KR101893209B1 - Apparatus, method and system for providing of IP communication service - Google Patents
Apparatus, method and system for providing of IP communication service Download PDFInfo
- Publication number
- KR101893209B1 KR101893209B1 KR1020150189064A KR20150189064A KR101893209B1 KR 101893209 B1 KR101893209 B1 KR 101893209B1 KR 1020150189064 A KR1020150189064 A KR 1020150189064A KR 20150189064 A KR20150189064 A KR 20150189064A KR 101893209 B1 KR101893209 B1 KR 101893209B1
- Authority
- KR
- South Korea
- Prior art keywords
- destination
- communication
- terminal
- secure
- source
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H04L61/2015—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Abstract
Determines whether to convert the first destination IP included in the IP packet transmitted from the first terminal into the second destination IP according to the predetermined IP change management information, and if the conversion to the second destination IP is determined, the converted second destination IP Routing table, and if it is not converted to the second destination IP, confirms whether the first destination IP is included in the routing table. According to the confirmation result, the first source IP included in the IP packet is changed to the second source IP, and the IP packet transmitted from the first terminal based on the changed second source IP and the destination IP is transmitted to the second terminal through secure IP communication or air IP communication.
Description
The present invention relates to an apparatus, a method and a communication system for providing an IP communication service.
In general, terminals that desire to use the Internet service receive the public IP address and access the public Internet network to use the service. There are various types of terminals using the internet service, such as POS terminal, CCTV, IoT terminal, etc. These terminals can be used by individuals, but they can be bundled into a user group and installed in the enterprise.
At this time, if a malicious third party changes the service provided to the terminal through the public Internet network, changes the IP address provided to the terminal, attacks an IP address such as DDoS, In the case of intercepting an IP address, there is a problem that a store-type franchise that operates a POS, a company that requires secure connection between a head office, a branch office, and a branch office, or a CCTV operating company or an institution can not provide a secure service.
In order to do this, the service is provided by encrypting the traffic or installing a separate VPN device, but the communication speed is not guaranteed due to the VPN header or the traffic encryption, and there is a disadvantage in that a cost is incurred by installing a separate expensive equipment.
Accordingly, the present invention provides an apparatus, a method, and a communication system for providing an IP communication service that provides both a secure IP communication service and a public IP communication service that enable a closed communication connection in a public Internet network.
According to an aspect of the present invention, there is provided an apparatus for providing an IP communication service for providing a secure IP communication service to a terminal,
An IP change management unit that stores IP change management information and is capable of converting a first destination IP included in an IP packet transmitted from the first terminal into another IP according to the IP change management information; A routing table management unit managing a routing table including addresses of a plurality of security IPs for providing a secure IP communication service; An IP processing unit for confirming whether a destination IP not converted or converted by the IP change management unit is included in the routing table and changing a first source IP included in the IP packet to a second source IP according to a result of the check; And transmitting the IP packet to the second terminal through either the public IP communication or the secure IP communication based on the second source IP changed in the IP processing unit and the destination IP not converted or converted in the IP change management unit And a communication unit.
According to another aspect of the present invention, there is provided a method for providing an IP communication service between a first terminal and a second terminal,
Determining whether to convert a first destination IP included in an IP packet transmitted from the first terminal into a second destination IP according to predetermined IP change management information; Confirming whether the converted second destination IP is included in the routing table if the conversion to the second destination IP is determined, and confirming whether the first destination IP is included in the routing table if the conversion is not performed to the second destination IP; Changing a first source IP included in an IP packet to a second source IP according to the result of the checking; And transmitting the IP packet transmitted from the first terminal based on the changed second source IP and the destination IP to the second terminal through either secure IP communication or public IP communication.
According to another aspect of the present invention, there is provided an IP communication system for providing an IP communication service to a terminal,
A first IP and a second IP from the outside and receives control information; a destination IP included in the IP packet transmitted from the terminal; and a destination IP of either the first IP or the second IP based on the destination IP An IP communication service providing apparatus for determining whether to transmit the IP packet through either the first IP communication or the second IP communication in accordance with the source IP which is converted into the IP address; A control unit for transmitting the control information to the IP communication service providing apparatus; A DHCP server allocating and providing the first IP and the second IP to the IP communication service providing apparatus; A first gateway for transmitting the IP packet to a destination terminal when the IP communication service providing apparatus determines to transmit the IP packet through a first communication; And a second gateway for transmitting the IP packet to a destination terminal when the IP communication service providing apparatus determines that the IP packet is to be transmitted through a second communication.
According to the present invention, it is possible to provide both the public IP communication service and the secure IP communication service in the public network through the IP service providing apparatus to which both the secure IP and the public IP are allocated.
1 is an exemplary diagram illustrating a communication system for providing an IP communication service according to an embodiment of the present invention.
2 is a structural diagram of a secure IP router according to an embodiment of the present invention.
3 is a flowchart of an IP communication method according to an embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.
Throughout the specification, when an element is referred to as "comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise.
In this specification, a terminal includes a mobile station (MS), a mobile terminal (MT), a subscriber station (SS), a portable subscriber station (PSS) An access terminal (AT), and the like, and may include all or some of functions of a mobile terminal, a subscriber station, a mobile subscriber station, a user equipment, and the like.
Hereinafter, an apparatus and method for providing a secure IP communication service according to an embodiment of the present invention will be described with reference to the drawings. In the embodiment of the present invention, a service for providing a closed communication service to a terminal in a public Internet network is referred to as a 'secure IP communication service', but the present invention is not limited thereto.
In the embodiment of the present invention, an IP used to transmit an IP packet through IP communication in a public Internet network according to the type of IP is referred to as a 'public IP'. The IP used to transmit IP packets through secure IP communication is referred to as a 'secure IP'.
1 is an exemplary diagram illustrating a communication system for providing an IP communication service according to an embodiment of the present invention.
The environment for providing the secure IP communication service as shown in FIG. 1 assumes that the
The IP packet transmitted by the
The
Here, the IP change management information is reference information for determining whether to change the destination IP included in the IP packet to another IP when the
The routing table information includes information of a plurality of security IPs that are preset to transmit IP packets through secure IP communication.
The security policy includes communication blocking object information (for example, IP, port, or protocol information) preset in advance. And is a reference information for controlling communication to be interrupted when an IP packet is attempted to be transmitted through an IP set as communication blocking object information.
Then, the
Also, the
The
IP packets that have passed through the
The DHCP
The
The
The
The
Only the components necessary for providing the secure IP communication in the public network have been shown and may further include components not shown in FIG. In the above environment, the structure of the
2 is a structural diagram of a secure IP router according to an embodiment of the present invention.
2, the
The IP
The IP
The IP
The IP change management information includes a plurality of predetermined IPs set in advance and changed IPs to be changed by executing NAT on specific IPs. Therefore, the IP
However, if it corresponds to a specific IP, NAT is executed on the destination IP to convert it to the change destination IP. Here, the changed destination IP through the IP
The routing
The
However, if the second destination IP is not a secure IP stored in the routing table, the
The security
In addition, the security
When the security
A method of performing secure IP communication or public IP communication according to the IP address in the communication network including the
3 is a flowchart of an IP communication method according to an embodiment of the present invention.
As shown in FIG. 3, the
When the
In step S105, the
The IP
If the first destination IP is an IP included in the IP change management information, NAT is executed to the first destination IP to change to the second destination IP (S109). The changed second destination IP may be a secure IP or a public IP. However, if it is determined in step S109 that the first destination IP is an IP not included in the IP change management information, the first IP destination IP is set as the second destination IP.
The next
Accordingly, the
If the second source IP and the second destination IP are determined through the above procedure, the security
If it is determined in step S112 that communication is to be interrupted, the
An example of the above procedure is as follows.
The
In the routing table, the security access IPs of 169.208.0.1 to 169.208.0.254 are allowed for secure IP communication, and the IP addresses of the security core IPs 39.28.0.1 to 39.28.0.254, Is defined to be equivalent to.
It is assumed that the IP change management information includes 2.2.2.2 stored in a specific IP, and 2.2.2.2 is set to be converted to 39.28.0.2. In the embodiment of the present invention, for the sake of convenience of description, the IP change management information refers only to the specific IP 2.2.2.2, but is not limited thereto.
Assuming that the first terminal 10 attempts to transmit an IP packet with the destination IP set to 2.2.2.2, the IP packet received by the
The IP
Since the second destination IP address 39.28.0.2 is included in the routing table corresponding to the security core IP, the
Accordingly, the second source IP included in the IP packet is 169.208.0.1, the second destination IP is 39.28.0.2, and the IP packet can be transmitted to the
In the above description, the secure IP communication is described as an example, and the public IP communication will be described as an example. Assuming that the first terminal 10 attempts to transmit an IP packet with the first destination IP set to 202.175.1.1, the IP packet received by the
The IP
Since it is assumed that 202.175.1.1 is not included in the routing table, the
After the second source IP and the second destination IP are determined, the security
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.
Claims (16)
The IP change management information including a specific IP which is a plurality of preset IPs to be changed and a changed IP to be generated by changing the specific IP and stores a destination IP included in the IP packet transmitted from the first terminal in the IP change management An IP change management unit configured to change a change destination IP according to information to generate a change destination IP;
A routing table management unit managing a routing table including addresses of the plurality of secure IPs for providing a secure IP communication service;
The IP change management unit checks whether the change destination IP generated by the IP change management unit or the unchanged destination IP in the IP change management unit corresponds to the secure IP included in the routing table, To the second source IP; And
The IP packet is transmitted to the second terminal through either the public IP communication or the secure IP communication based on the second source IP changed in the IP processing unit and the destination IP changed in the IP change management unit or the unchanged destination IP Communication section
The IP communication service providing apparatus comprising:
The IP processing unit,
If the change destination IP or the unchanged destination IP generated by the IP change management unit is a public IP, changing a first source IP, which is an IP assigned to the first terminal, to a public IP assigned to the IP communication service providing apparatus, IP,
And changing the first source IP to a secure IP assigned to the IP communication service providing apparatus to generate a second source IP if the change destination IP or the unchanged destination IP is a secure IP.
Requesting an IP allocation for the IP communication service providing apparatus to a DHCP (Dynamic Host Configuration Protocol) server interworking with the IP communication service providing apparatus, receiving an IP address including a public IP and a secure IP from the DHCP server, Request part; And
When receiving an IP address assignment request for the first terminal from the first terminal transmitting the IP packet, generating an IP address for the first terminal and delivering the first source IP to the first terminal,
The IP communication service providing apparatus comprising:
And the communication unit receives and manages a security policy for allowing the second terminal to determine whether or not the IP packet is permitted to be transmitted,
The IP communication service providing apparatus further comprising:
A first destination IP included in an IP packet transmitted from the first terminal is changed in accordance with IP change management information including a specific IP which is a plurality of preset IPs to be changed and a changed IP to be generated by changing the specific IP, Determining whether to change to IP;
Checking whether the changed second destination IP is included in the routing table if the change to the second destination IP is determined and checking whether the first destination IP is included in the routing table if the changed second destination IP is not changed to the second destination IP ;
Changing a first source IP included in an IP packet to a second source IP according to the result of the checking; And
Transmitting the IP packet transmitted from the first terminal based on the changed second source IP and the destination IP to either the secure IP communication or the public IP communication with the second terminal
The IP communication service providing method comprising:
Wherein the step of determining whether to change to the second destination IP comprises:
Wherein the IP change management information includes a plurality of predetermined IPs and a plurality of changed IPs for changing the plurality of IPs,
Determining that the changed IP corresponding to the first destination IP is changed to the second destination IP if the first destination IP is one of a plurality of IPs included in the IP change management information; And
Determining that the first destination IP is not changed to a second destination IP if the first destination IP is not included in the IP change management information;
The IP communication service providing method comprising:
Wherein the changing to the second source IP comprises:
Confirming that the destination IP is a secure IP if the destination IP, which is one of the first destination IP and the second destination IP not changed to the second destination IP, is included in the routing table; And
Generating the second source IP by changing the first source IP, which is a private IP of the first terminal, to a secure IP assigned to the IP communication service providing apparatus
The IP communication service providing method comprising:
Wherein the changing to the second source IP comprises:
Confirming that the destination IP is a public IP if the destination IP is not included in the routing table; And
Generating the second source IP by changing the first source IP to a public IP assigned to the IP communication service providing apparatus
Further comprising the steps of:
Wherein the step of transmitting through any one of the above-
A second destination IP, or a first destination IP that is not changed to a second destination IP, and the second source IP are respectively a secure IP, transmits the IP packet to the second terminal through secure IP communication,
And transmitting the IP packet to the second terminal through public IP communication when the second source IP and the destination IP are public IP, respectively.
Wherein the step of transmitting through any one of the above-
Comparing the second source IP and the destination IP with a previously stored security policy, and determining whether to block communication
Further comprising the steps of:
Prior to the step of determining whether to change to the second destination IP,
Requesting an assignment of an IP address to the IP communication service providing apparatus by a DHCP server linked to the IP communication service providing apparatus; And
Receiving an IP including a public IP and a secure IP from the DHCP server
The IP communication service providing method comprising:
Prior to the step of determining whether to change to the second destination IP,
Receiving an IP allocation request from the first terminal; And
Generating a private IP address for the first terminal and providing the private IP to the first terminal
Further comprising the steps of:
Prior to the step of determining whether to change to the second destination IP,
Receiving control information including IP change management information, routing table information, and a security policy from a controller interlocked with the IP communication service providing apparatus
Further comprising the steps of:
A first IP and a second IP from the outside and receives control information; a destination IP included in the IP packet transmitted from the terminal; and a destination IP of either the first IP or the second IP based on the destination IP An IP communication service providing device for determining whether to transmit the IP packet through either the first IP communication or the second IP communication according to the source IP which is changed to the source IP;
A control unit for transmitting the control information to the IP communication service providing apparatus;
A DHCP server allocating and providing the first IP and the second IP to the IP communication service providing apparatus;
A first gateway for transmitting the IP packet to a destination terminal when the IP communication service providing apparatus determines to transmit the IP packet through a first communication; And
When the IP communication service providing apparatus determines that the IP packet is transmitted through the second communication, transmits the IP packet to the destination terminal,
Including the
Wherein the first communication and the second communication are either public IP communication or secure IP communication.
The IP communication service providing apparatus includes:
An IP change management unit that stores IP change management information included in control information transmitted from the control unit and generates a change destination IP by changing a destination IP included in an IP packet transmitted from the terminal according to the IP change management information, ;
A routing table management unit included in the control information transmitted from the control unit and managing a routing table including addresses of a plurality of security IPs for providing a secure IP communication service;
The IP change management unit confirms whether the changed destination IP or the unchanged destination IP corresponds to the security IP included in the routing table, and if the change destination IP or the unchanged destination IP corresponds to the security IP included in the routing table The first source IP included in the IP packet is changed to the second IP and is generated as the second source IP. If the change destination IP or the unchanged destination IP does not correspond to the secure IP included in the routing table An IP processing unit for changing the first source IP to the first IP and generating a second source IP; And
The first gateway transmits IP packets to the first gateway when the first communication is public IP communication based on the second source IP and the destination IP that have been changed by the IP processing unit or to the second gateway when the second communication is secure IP communication A communication unit for transmitting an IP packet
Gt; IP < / RTI >
The IP communication service providing apparatus includes:
An IP address request unit for requesting the DHCP server to assign an IP address to the IP communication service providing apparatus and receiving an IP including a public IP as a first IP and a secure IP as a second IP from the DHCP server;
An IP address assigning unit configured to generate and deliver an IP address to the terminal when receiving an IP address assignment request from the terminal transmitting the IP packet; And
And a security policy managing unit for receiving and managing a security policy for allowing the communication unit to determine whether or not to permit transmission of the IP packet,
Gt; IP < / RTI >
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150189064A KR101893209B1 (en) | 2015-12-29 | 2015-12-29 | Apparatus, method and system for providing of IP communication service |
PCT/KR2016/014850 WO2017111404A1 (en) | 2015-12-23 | 2016-12-19 | Device, method, and communication system for providing security ip communication service |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150189064A KR101893209B1 (en) | 2015-12-29 | 2015-12-29 | Apparatus, method and system for providing of IP communication service |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170078482A KR20170078482A (en) | 2017-07-07 |
KR101893209B1 true KR101893209B1 (en) | 2018-08-29 |
Family
ID=59353750
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150189064A KR101893209B1 (en) | 2015-12-23 | 2015-12-29 | Apparatus, method and system for providing of IP communication service |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101893209B1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102096610B1 (en) * | 2017-11-28 | 2020-04-02 | 주식회사 안랩 | Apparatus and method for managing communication of internet of things |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009062504A1 (en) * | 2007-11-13 | 2009-05-22 | Tnm Farmguard Aps | Secure communication between a client and devices on different private local networks using the same subnet addresses |
KR101193647B1 (en) * | 2011-09-06 | 2012-10-24 | 에스케이텔레콤 주식회사 | Apparatus and method for simultaneously transmitting data in heterogeneous network |
-
2015
- 2015-12-29 KR KR1020150189064A patent/KR101893209B1/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009062504A1 (en) * | 2007-11-13 | 2009-05-22 | Tnm Farmguard Aps | Secure communication between a client and devices on different private local networks using the same subnet addresses |
KR101193647B1 (en) * | 2011-09-06 | 2012-10-24 | 에스케이텔레콤 주식회사 | Apparatus and method for simultaneously transmitting data in heterogeneous network |
Also Published As
Publication number | Publication date |
---|---|
KR20170078482A (en) | 2017-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6383397B2 (en) | Dynamic VPN address allocation | |
CN112584393B (en) | Base station configuration method, device, equipment and medium | |
US9083705B2 (en) | Identifying NATed devices for device-specific traffic flow steering | |
KR101743559B1 (en) | Virtual private network, internet cafe network using the same, and manager apparatus for the same | |
JP2010118752A (en) | Network system, dhcp server apparatus and dhcp client apparatus | |
KR20090016322A (en) | Mobile wimax network including private network and the control method | |
US20100275248A1 (en) | Method, apparatus and system for selecting service network | |
CA2638683C (en) | Method and system for provisioning customer premises equipment | |
US10348687B2 (en) | Method and apparatus for using software defined networking and network function virtualization to secure residential networks | |
KR100953595B1 (en) | Management system for quality of service in home network | |
JP5898189B2 (en) | Telecommunications network, method and system for efficiently using a connection between the telecommunications network and customer premises equipment | |
KR101363047B1 (en) | Mobile WiMax network system including private network and the Mobile IP terminal processing method | |
KR102014005B1 (en) | Method of providing nomadic service through virtual residential gateway | |
EP3703343A1 (en) | Method and device for configuring service flow | |
KR101893209B1 (en) | Apparatus, method and system for providing of IP communication service | |
EP2566139A1 (en) | Method and device for obtaining remote ip address | |
KR101821794B1 (en) | Apparatus, method and system for providing of secure IP communication service | |
KR102367169B1 (en) | Method for supporting intranet access and network system implementing the same method | |
EP2989756A1 (en) | Methods and arrangement for adapting quality of service for a private channel based on service awareness | |
US20140344449A1 (en) | Ip address allocation for wi-fi clients | |
KR101787404B1 (en) | Method for allocating network address with security based on dhcp | |
KR100428771B1 (en) | mobile IP system and method for phone registration and IP address assignment in the mobile IP system | |
JP5947763B2 (en) | COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM | |
KR101629430B1 (en) | Apparatus and method for simultaneously transmitting data in heterogeneous network | |
KR20160123102A (en) | Virtual private network secuirity apparatus and operatoin method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |