KR101893209B1 - Apparatus, method and system for providing of IP communication service - Google Patents

Apparatus, method and system for providing of IP communication service Download PDF

Info

Publication number
KR101893209B1
KR101893209B1 KR1020150189064A KR20150189064A KR101893209B1 KR 101893209 B1 KR101893209 B1 KR 101893209B1 KR 1020150189064 A KR1020150189064 A KR 1020150189064A KR 20150189064 A KR20150189064 A KR 20150189064A KR 101893209 B1 KR101893209 B1 KR 101893209B1
Authority
KR
South Korea
Prior art keywords
destination
communication
terminal
secure
source
Prior art date
Application number
KR1020150189064A
Other languages
Korean (ko)
Other versions
KR20170078482A (en
Inventor
서경덕
김태균
남도현
장덕문
Original Assignee
주식회사 케이티
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 케이티 filed Critical 주식회사 케이티
Priority to KR1020150189064A priority Critical patent/KR101893209B1/en
Priority to PCT/KR2016/014850 priority patent/WO2017111404A1/en
Publication of KR20170078482A publication Critical patent/KR20170078482A/en
Application granted granted Critical
Publication of KR101893209B1 publication Critical patent/KR101893209B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2015
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management

Abstract

Determines whether to convert the first destination IP included in the IP packet transmitted from the first terminal into the second destination IP according to the predetermined IP change management information, and if the conversion to the second destination IP is determined, the converted second destination IP Routing table, and if it is not converted to the second destination IP, confirms whether the first destination IP is included in the routing table. According to the confirmation result, the first source IP included in the IP packet is changed to the second source IP, and the IP packet transmitted from the first terminal based on the changed second source IP and the destination IP is transmitted to the second terminal through secure IP communication or air IP communication.

Description

[0001] Apparatus, method and system for providing IP communication service [0001]

The present invention relates to an apparatus, a method and a communication system for providing an IP communication service.

In general, terminals that desire to use the Internet service receive the public IP address and access the public Internet network to use the service. There are various types of terminals using the internet service, such as POS terminal, CCTV, IoT terminal, etc. These terminals can be used by individuals, but they can be bundled into a user group and installed in the enterprise.

At this time, if a malicious third party changes the service provided to the terminal through the public Internet network, changes the IP address provided to the terminal, attacks an IP address such as DDoS, In the case of intercepting an IP address, there is a problem that a store-type franchise that operates a POS, a company that requires secure connection between a head office, a branch office, and a branch office, or a CCTV operating company or an institution can not provide a secure service.

In order to do this, the service is provided by encrypting the traffic or installing a separate VPN device, but the communication speed is not guaranteed due to the VPN header or the traffic encryption, and there is a disadvantage in that a cost is incurred by installing a separate expensive equipment.

Accordingly, the present invention provides an apparatus, a method, and a communication system for providing an IP communication service that provides both a secure IP communication service and a public IP communication service that enable a closed communication connection in a public Internet network.

According to an aspect of the present invention, there is provided an apparatus for providing an IP communication service for providing a secure IP communication service to a terminal,

An IP change management unit that stores IP change management information and is capable of converting a first destination IP included in an IP packet transmitted from the first terminal into another IP according to the IP change management information; A routing table management unit managing a routing table including addresses of a plurality of security IPs for providing a secure IP communication service; An IP processing unit for confirming whether a destination IP not converted or converted by the IP change management unit is included in the routing table and changing a first source IP included in the IP packet to a second source IP according to a result of the check; And transmitting the IP packet to the second terminal through either the public IP communication or the secure IP communication based on the second source IP changed in the IP processing unit and the destination IP not converted or converted in the IP change management unit And a communication unit.

According to another aspect of the present invention, there is provided a method for providing an IP communication service between a first terminal and a second terminal,

Determining whether to convert a first destination IP included in an IP packet transmitted from the first terminal into a second destination IP according to predetermined IP change management information; Confirming whether the converted second destination IP is included in the routing table if the conversion to the second destination IP is determined, and confirming whether the first destination IP is included in the routing table if the conversion is not performed to the second destination IP; Changing a first source IP included in an IP packet to a second source IP according to the result of the checking; And transmitting the IP packet transmitted from the first terminal based on the changed second source IP and the destination IP to the second terminal through either secure IP communication or public IP communication.

According to another aspect of the present invention, there is provided an IP communication system for providing an IP communication service to a terminal,

A first IP and a second IP from the outside and receives control information; a destination IP included in the IP packet transmitted from the terminal; and a destination IP of either the first IP or the second IP based on the destination IP An IP communication service providing apparatus for determining whether to transmit the IP packet through either the first IP communication or the second IP communication in accordance with the source IP which is converted into the IP address; A control unit for transmitting the control information to the IP communication service providing apparatus; A DHCP server allocating and providing the first IP and the second IP to the IP communication service providing apparatus; A first gateway for transmitting the IP packet to a destination terminal when the IP communication service providing apparatus determines to transmit the IP packet through a first communication; And a second gateway for transmitting the IP packet to a destination terminal when the IP communication service providing apparatus determines that the IP packet is to be transmitted through a second communication.

According to the present invention, it is possible to provide both the public IP communication service and the secure IP communication service in the public network through the IP service providing apparatus to which both the secure IP and the public IP are allocated.

1 is an exemplary diagram illustrating a communication system for providing an IP communication service according to an embodiment of the present invention.
2 is a structural diagram of a secure IP router according to an embodiment of the present invention.
3 is a flowchart of an IP communication method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when an element is referred to as "comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise.

In this specification, a terminal includes a mobile station (MS), a mobile terminal (MT), a subscriber station (SS), a portable subscriber station (PSS) An access terminal (AT), and the like, and may include all or some of functions of a mobile terminal, a subscriber station, a mobile subscriber station, a user equipment, and the like.

Hereinafter, an apparatus and method for providing a secure IP communication service according to an embodiment of the present invention will be described with reference to the drawings. In the embodiment of the present invention, a service for providing a closed communication service to a terminal in a public Internet network is referred to as a 'secure IP communication service', but the present invention is not limited thereto.

In the embodiment of the present invention, an IP used to transmit an IP packet through IP communication in a public Internet network according to the type of IP is referred to as a 'public IP'. The IP used to transmit IP packets through secure IP communication is referred to as a 'secure IP'.

1 is an exemplary diagram illustrating a communication system for providing an IP communication service according to an embodiment of the present invention.

The environment for providing the secure IP communication service as shown in FIG. 1 assumes that the first terminal 10 transmits an IP packet to the second terminal 20, which is the destination terminal, for IP communication. Herein, the first terminal 10 requests the secure IP router 100 to allocate IP to transmit the IP packet.

The IP packet transmitted by the first terminal 10 includes the source IP of the first terminal 10, the destination IP of the second terminal 20, and the packet. It is assumed that the first terminal 10 already knows the destination IP address of the second terminal 20 and the method of obtaining the destination IP address of the first terminal 10 can be performed through various methods. The detailed description is omitted in the embodiment. The destination IP is either a public IP of the second terminal 20 or a secure IP created by a DHCP (Dynamic Host Configuration Protocol) server 50 through a public IP, and the DHCP server 50 creates a secure IP A detailed description of a method of providing the data to the terminal will be omitted.

The secure IP router 100 includes a control and management system (CMS) 300, a first terminal 10, a DHCP server 50, a gateway 30, And is connected to the secure IP gateway 200, receives control information from the control unit 300, and updates the control information. The control information includes IP change management information, routing table information, and security policy.

Here, the IP change management information is reference information for determining whether to change the destination IP included in the IP packet to another IP when the first terminal 10 tries to transmit the IP packet. That is, when the destination IP included in the IP packet is one of a plurality of specific destination IPs preset by the IP change management information, the destination IP is changed according to the IP change management information to generate the change destination IP. To this end, the IP change management information includes a plurality of predetermined IPs among a plurality of IPs, and changed IPs to be changed by executing NAT on specific IPs.

The routing table information includes information of a plurality of security IPs that are preset to transmit IP packets through secure IP communication.

The security policy includes communication blocking object information (for example, IP, port, or protocol information) preset in advance. And is a reference information for controlling communication to be interrupted when an IP packet is attempted to be transmitted through an IP set as communication blocking object information.

Then, the secure IP router 100 compares the destination address included in the IP packet transmitted from the first terminal 10 with the control information, and then executes NAT (Network Address Translation) to change the destination IP.

Also, the secure IP router 100 compares the source IP and the destination IP of the terminal 10 that generated the IP packet with the security policy stored in advance, and determines whether to block the communication for transmitting the IP packet . The secure IP router 100 may route the IP packet using the public network according to the type of the source IP (public IP or secure IP) or the type of the destination IP, or may route the IP packet through the secure IP gateway do.

The secure IP router 100 may request the DHCP server 50 to allocate the IP address of the secure IP router 100 itself or the secure IP router 100 may allocate the IP of the first terminal 10 . The secure IP router 100 may also perform functions of a general router, and detailed description thereof will be omitted in the embodiment of the present invention. The secure IP router 100 will be referred to as an IP communication service provider in the embodiment of the present invention, and the structure of the secure IP router 100 will be described later with reference to FIG.

IP packets that have passed through the secure IP router 100 are delivered to either the secure IP gateway 200 or the gateway 40. That is, when the public IP communication service is provided to the first terminal 10, the IP packet is delivered to the gateway 30 and the secure IP communication service is provided to the first terminal 10, ). ≪ / RTI >

The DHCP server 50 is connected to the secure IP router 100 and allocates a secure IP and a public IP to the secure IP router 100. A method of allocating the secure IP address and the public IP address by the DHCP server 50 can be assigned through various methods, and thus a detailed description thereof will be omitted in the embodiment of the present invention.

The secure IP gateway 200 is a gateway for providing a closed communication service in the public Internet network and performs a separate function for providing a closed communication service as well as a general gateway function. To this end, the IP packet transmitted to the secure IP gateway 200 is transmitted to the first terminal 10 when the source IP of the first terminal 10 that generated the IP packet is a secure IP, To the IP gateway 200. However, the present invention is not limited thereto.

The control unit 300 interlocks with the secure IP gateway 200 and the secure IP router 100 and provides the IP change management information, the security policy, and the routing table information to the secure IP router 100. The IP change management information, the security policy, and the routing table information are transmitted to the secure IP router 100 at predetermined intervals, but the present invention is not limited thereto.

The gateway 30 is connected to the secure IP router 100 and the second terminal 20 and delivers the IP packet transmitted from the secure IP router 100 to the second terminal 20 through the public Internet network. To this end, the IP packet transmitted to the gateway 30 is transmitted to the first terminal 10 through the public IP communication according to the policy confirmed by the secure IP router 100 when the source IP of the first terminal 10 that generated the IP packet is the public IP And when the IP packet is determined to be transmitted to the gateway 30, it is not necessarily limited to such a case. The function of the gateway 30 is already known, and a detailed description thereof will be omitted in the embodiment of the present invention.

The second terminal 20 receives the IP packet transmitted through the gateway of either the secure IP gateway 200 or the gateway 30. [

Only the components necessary for providing the secure IP communication in the public network have been shown and may further include components not shown in FIG. In the above environment, the structure of the secure IP router 100 will be described with reference to FIG.

2 is a structural diagram of a secure IP router according to an embodiment of the present invention.

2, the secure IP router 100 includes an IP address request unit 101, an IP address assignment unit 102, an IP change management unit 103, a routing table management unit 104, an IP processing unit 105, A security policy management unit 106, and a communication unit 107. [

The IP address requesting unit 101 requests the DHCP server 50 to allocate the IP of the secure IP router 100 itself. And receives the assigned IP from the DHCP server 50. The IP assigned by the DHCP server 50 includes the public IP and the secure IP.

The IP address assigning unit 102 assigns an IP according to a predetermined rule such as the DHCP server 50 when the first terminal 10 receives an IP allocation request for the first terminal 10. The IP address assigned to the first terminal 10 is a private IP address. The first terminal 10 transmits an IP packet to the secure IP router 100 using the assigned private IP address. The method of assigning the IP address to the first terminal 10 by the IP address assigning unit 102 may also be performed through various methods. Therefore, the present invention is not limited to any method.

The IP change management unit 103 receives the IP change management information transmitted from the control unit 300 according to a preset period, and updates and stores the received IP change management information. Then, it checks the destination IP included in the IP packet to be transmitted from the first terminal 10, and confirms whether the checked destination IP is the IP to be converted according to the control information.

The IP change management information includes a plurality of predetermined IPs set in advance and changed IPs to be changed by executing NAT on specific IPs. Therefore, the IP change management unit 103 checks whether the destination IP corresponds to a specific IP, and does not convert the destination IP if the destination IP included in the IP packet does not correspond to the specific IP.

However, if it corresponds to a specific IP, NAT is executed on the destination IP to convert it to the change destination IP. Here, the changed destination IP through the IP change management unit 103 may be a public IP or a secure IP. In the embodiment of the present invention, the destination IP included in the IP packet is referred to as a first destination IP, and the destination IP not changed or changed through the IP change management unit 103 is referred to as a second destination IP.

The routing table management unit 104 receives routing table information transmitted from the control unit 300 according to a predetermined period, and updates and stores the routing table information. The routing table information is a list of IPs allowed in advance to use the secure IP communication service when the terminal desires to use the secure IP communication service, and a list of a plurality of security IPs is stored as a routing table.

The IP processing unit 105 confirms the second destination IP outputted from the IP change management unit 103 and compares the second destination IP with the routing table information stored in the routing table management unit 104. [ If the second destination IP is one of the security IPs stored in the routing table, the IP processing unit 105 changes the source IP included in the IP packet to the security IP assigned to the secure IP router 100.

However, if the second destination IP is not a secure IP stored in the routing table, the IP processing unit 105 changes the source IP included in the IP packet to the public IP assigned to the secure IP router 100. [ The source IP of the first terminal 10 included in the IP packet is referred to as a 'first source IP' and the IP processor 105 transmits the source IP of the first terminal 10 to the secure IP router 100, The source IP changed to either the public IP or the secure IP of the second source IP will be referred to as a 'second source IP'.

The security policy management unit 106 receives and updates the security policy transmitted from the control unit 300 according to a predetermined period. Here, the security policy includes communication blocking object information (for example, IP, port, or protocol information) set in advance. In the embodiment of the present invention, the security policy management unit 106 receives the security policy from the control unit 300 as an example, but may be set in advance.

In addition, the security policy management unit 106 manages information such as port information or protocol that is included in the IP packet transmitted from the IP processing unit 105 and for which the second source IP or the second destination IP or IP packet is to be transmitted, . ≪ / RTI > And determines whether to block the communication according to the security policy.

When the security policy management unit 106 permits the transmission of the IP packet, the communication unit 107 transmits either one of security IP communication or public IP communication based on the second source IP and the second destination IP included in the IP packet To the second terminal (20).

A method of performing secure IP communication or public IP communication according to the IP address in the communication network including the secure IP router 100 described above will be described with reference to FIG.

3 is a flowchart of an IP communication method according to an embodiment of the present invention.

As shown in FIG. 3, the secure IP router 100 requests the DHCP server 50 to allocate an IP address to the secure IP router 100 (S100). The DHCP server 50 allocates the public IP and the secure IP of the secure IP router 100 according to the request of step S100 and transmits the same to the secure IP router 100 (S101). The secure IP router 100 receives the control information from the control unit 300 according to a preset period (S102). The control information includes IP change management information, routing table information, and security policy.

When the first terminal 10 connected to the secure IP router 100 requests 103 the IP allocation to the secure IP router 100 for IP communication with the second terminal 20, Generates a private IP address for the first terminal 10 and transmits the private IP address to the first terminal 10 (S104, S105). In step S104, the secure IP router 100 generates a private IP address for the first terminal 10 according to a preset rule used when the DHCP server 50 generates an IP address.

In step S105, the first terminal 10 transmits an IP packet using the private IP address received from the secure IP router 100 (S106). Here, the IP packet includes a private IP of the first terminal 10 as a first source IP, a first destination IP and a packet of the second terminal 20. The method for the first terminal 10 to obtain the first destination IP for the second terminal 20 can be obtained through various methods, and a detailed description thereof will be omitted in the embodiment of the present invention.

The IP change management unit 103 confirms the first destination IP included in the IP packet received in step S106 (S107). Then, it is confirmed whether the first destination IP is the IP included in the IP change management information in the control information received in step S102 (S108).

If the first destination IP is an IP included in the IP change management information, NAT is executed to the first destination IP to change to the second destination IP (S109). The changed second destination IP may be a secure IP or a public IP. However, if it is determined in step S109 that the first destination IP is an IP not included in the IP change management information, the first IP destination IP is set as the second destination IP.

The next IP processing unit 105 compares the second destination IP generated in the IP change management unit 103 with the routing table information stored in the routing table management unit 104 to confirm that the second destination IP is a secure IP (S110 ). The routing table contains addresses for secure IPs. The routing table may contain additional information in addition to the secure IP address.

Accordingly, the IP processing unit 105 determines whether the second source IP is a secure IP based on the second destination IP found in step S110 and the routing table managed by the routing table management unit 104, To the secure IP assigned to the secure IP router 100 to determine the second source IP. If the second destination IP is an IP not included in the routing table, the public IP assigned to the secure IP router 100 is changed to the second source IP (S111). Through steps S110 and S111, the secure IP router 100 recognizes whether to transmit the IP packet through the public IP communication or the IP packet through the secure IP communication.

If the second source IP and the second destination IP are determined through the above procedure, the security policy management unit 106 determines whether to allow communication for transmitting the IP packet based on the stored security policies (S112). The security policy may be transmitted from the control unit 300 or may be previously set in the secure IP router 100. The security policy may be included in the IP packet transmitted from the IP processing unit 105 to transmit a second source IP or a second destination IP or IP packet It is determined whether information on the port of the first terminal 10 to be transmitted or protocol information is contained in the communication blocking object information, thereby determining whether to block the communication.

If it is determined in step S112 that communication is to be interrupted, the communication unit 107 interrupts the transmission of the IP packet (S113). However, if it is determined in step S112 that communication is permitted, the communication unit 107 transmits the IP packet to the second terminal 20 through the public network (S114, S115) (S116, S117).

An example of the above procedure is as follows.

The security IP router 100 assumes that the public IP allocated from the DHCP server 50 is 168.126.0.1 and that the security IP is 169.208.0.1. It is assumed that the IP allocated to the first terminal 10 by the secure IP router 100 is 192.168.0.1 and the public IP of the second terminal 20 is 2.2.2.2 and the secure IP is 39.28.0.2 .

In the routing table, the security access IPs of 169.208.0.1 to 169.208.0.254 are allowed for secure IP communication, and the IP addresses of the security core IPs 39.28.0.1 to 39.28.0.254, Is defined to be equivalent to.

It is assumed that the IP change management information includes 2.2.2.2 stored in a specific IP, and 2.2.2.2 is set to be converted to 39.28.0.2. In the embodiment of the present invention, for the sake of convenience of description, the IP change management information refers only to the specific IP 2.2.2.2, but is not limited thereto.

Assuming that the first terminal 10 attempts to transmit an IP packet with the destination IP set to 2.2.2.2, the IP packet received by the secure IP router 100 includes a first source The IP is 192.168.0.1, the first destination IP is 2.2.2.2, and the packet is included. Here, the first source IP corresponds to the private IP allocated to the first terminal 10.

The IP change management unit 103 confirms the first destination IP in the received IP packet. Since the first destination IP is included in the IP change management information, the IP change management unit 103 converts the first destination IP, which is 2.2.2.2, to 39.28.0.2 to generate the second destination IP. When the second destination IP is generated, the IP processing unit 105 confirms whether the second destination IP is included in the routing table set for IP for secure IP communication.

Since the second destination IP address 39.28.0.2 is included in the routing table corresponding to the security core IP, the IP processing unit 105 confirms that the second destination IP is the secure IP. Accordingly, the IP processing unit 105 changes the first source IP set to the IP of the first terminal 10 to 169.208.0.1, which is the security IP assigned to the secure IP router 100, and determines the second source IP .

Accordingly, the second source IP included in the IP packet is 169.208.0.1, the second destination IP is 39.28.0.2, and the IP packet can be transmitted to the second terminal 20 through the secure IP communication. After the second source IP and the second destination IP are determined, the security policy management unit 106 determines whether to allow communication for the transmission of the IP packet according to the stored security policy. If it is determined that the communication is allowed, the communication unit 107 transmits the communication to the second terminal 20 through the secure IP gateway 200. Herein, since the security policy is not limited to any one form, a description thereof will be omitted in the embodiment.

In the above description, the secure IP communication is described as an example, and the public IP communication will be described as an example. Assuming that the first terminal 10 attempts to transmit an IP packet with the first destination IP set to 202.175.1.1, the IP packet received by the secure IP router 100 includes a first source IP of 192.168.0.1, IP is 202.175.1.1 and the packet is included. Here, the first source IP corresponds to the private IP allocated to the first terminal 10.

The IP change management unit 103 confirms the first destination IP in the received IP packet. Since the first destination IP 202.175.1.1 is not included in the IP change management information, the second destination IP is also determined as 202.175.1.1. The IP processing unit 105 confirms whether the second destination IP is included in the routing table of the routing table management unit 104. [

Since it is assumed that 202.175.1.1 is not included in the routing table, the IP processing unit 105 confirms that the second destination IP is the public IP. The second source IP is determined by changing the first source IP set to the IP of the first terminal 10 to 168.126.0.1, which is the public IP assigned to the secure IP router 100. Accordingly, the second source IP set in the IP packet becomes 168.126.0.1, the second destination IP becomes 202.175.1.1, and the IP packet can be transmitted to the second terminal 20 through the public IP communication.

After the second source IP and the second destination IP are determined, the security policy management unit 106 determines whether to allow communication for transmission of an IP packet according to a pre-stored security policy, and if it is determined to allow communication, 107 to the second terminal 20 through the gateway 30. Herein, since the security policy is not limited to any one form, a description thereof will be omitted in the embodiment.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.

Claims (16)

1. An IP communication service providing apparatus for providing an IP communication service to a terminal,
The IP change management information including a specific IP which is a plurality of preset IPs to be changed and a changed IP to be generated by changing the specific IP and stores a destination IP included in the IP packet transmitted from the first terminal in the IP change management An IP change management unit configured to change a change destination IP according to information to generate a change destination IP;
A routing table management unit managing a routing table including addresses of the plurality of secure IPs for providing a secure IP communication service;
The IP change management unit checks whether the change destination IP generated by the IP change management unit or the unchanged destination IP in the IP change management unit corresponds to the secure IP included in the routing table, To the second source IP; And
The IP packet is transmitted to the second terminal through either the public IP communication or the secure IP communication based on the second source IP changed in the IP processing unit and the destination IP changed in the IP change management unit or the unchanged destination IP Communication section
The IP communication service providing apparatus comprising: The method according to claim 1,
The IP processing unit,
If the change destination IP or the unchanged destination IP generated by the IP change management unit is a public IP, changing a first source IP, which is an IP assigned to the first terminal, to a public IP assigned to the IP communication service providing apparatus, IP,
And changing the first source IP to a secure IP assigned to the IP communication service providing apparatus to generate a second source IP if the change destination IP or the unchanged destination IP is a secure IP. The method according to claim 1,
Requesting an IP allocation for the IP communication service providing apparatus to a DHCP (Dynamic Host Configuration Protocol) server interworking with the IP communication service providing apparatus, receiving an IP address including a public IP and a secure IP from the DHCP server, Request part; And
When receiving an IP address assignment request for the first terminal from the first terminal transmitting the IP packet, generating an IP address for the first terminal and delivering the first source IP to the first terminal,
The IP communication service providing apparatus comprising: The method of claim 3,
And the communication unit receives and manages a security policy for allowing the second terminal to determine whether or not the IP packet is permitted to be transmitted,
The IP communication service providing apparatus further comprising: A method for providing an IP communication service between an IP communication service providing apparatus and a first terminal and a second terminal,
A first destination IP included in an IP packet transmitted from the first terminal is changed in accordance with IP change management information including a specific IP which is a plurality of preset IPs to be changed and a changed IP to be generated by changing the specific IP, Determining whether to change to IP;
Checking whether the changed second destination IP is included in the routing table if the change to the second destination IP is determined and checking whether the first destination IP is included in the routing table if the changed second destination IP is not changed to the second destination IP ;
Changing a first source IP included in an IP packet to a second source IP according to the result of the checking; And
Transmitting the IP packet transmitted from the first terminal based on the changed second source IP and the destination IP to either the secure IP communication or the public IP communication with the second terminal
The IP communication service providing method comprising: 6. The method of claim 5,
Wherein the step of determining whether to change to the second destination IP comprises:
Wherein the IP change management information includes a plurality of predetermined IPs and a plurality of changed IPs for changing the plurality of IPs,
Determining that the changed IP corresponding to the first destination IP is changed to the second destination IP if the first destination IP is one of a plurality of IPs included in the IP change management information; And
Determining that the first destination IP is not changed to a second destination IP if the first destination IP is not included in the IP change management information;
The IP communication service providing method comprising: 6. The method of claim 5,
Wherein the changing to the second source IP comprises:
Confirming that the destination IP is a secure IP if the destination IP, which is one of the first destination IP and the second destination IP not changed to the second destination IP, is included in the routing table; And
Generating the second source IP by changing the first source IP, which is a private IP of the first terminal, to a secure IP assigned to the IP communication service providing apparatus
The IP communication service providing method comprising: 8. The method of claim 7,
Wherein the changing to the second source IP comprises:
Confirming that the destination IP is a public IP if the destination IP is not included in the routing table; And
Generating the second source IP by changing the first source IP to a public IP assigned to the IP communication service providing apparatus
Further comprising the steps of: 6. The method of claim 5,
Wherein the step of transmitting through any one of the above-
A second destination IP, or a first destination IP that is not changed to a second destination IP, and the second source IP are respectively a secure IP, transmits the IP packet to the second terminal through secure IP communication,
And transmitting the IP packet to the second terminal through public IP communication when the second source IP and the destination IP are public IP, respectively. 10. The method of claim 9,
Wherein the step of transmitting through any one of the above-
Comparing the second source IP and the destination IP with a previously stored security policy, and determining whether to block communication
Further comprising the steps of: 6. The method of claim 5,
Prior to the step of determining whether to change to the second destination IP,
Requesting an assignment of an IP address to the IP communication service providing apparatus by a DHCP server linked to the IP communication service providing apparatus; And
Receiving an IP including a public IP and a secure IP from the DHCP server
The IP communication service providing method comprising: 12. The method of claim 11,
Prior to the step of determining whether to change to the second destination IP,
Receiving an IP allocation request from the first terminal; And
Generating a private IP address for the first terminal and providing the private IP to the first terminal
Further comprising the steps of: 12. The method of claim 11,
Prior to the step of determining whether to change to the second destination IP,
Receiving control information including IP change management information, routing table information, and a security policy from a controller interlocked with the IP communication service providing apparatus
Further comprising the steps of: 1. An IP communication system for providing an IP communication service to a terminal,
A first IP and a second IP from the outside and receives control information; a destination IP included in the IP packet transmitted from the terminal; and a destination IP of either the first IP or the second IP based on the destination IP An IP communication service providing device for determining whether to transmit the IP packet through either the first IP communication or the second IP communication according to the source IP which is changed to the source IP;
A control unit for transmitting the control information to the IP communication service providing apparatus;
A DHCP server allocating and providing the first IP and the second IP to the IP communication service providing apparatus;
A first gateway for transmitting the IP packet to a destination terminal when the IP communication service providing apparatus determines to transmit the IP packet through a first communication; And
When the IP communication service providing apparatus determines that the IP packet is transmitted through the second communication, transmits the IP packet to the destination terminal,
Including the
Wherein the first communication and the second communication are either public IP communication or secure IP communication. 15. The method of claim 14,
The IP communication service providing apparatus includes:
An IP change management unit that stores IP change management information included in control information transmitted from the control unit and generates a change destination IP by changing a destination IP included in an IP packet transmitted from the terminal according to the IP change management information, ;
A routing table management unit included in the control information transmitted from the control unit and managing a routing table including addresses of a plurality of security IPs for providing a secure IP communication service;
The IP change management unit confirms whether the changed destination IP or the unchanged destination IP corresponds to the security IP included in the routing table, and if the change destination IP or the unchanged destination IP corresponds to the security IP included in the routing table The first source IP included in the IP packet is changed to the second IP and is generated as the second source IP. If the change destination IP or the unchanged destination IP does not correspond to the secure IP included in the routing table An IP processing unit for changing the first source IP to the first IP and generating a second source IP; And
The first gateway transmits IP packets to the first gateway when the first communication is public IP communication based on the second source IP and the destination IP that have been changed by the IP processing unit or to the second gateway when the second communication is secure IP communication A communication unit for transmitting an IP packet
Gt; IP < / RTI > 16. The method of claim 15,
The IP communication service providing apparatus includes:
An IP address request unit for requesting the DHCP server to assign an IP address to the IP communication service providing apparatus and receiving an IP including a public IP as a first IP and a secure IP as a second IP from the DHCP server;
An IP address assigning unit configured to generate and deliver an IP address to the terminal when receiving an IP address assignment request from the terminal transmitting the IP packet; And
And a security policy managing unit for receiving and managing a security policy for allowing the communication unit to determine whether or not to permit transmission of the IP packet,
Gt; IP < / RTI >
KR1020150189064A 2015-12-23 2015-12-29 Apparatus, method and system for providing of IP communication service KR101893209B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR1020150189064A KR101893209B1 (en) 2015-12-29 2015-12-29 Apparatus, method and system for providing of IP communication service
PCT/KR2016/014850 WO2017111404A1 (en) 2015-12-23 2016-12-19 Device, method, and communication system for providing security ip communication service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150189064A KR101893209B1 (en) 2015-12-29 2015-12-29 Apparatus, method and system for providing of IP communication service

Publications (2)

Publication Number Publication Date
KR20170078482A KR20170078482A (en) 2017-07-07
KR101893209B1 true KR101893209B1 (en) 2018-08-29

Family

ID=59353750

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150189064A KR101893209B1 (en) 2015-12-23 2015-12-29 Apparatus, method and system for providing of IP communication service

Country Status (1)

Country Link
KR (1) KR101893209B1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102096610B1 (en) * 2017-11-28 2020-04-02 주식회사 안랩 Apparatus and method for managing communication of internet of things

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009062504A1 (en) * 2007-11-13 2009-05-22 Tnm Farmguard Aps Secure communication between a client and devices on different private local networks using the same subnet addresses
KR101193647B1 (en) * 2011-09-06 2012-10-24 에스케이텔레콤 주식회사 Apparatus and method for simultaneously transmitting data in heterogeneous network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009062504A1 (en) * 2007-11-13 2009-05-22 Tnm Farmguard Aps Secure communication between a client and devices on different private local networks using the same subnet addresses
KR101193647B1 (en) * 2011-09-06 2012-10-24 에스케이텔레콤 주식회사 Apparatus and method for simultaneously transmitting data in heterogeneous network

Also Published As

Publication number Publication date
KR20170078482A (en) 2017-07-07

Similar Documents

Publication Publication Date Title
JP6383397B2 (en) Dynamic VPN address allocation
CN112584393B (en) Base station configuration method, device, equipment and medium
US9083705B2 (en) Identifying NATed devices for device-specific traffic flow steering
KR101743559B1 (en) Virtual private network, internet cafe network using the same, and manager apparatus for the same
JP2010118752A (en) Network system, dhcp server apparatus and dhcp client apparatus
KR20090016322A (en) Mobile wimax network including private network and the control method
US20100275248A1 (en) Method, apparatus and system for selecting service network
CA2638683C (en) Method and system for provisioning customer premises equipment
US10348687B2 (en) Method and apparatus for using software defined networking and network function virtualization to secure residential networks
KR100953595B1 (en) Management system for quality of service in home network
JP5898189B2 (en) Telecommunications network, method and system for efficiently using a connection between the telecommunications network and customer premises equipment
KR101363047B1 (en) Mobile WiMax network system including private network and the Mobile IP terminal processing method
KR102014005B1 (en) Method of providing nomadic service through virtual residential gateway
EP3703343A1 (en) Method and device for configuring service flow
KR101893209B1 (en) Apparatus, method and system for providing of IP communication service
EP2566139A1 (en) Method and device for obtaining remote ip address
KR101821794B1 (en) Apparatus, method and system for providing of secure IP communication service
KR102367169B1 (en) Method for supporting intranet access and network system implementing the same method
EP2989756A1 (en) Methods and arrangement for adapting quality of service for a private channel based on service awareness
US20140344449A1 (en) Ip address allocation for wi-fi clients
KR101787404B1 (en) Method for allocating network address with security based on dhcp
KR100428771B1 (en) mobile IP system and method for phone registration and IP address assignment in the mobile IP system
JP5947763B2 (en) COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM
KR101629430B1 (en) Apparatus and method for simultaneously transmitting data in heterogeneous network
KR20160123102A (en) Virtual private network secuirity apparatus and operatoin method thereof

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant