KR100780393B1 - Method of controlling internet access service for children and computer-readable medium having thereon program performing function embodying the same - Google Patents

Abstract

A method for controlling an internet access service for teenagers and a computer readable medium recording a program for embodying the same are provided to enable an internet service provider to control the internet access service of the teenagers though a user terminal does not add an internet access intercepting function. A method for controlling an internet access service for teenagers comprises the following several steps. An internet service provider receives an initial network access request from a user terminal(S110). The internet service provider performs a user authentication procedure for the initial network access request(S120). If the internet service provider determines that the user requesting the initial network access is a teenager, the internet service provider checks whether the internet access service is clearly available, unavailable or has to be reserved(S130). If the internet access service is clearly available, the internet service provider allows the user to access the network via the user terminal(S140). If the internet access service is clearly unavailable, the internet service provider intercepts the user to access the network via the user terminal(S150). If the internet access service has to be reserved, the internet service provider reserves a connection between the user terminal and the network(S160).

Description

METHOD OF CONTROLLING INTERNET ACCESS SERVICE FOR CHILDREN AND COMPUTER-READABLE MEDIUM HAVING THEREON PROGRAM PERFORMING FUNCTION EMBODYING THE SAME}

1 is a flowchart of a method for controlling a youth internet access service according to the present invention;

2 is a diagram illustrating an example of an Internet access service providing system to which a method for controlling a youth internet access service according to the present invention is applied.

<Description of the symbols for the main parts of the drawings>

100: user terminal 210: user-end router

220: authentication server 230: user identification database

240: control router 250: access control server

260: Access Control Database 270: L4 Switch

300: site

The present invention relates to a method for controlling a youth internet access service and a computer-readable recording medium recording a program for realizing the same. More specifically, the Internet service provider does not need to add an Internet access blocking function to a user terminal. Based on the information of the customer who is using the Internet service, the user is determined to be a youth, and if it is determined that the user is a youth, based on whether the access is explicitly allowed, whether the user is explicitly blocked or suspended the access. The present invention relates to a method for controlling a youth internet access service capable of controlling an internet access service, and a computer-readable recording medium having recorded thereon a program for realizing the same.

Due to the rapid expansion of the Internet, various services are provided on the Internet. Most of these Internet services are open so that anyone can access them easily.

However, there are sites that provide useful information for living on the Internet service, but there are sites that are likely to cause psychological stimulation and confusion of values of the growing youth, such as violence / sexual pornography sites and suicide promotion sites. Also, in recent years, excessive use of addictive online games, chat via P2P messenger, and community services is also increasing.

For example, online game sites often have bad effects on teenagers due to addictiveness. These services are one of the side effects of the development of the Internet, which adversely affects the emotions of adolescents.

In order to solve this problem, a number of methods have been developed, particularly to block access to harmful sites and to limit the time spent on the Internet.

There are two ways to implement the youth internet access control service.

First of all, it is a case where a harmful site is blocked or an internet access time is controlled based on a terminal of a user, i.

In other words, if a user stores a list of harmful sites on a terminal such as a user's PC, and the user tries to access a site included in the list of harmful sites, the web function is set so that even if the contents of the site are downloaded, There is a way to block access to harmful sites by not displaying on the screen.

However, in such a case, there is a situation that has not been implemented so far to control the Internet access time, and the youth Internet access control service based on the subscriber terminal has a problem that a harmful site blocking program must be installed on the user's PC.

In addition, the criterion for blocking harmful sites is to restrict access to the site by using access information such as the URL or IP of the harmful site, but it is difficult to identify harmful sites on the Internet. In case of restriction, it is difficult to effectively block the IP address only. In addition, there is a disadvantage that the list of harmful sites must be continuously updated and transmitted to the user's terminal. In addition, when deleting a list of harmful sites, etc. in the user terminal has a disadvantage that the blocking is not performed.

Another method is to block harmful sites from Internet service providers (ISPs) that users use to access the Internet.

In other words, if the traffic of the user is classified on the network and the traffic to the harmful site is determined, the traffic is blocked to restrict the access to the harmful site.

This method has the advantage of restricting access to harmful sites at the network level without adding a function for blocking service to the user's terminal. However, the disadvantage of having a large bandwidth of a physical connection link to the blocking server and Complicated functions inevitably have a high service fee, and in the event of a failure of the blocking system, the user cannot receive the Internet service. In addition, since only the sites that are explicitly blocked are blocked, it is very difficult to explicitly block the sites for a large number of sites on the Internet.

The conventional internet access control service also has a disadvantage in that it does not provide differentiated services by user age.

It is an object of the present invention to determine whether a user is a youth based on the information of a customer using his or her Internet service even if the internet service provider does not add an internet access blocking function to the user terminal. A computer recording a method for controlling a youth internet access service that can control an internet access service for a youth based on whether access is permitted, explicitly blocking the connection, or suspending the access. To provide a readable recording medium.

Another object of the present invention is to provide a computer-readable recording medium having recorded thereon a program for realizing the above-described method for controlling the youth internet access service.

In order to achieve the above technical problem, the present invention provides a user authentication in response to the initial network access request (a) receiving an initial network access request from a user terminal, and (b) when subscribing to the youth access control service. And (c) if it is determined that the user is a youth in the user authentication, determining whether the network access request is explicitly provided to the youth, whether it is not explicitly provided, or whether to suspend access. To do this, you can either connect to a white list that stores information about sites that are explicitly allowed access to the youth, or a blacklist that stores information about sites that explicitly block access to the youth. Save to gray list, which stores information about pending sites The network connection request is explicitly provided to the youth when the site corresponding to the network connection request belongs to the white list, and the network connection request is determined. When the site corresponding to the request belongs to the black list, it is determined that the network connection request cannot be explicitly provided to the youth, and when the site corresponding to the network connection request belongs to the gray list or the white list or the black If the network connection request does not belong to any of the list or the gray list, determining that the network connection request is suspended from the youth, and (d) determining that it is explicitly provided to the youth in the step (c). Allowing a network connection between the site corresponding to the network connection request and the user terminal; and (e) a site corresponding to the network connection request if it is determined in step (c) that it is not explicitly provided to the youth. Disconnecting the network connection between the user terminal and the user terminal; and (f) if it is determined in step (c) to suspend access to the youth, the network connection between the site corresponding to the network connection request and the user terminal is disconnected. It provides a method for controlling a youth internet access service comprising the step of withholding.

The present invention also provides a computer-readable recording medium having recorded thereon a program for implementing each step of the method for controlling the youth internet access service.

Hereinafter, a method for controlling a youth internet access service of the present invention and a computer-readable recording medium recording a program for realizing the same will be described in more detail with reference to the accompanying drawings.

1 is a flowchart illustrating a method for controlling a youth internet access service according to the present invention, and FIG. 2 is a diagram illustrating an example of a system for providing an internet access service to which a method for controlling a youth internet access service according to the present invention is applied.

Hereinafter, a method for controlling youth internet access service according to the present invention will be described with reference to FIG. 1 or FIG. 2.

First, an initial network connection request is received from a user terminal (S110).

For example, a subscriber of a method for controlling a youth internet access service according to the present invention may attempt to visit a desired site 300 through a network connection application of an internet-enabled user terminal 100 such as his PC, for example, a web browser. do. In this case, when the user terminal 100 is powered up and then attempts to access the site 300 for the first time, a connection is first made to an ISP. In this case, the network connection request transmitted is an initial network connection request.

If the user of the user terminal 100 does not subscribe to the Internet access service control method for the youth in accordance with the present invention in advance through an agreement with the ISP, the subsequent steps are not performed, and the same access service as the general internet access service is provided. do. That is, network connection is allowed between the user terminal 100 and the site 300 through the user terminal router 21.

However, in the case of a subscription with an ISP in advance for the method for controlling the youth internet access service according to the present invention, it is necessary to control the provision of the internet access service for the youth in particular.

First, user authentication is performed in response to the initial network access request (S120).

In this case, the user end router 210 transmits an initial network connection request to the authentication server 220.

The authentication server 220 obtains user identification information by communicating with the user terminal 100 in response to the initial network connection request. Thereafter, user authentication is performed by comparing the obtained user identification information with subscriber information stored in the user identification database 230.

In this case, the usable user identification information may be identification information composed of, for example, a user ID and a password. The user ID and password may be separately designated for each of a plurality of users of the user terminal 100, and may be used as basic information for distinguishing whether the current user is an adult or a youth, for example.

 Alternatively, authentication information including a public certificate or a private certificate may be used as user identification information. Such authentication information may also be used as basic information for distinguishing whether the current user is an adult or a youth.

If the result of the user authentication is an adult, the same access service as the general internet access service is provided. That is, network connection is allowed between the user terminal 100 and the site 300 through the user terminal router 21.

However, if it is determined that the youth is a result of the authentication, it is necessary to control the provision of the Internet access service.

If it is determined that the user in step S120 is a youth, whether the network connection request from the user terminal 100 can be explicitly provided to the youth or cannot be provided explicitly or whether the connection is withheld. Determine (S130).

This determination is performed in the access control server 250 based on the information stored in the access control database 260.

That is, the access control database 260 includes a white list that stores information about sites that are explicitly allowed to access the youth, and a black list that stores information about sites that explicitly block access to the youth. And a gray list that stores information about sites withholding access for youth.

Each such site is stored to be specified, for example, by a URL or directory location or IP address within the URL.

Gray lists are sites that do not belong to the white list or the black list, and are a collection of sites whose connection is withheld in response to a network user's request for youth users. The gray list is preferably generated by a network connection request from ISP users.

This gray list is an intermediate step before designating as a white list and a black list, and is preferably implemented to periodically check and move to the white list or black list and store it.

For example, if a grader is designated as an elementary school teacher to determine the grade of the gray list in advance at the ISP level, the grader evaluates the grades of sites belonging to the gray list, and the ISP evaluates the grades. You will receive the information it represents.

This rating information indicates whether the rating is explicitly or not available to the youth, and if rating information is explicitly available to the youth, then the site corresponding to the rating information from the gray list to the white list. When moving and storing, and if the rating information is not explicitly provided to the youth, the site corresponding to the rating information may be moved to a black list and stored to update the access control database 260. The period of such renewal may be set according to the ISP's rating management policy, such as in units of one day or six hours.

Based on the access control database 260, it is determined whether or not it can be provided to the youth.

That is, the youth network connection request is transmitted from the user terminal 100 to the control router 240 via the user terminal router 210, and then to the access control server 250 to control the connection. The control router 240 is a router configured to first transmit to the access control server 250, particularly for the network connection of the youth. In this case, the L4 switch 270 may be disposed between the control router 240 and the access control server 250 to reduce the load on the network.

The access control server 250 compares the white list, the black list, and the gray list stored in the access control database 260 with the site corresponding to the youth network access request.

In this case, if a site corresponding to the network access request belongs to the white list, it may be determined that the network access request can be explicitly provided to the youth.

However, if the site corresponding to the network connection request belongs to the black list, it can be determined that the network connection request is not explicitly provided to the youth.

If the site corresponding to the network connection request belongs to the gray list, or if the site corresponding to the network connection request does not belong to any of the white list, the black list, or the gray list, the network connection request is suspended from the youth. You can judge that.

If it is determined in step S130 that it can be explicitly provided to the youth, the access control server 250 allows a network connection between the site and the user terminal corresponding to the network connection request (S140).

The permission of the network connection is the same as in the case where the adult or other youth internet access service control method according to the present invention is not applied except for passing through the control router 240, and thus detailed description thereof will be omitted.

If it is determined in step S130 that it is not explicitly provided to the youth, the access control server 250 blocks the network connection between the site corresponding to the network access request and the user terminal (S150).

In this case, the network connection blocking may be performed by transmitting a blocking packet generated through the control server 250 to the site 300 and the user terminal 100 corresponding to the network access request. That is, the blocking packet is configured by, for example, including a reset or a fin flag, and is performed by transmitting a dummy packet for terminating a session connection between the user terminal 100 and the site 300. The blocking scheme using such a packet is referred to as a TCP session killing technique.

If it is determined in step S130 to suspend access to the youth, the access control server 250 suspends the network connection between the site corresponding to the network access request and the user terminal (S160).

In this case, network connection suspension may be performed by transmitting a blocking packet generated through the access control server 250 to the site 300 and the user terminal 100 corresponding to the network connection request. However, the difference from the network connection blocking in step S150 is that the blocking packet sent to the user terminal 100 includes a message indicating that an attempt is made to connect to a site on which the connection is held, and a message indicating whether to retry the blocked network connection. will be.

In other words, even if it is determined that the network connection is suspended, connection is possible according to the user's choice because it is not explicitly accessible. Therefore, a message asking whether to retry is transmitted to enable such connection.

The detailed procedure of this connection hold and subsequent reconnection is as follows.

First, if it belongs to the gray list, the network connection is suspended for the network connection request. For example, the above-described blocking packet may be used to suspend the connection.

However, in spite of such a network connection suspension, when receiving a connection execution request requesting the connection again for the reserved network connection request from the user terminal 100, the site 300 and the user terminal ( 100) can allow network connections.

Such a connection request may be generated from the user terminal 100 and transmitted to the ISP in response to a message indicating whether to retry a reserved network connection included in the aforementioned blocking packet.

In this case, however, it is necessary to inform the parent of the youth that such access to the gray list has occurred.

Therefore, when a network connection to a site belonging to the gray list is allowed by the aforementioned connection execution request, the site is stored as the pending access permission information. It may for example be stored in storage means inside or outside the ISP.

When the inquiry request is received by the parent of the youth with respect to the pending connection permission information, the parent may transmit the corresponding information to confirm.

In addition, when a network connection is allowed by the access execution request, a site corresponding to the access execution request may be moved to a white list and stored. That is, for example, the personal web page of the elementary school teacher may not belong to either the white list, the black list, or the gray list. However, in case of putting homework on their web page through class, students of the class can access. If a large number of such connections occur, the site is temporarily whitelisted to allow direct access to subsequent connections, thereby reducing the inconvenience of connection due to network connection suspension.

However, it is desirable to filter the sites stored in the white list in this manner once again through the evaluation of the rating unit.

Therefore, for sites belonging to the white list by the request to perform access, after receiving rating information indicating whether the site is explicitly available or not available to the youth from the predetermined rating evaluation unit, the corresponding rating is received. If the information is not available to the youth explicitly, it is advisable to blacklist the site corresponding to the rating information.

It is also necessary to limit the usage time for white lists that are explicitly allowed to connect. For example, to prevent excessive use of online games.

In this case, after extracting the network connection time between the site 300 corresponding to the network connection request and the user terminal 100, if the extracted network connection time exceeds a predetermined threshold, the site 300 corresponding to the network connection request. ) And the network connection between the user terminal 100.

The network connection time extraction and blocking may be performed in the access control server 250.

Although the implementation of each step of the method for controlling the youth internet access service according to the present invention using the system for providing an internet access service shown in FIG. 2 has been described, the system for providing an internet access service of FIG. 2 is merely exemplary, and the other. Of course, in the Internet access service providing system implemented in the form, the youth internet access service control method according to the present invention may be implemented.

The present invention also provides a computer-readable recording medium having recorded thereon a program for realizing each step of the method for controlling youth internet access service according to the present invention. However, a detailed description of the computer-readable recording medium according to the present invention will be omitted since it overlaps with the method for controlling the youth internet access service according to the present invention described with reference to FIGS.

Although the configuration of the present invention has been described in detail, it is only for illustrating the present invention, and the protection scope of the present invention is not limited thereto, and the protection scope of the present invention is defined through the description of the claims.

As described above, according to the present invention, even if the Internet service provider does not add the Internet access blocking function to the user terminal, it is determined whether the user is a youth based on the information of the customer who is using his / her Internet service and is determined as a youth. If possible, the internet access service can be controlled for the youth based on whether the connection is explicitly granted, explicitly blocked or suspended.

Claims (16)

(a) receiving an initial network connection request from a user terminal, (b) performing user authentication in response to the initial network access request when subscribing to a youth access control service; (c) In the case where the user authentication is determined to be a youth, for the subsequent site access request, the whitelist including the allowed site and the blacklist including the disallowed site are referred to, so that the requested site is connected to the white. If it exists in the list, it is determined that the site has been explicitly provided to the youth, if it exists in the black list, it is determined that the site cannot be provided explicitly, and if it is not present in both the white list and the black list, the site is determined to be connected to hold Steps, (d) allowing a network connection between the site corresponding to the network connection request and the user terminal when it is determined that the step (c) is explicitly provided to the youth; (e) blocking the network connection between the site corresponding to the network connection request and the user terminal when it is determined in step (c) that it is not explicitly provided to the youth; (f) suspending the network connection between the site corresponding to the network connection request and the user terminal when determining that the user suspends the connection in the youth in step (c); Registering the site determined to be suspended in the gray list; Receiving a result of determining whether to allow or deny access to a site registered in the gray list; Updating the white list or the black list according to the received determination result Youth Internet access service control method comprising a. The method of claim 1, wherein step (b) (b-1) acquiring user identification information in response to the initial network access request; (b-2) comparing the user identification information with previously stored user information to perform the user authentication; It comprises a youth internet access service control method. The method of claim 2, The user identification information is any one of identification information consisting of a user ID and password or authentication information including a public certificate or a private certificate. delete The method of claim 1, wherein step (c) comprises: (c-11) obtaining rating information indicating whether or not explicitly provided to the youth from the predetermined users for the sites belonging to the gray list; (c-12) if the rating information is explicitly provided to the youth, moving the site corresponding to the rating information to the white list and storing it; (c-13) if the rating information is not explicitly provided to the youth, moving the site corresponding to the rating information to the black list and storing the same; It comprises a youth internet access service control method. The method of claim 1, wherein step (f) comprises: (f-1) suspending network connection for the network connection request; (f-2) acquiring an access execution request for the reserved network access request from the user terminal; (f-3) allowing a network connection between the user terminal and the site corresponding to the connection execution request; It comprises a youth internet access service control method. The method of claim 6, wherein step (f) comprises: (f-4) storing the site corresponding to the request to perform the connection as pending access permission information when the network connection is permitted by the step (f-3); (f-5) receiving an inquiry request for the suspended connection permission information; (f-6) transmitting the pending connection permission information in response to the inquiry request It further comprises a youth internet access service control method. The method of claim 6, wherein step (f) comprises: (f-7) if the network connection is allowed in step (f-3), moving the site corresponding to the access request to the white list and storing the site; It further comprises a youth internet access service control method. The method of claim 8, wherein step (f) comprises: (f-8) receiving rating information indicating whether or not explicitly available to the youth from the predetermined user for the sites belonging to the white list by step (f-7); Wow, (f-9) if the rating information is not explicitly provided to the youth, moving to and storing the site corresponding to the rating information in the black list; It further comprises a youth internet access service control method. The method of claim 1, The blocking of the network connection in the step (e) or the holding of the network connection in the step (f) is performed by transmitting a blocking packet to the site corresponding to the network connection request and the user terminal. How to control access service. The method of claim 10, And the blocking packet includes a reset or end flag. The method of claim 10, The blocking packet transmitted to the user terminal in the case of the network connection hold includes a message indicating that a connection is attempted to a site where the connection is held, and a message indicating whether to retry the reserved network connection. The method of claim 1, And the site corresponding to the network connection request is specified by a URL or a directory location or an IP address within the URL. The method of claim 1, (g) extracting a network connection time between the site corresponding to the network access request and the user terminal when allowing the network connection in step (d); (h) blocking network connection between the site corresponding to the network request and the user terminal when the network connection time extracted in step (g) exceeds a predetermined threshold; Youth Internet access service control method further comprising a. The method of claim 6 or 12, And requesting to perform the connection is obtained in response to a message of retrying the suspended network connection. A computer-readable recording medium having recorded thereon a program for realizing each step of the method for controlling the youth internet access service according to any one of claims 1 to 3 and 5 to 14.

Images