoP of system supervising device to stop the status information of the PoP of system to confirm that a harmful information stops the PoP of system based on being received from said harmful information, and
Said harmful information stops the PoP of system to confirm that the unit comprises database, and said database is used for stoping the said harmful information of the PoP of system supervising device to stop the status information of the PoP of system to preserve position and status information that each harmful information stops the PoP of system based on being received from said harmful information; And load sharing algorithm portion; It is used for as long as said harmful information stops the service-user access internet or transmits bag, and the said position and the status information that are kept at each PoP in the said database through use select a harmful information to stop the PoP of system.
10. system as claimed in claim 9, wherein:
The representative IP address that each harmful information stops the positional information of the PoP of system to stop the PoP of system corresponding to said each harmful information; And
Each harmful information stops the status information of the PoP of system to comprise at least one that from the status information group, select; Stop the PoP of system according to said each harmful information; Said status information group is by user capture amount, the portfolio that can handle, bag processing delay time, and forms about the information that whether breaks down.
11. system as claimed in claim 9, wherein:
Said load sharing algorithm portion implements by following mode; Select a harmful information to stop the PoP of system based on parameter; Said parameter comprises the distance in the network; Said harmful information stops service-user and each harmful information to stop the network state on the route between the PoP of system, and active user and volume of business; And set up a harmful information through keeper's manual work and stop the PoP of system.
12. like each described system in the claim 1 to 8, wherein,
When the customer service of said user control distinguish with transfer control can not be based on being received from said harmful information when stoping a plurality of harmful informations of the PoP of system supervising device to stop the positional information of the PoP of system to confirm that with status information a said harmful information stops the PoP of system, said customer service is distinguished and transfer control transmits the business of said harmful information prevention service-user via the professional route of non-harmful information prevention service-user.
13. a method that is used for stoping the harmful information that is connected to ISP's network, said method comprises:
The user profile registration step wherein, when the user asks the ISP to accept through online or off line adding harmful information prevention service, adds said harmful information about said user and stops the information of service to be registered in the user control;
Harmful information stops the PoP of system monitor message transfer step; Wherein, Monitoring a plurality of harmful informations stops the harmful information prevention system monitoring device of the current state of the PoP of system to check that each harmful information stops positional information and the status information of the PoP of system, transmits check result then to user control;
Harmful information stops the PoP of system to confirm step; Wherein, After receiving that said harmful information stops the positional information of the PoP of system and stoping the status information of current state of the PoP of system about said harmful information, said user control stops from a plurality of harmful informations to be selected the PoP of system and confirms that a harmful information stops the PoP of system;
Harmful information stops service-user traffic differentiation and transfer step; Wherein, When said subscriber to access Internet or transmission bag; Said user control is discerned said user and whether is stoped service-user corresponding to harmful information; A route technology of selecting in the route technology group of forming through tunnel protocol or by tactful route technology stops harmful information the business of service-user from non-user's business, to distinguish, and said customer service is sent at said harmful information to stop the PoP of system to confirm the harmful information prevention PoP of system that confirms in the step then;
Harmful information stops service-user bag analytical procedure; Wherein, Stop the customer service of distinguishing and be concentrated to the predetermined harmful information prevention PoP of system in service-user traffic differentiation and the transfer step by bag mirroring apparatus mirror image processing by said user control at said harmful information; Mirror image encapsulates and is filtered into said prevention and serves necessary bag; And relatively the said bag that is filtered is analyzed through bag that will be filtered and the harmful information DB that perhaps periodically updates in real time by harmful information control tabulation DB server, and confirmed whether said user's bag asks harmful information; And
Harmful information stops step; Wherein, when confirming when said harmful information stops the bag request harmful information of service-user described in the service-user bag analytical procedure, to stop message to be transmitted to served user terminals; And connection closed message is transmitted to the server that said service-user is attempted to visit; On the contrary, when the bag of confirming said service-user when not asking the normal bag of harmful information, thereby said mirror image encapsulates to abandon and can normally use the Internet.
14. method as claimed in claim 13; Comprising further that basic the Internet connects safeguards step; It allows said user control to change professional route; Thereby when not when said harmful information stops the PoP of system to confirm to confirm that a harmful information stops the PoP of system in the step, the said business of said harmful information prevention service-user is sent to the Internet via non-user's professional route.
15. like claim 13 or 14 described methods; Wherein: stop the PoP of system to confirm in the step at said harmful information; Utilization is received from said harmful information and stops the said harmful information of the PoP of system supervising device to stop the status information of the PoP of system, stops positional information and the status information of the PoP of system to be saved as database about each harmful information; And need only said harmful information prevention service-user access internet or transmit bag, utilize positional information and status information and a harmful information prevention of the load sharing algorithm selection PoP of system of each PoP in the said database.
16. method as claimed in claim 15; Wherein said harmful information stops the representative IP address of the positional information of the PoP of system corresponding to the said prevention PoP of system; And said harmful information stops the said status information of the PoP of system to comprise at least one that from the status information group, select; According to each PoP, said status information group is by user capture amount, the portfolio that can handle, bag processing delay time, and forms about the information that whether breaks down.
17. method as claimed in claim 15; Wherein said load sharing algorithm is implemented by following mode; Select a harmful information to stop the PoP of system based on parameter; Said parameter comprises the distance in the network, and said harmful information stops service-user and each harmful information to stop the network state on the route between the PoP of system, and active user and volume of business; And can stop the PoP of system through harmful information of the artificial setting of keeper.
CN200780050122XA 2007-01-19 2007-02-07 System and method for blocking the connection to the harmful information in a internet service provider network Expired - Fee Related CN101611396B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR10-2007-0006265 2007-01-19
KR1020070006265A KR100882339B1 (en) 2007-01-19 2007-01-19 System and method for blocking the connection to the harmful information in a internet service provider network
KR1020070006265 2007-01-19
PCT/KR2007/000649 WO2008088101A1 (en) 2007-01-19 2007-02-07 System and method for blocking the connection to the harmful information in a internet service provider network

Publications (2)

Publication Number Publication Date
CN101611396A CN101611396A (en) 2009-12-23
CN101611396B true CN101611396B (en) 2012-01-18

Family

ID=38090913

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200780050122XA Expired - Fee Related CN101611396B (en) 2007-01-19 2007-02-07 System and method for blocking the connection to the harmful information in a internet service provider network

Country Status (5)

Country Link
JP (1) JP4592798B2 (en)
KR (1) KR100882339B1 (en)
CN (1) CN101611396B (en)
GB (1) GB2445805B (en)
WO (1) WO2008088101A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110137980A1 (en) * 2009-12-08 2011-06-09 Samsung Electronics Co., Ltd. Method and apparatus for using service of plurality of internet service providers
KR20110065247A (en) * 2009-12-08 2011-06-15 삼성전자주식회사 Method and apparatus for using service of plurality of internet service provider
KR102025296B1 (en) * 2012-10-05 2019-09-25 주식회사 케이티 Server and method for redirecting contents route

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002077852A1 (en) * 2001-03-20 2002-10-03 Safei Co.,Ltd. Method and system for restricting access to specific internet sites and lan card for the same
US20030023708A1 (en) * 1999-12-31 2003-01-30 Inca Internet Co., Ltd. System and method for blocking harmful information online, and computer readable medium therefor
US20040177277A1 (en) * 2002-12-24 2004-09-09 Kt Corporation Apparatus and method for blocking harmful internet site
US20050283831A1 (en) * 2004-06-21 2005-12-22 Lg N-Sys Inc. Security system and method using server security solution and network security solution

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6601084B1 (en) * 1997-12-19 2003-07-29 Avaya Technology Corp. Dynamic load balancer for multiple network servers
JP2000330897A (en) * 1999-05-17 2000-11-30 Nec Corp Firewall load dispersing system and method and recording medium
KR100329545B1 (en) * 2000-04-21 2002-04-01 김태주 Apparatus and method for intercept link of unwholesom site in internet
KR100457975B1 (en) * 2001-03-21 2004-11-18 주식회사 플랜티넷 Apparatus and method of providing service of intercepting connection to unwholesome site by user id
KR100443461B1 (en) * 2002-02-26 2004-08-09 주식회사 플랜티넷 system for harmful site connection interception service using tunneling protocol and service method thereof
KR100527794B1 (en) * 2002-02-26 2005-11-09 (주)넷피아닷컴 system for interceptting an acces of a network and method thereof
KR100472087B1 (en) * 2002-03-19 2005-03-09 주식회사 플랜티넷 connection interception service system for harmful site using packet mirroring mode and method thereof
KR100478899B1 (en) 2003-12-29 2005-03-24 주식회사 플랜티넷 The system and service providing method for harmful site connection interception service by using tunneling protocol and packet mirroring mode
JP2006054770A (en) * 2004-08-16 2006-02-23 Yokogawa Electric Corp Firewall apparatus
KR100611933B1 (en) * 2004-11-05 2006-08-11 주식회사 플랜티넷 The blocking apparatus and method of undesirable traffic with home gateway in home network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030023708A1 (en) * 1999-12-31 2003-01-30 Inca Internet Co., Ltd. System and method for blocking harmful information online, and computer readable medium therefor
WO2002077852A1 (en) * 2001-03-20 2002-10-03 Safei Co.,Ltd. Method and system for restricting access to specific internet sites and lan card for the same
US20040177277A1 (en) * 2002-12-24 2004-09-09 Kt Corporation Apparatus and method for blocking harmful internet site
US20050283831A1 (en) * 2004-06-21 2005-12-22 Lg N-Sys Inc. Security system and method using server security solution and network security solution

Also Published As

Publication number Publication date
GB0706656D0 (en) 2007-05-16
JP2009523397A (en) 2009-06-18
GB2445805B (en) 2009-06-24
CN101611396A (en) 2009-12-23
WO2008088101A1 (en) 2008-07-24
KR20090000158A (en) 2009-01-07
JP4592798B2 (en) 2010-12-08
KR100882339B1 (en) 2009-02-17
GB2445805A (en) 2008-07-23

Similar Documents

Publication Publication Date Title
KR100437169B1 (en) Network traffic flow control system
US8189468B2 (en) System and method for regulating messages between networks
EP0986229B1 (en) Method and system for monitoring and controlling network access
CN101390342B (en) Techniques for network protection based on subscriber-aware application proxies
CN1309225C (en) User bandwidth monitor and control management system and method
US7292538B1 (en) System and method for distributing information in a network environment
US20030208596A1 (en) System and method for delivering services over a network in a secure environment
CA2632579A1 (en) Electronic message delivery system including a network device
US9112901B2 (en) Method and system for providing connection resiliency
WO2006095438A1 (en) Access control method, access control system, and packet communication apparatus
JP4120415B2 (en) Traffic control computer
JP4279300B2 (en) Network virtualization apparatus and network virtualization program
CN101611396B (en) System and method for blocking the connection to the harmful information in a internet service provider network
CN105187380A (en) Secure access method and system
US20040243843A1 (en) Content server defending system
CN101729310A (en) Method and system for realizing business monitor and information acquisition equipment
CN100591024C (en) Mobile access controller, mobile locak area network and metropolitan area network, and access method
EP2136506B1 (en) Keepalive monitoring method, system and apparatus of a subscriber session group
JP2002271415A (en) Proxy server system and communication method thereof
JP4874900B2 (en) Information processing system with collaborative devices
CN100450068C (en) Multicast group maintaining method
JP3426832B2 (en) Network access control method
JP3668648B2 (en) Session information management method and session information management apparatus
Cisco Appendix D, Web Cache Control Protocol (WCCP), Version 2 (V1.7.6)
JP5668503B2 (en) Hazardous site filtering system and filtering method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120118

Termination date: 20170207