KR102281389B1 - Internet access location control system - Google Patents

Abstract

The present invention relates to an Internet access location control system implemented to increase professionalism and transparency in security to prevent mass leakage of personal information due to illegal public certificate and ID theft and to systematically manage it. The system includes an access control server that allows only a user based on a political party location to access an organization.

Description

Internet access location control system {INTERNET ACCESS LOCATION CONTROL SYSTEM}

The present invention relates to an Internet access location control system, and more particularly, the Internet implemented to increase professionalism and transparency in security and systematically manage it to prevent mass leakage of personal information due to illegal public certificate and ID theft. It relates to a connection position control system.

The recent trend of Internet intrusion incidents is that the methods are increasingly using intelligent and complex functions, making it increasingly difficult to respond and analyze them. Public service organizations are providing qualification inquiry services through the Internet to 78,000 organizations scattered across the country, but they are illegally using accredited certificates and IDs. There are cases in which personal information is leaked from places other than the relevant institution by stealing passwords, and we are facing an environment that needs to be urgently prevented.

Security for Internet personal information inquiry service by establishing an access location control system so that service is available only on the designated PC of the institution when inquiring about qualifications in the institution's institutional information yard from the institution to the Internet to prevent data leakage due to the theft of public certificates We are aiming to complete the successful establishment of a system that can strengthen and maximize the reliability and operational efficiency of the Corporation's Internet civil service service.

On the other hand, the above-mentioned background art is technical information that the inventor possessed for the derivation of the present invention or acquired in the process of derivation of the present invention, and it cannot necessarily be said to be a known technique disclosed to the general public before the filing of the present invention .

Korean Patent No. 10-1258471 Korean Patent No. 10-0813203

One aspect of the present invention is to enhance security and enhance reliability and operational efficiency of Internet civil service, and to provide security expertise and transparency to prevent mass leakage of personal information due to illegal public certificate and ID theft. It provides an Internet access location control system that can be enhanced and systematically managed.

The technical problems of the present invention are not limited to the technical problems mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art from the following description.

The Internet access location control system according to an embodiment of the present invention includes an access control server that allows only a user based on a political party location to access an institution.

In one embodiment, the Internet access location control system according to an embodiment of the present invention is an access manager for managing PC for inquiry, which is a party terminal that is allowed access to the institution, managing unique information, managing history, and managing authority terminal; may further include.

In one embodiment, the access control server, the access location check unit for extracting and confirming the unique location information of the access PC; a location restriction information storage unit storing location restriction information for determining a location where access is permitted; an access location comparison unit that compares the location limitation information stored in the location limitation information storage unit with the unique location information of the access PC confirmed by the access location check unit; a connection determination unit that reads the result collated by the connection location comparison unit and determines whether to allow the server to connect; and a notification unit informing the access manager terminal of the information of the access PC.

In one embodiment, the access manager terminal performs at least one function of the inquiry of the inquiry PC, the registration of the inquiry PC, the unconnected PC batch arrangement, the registration history management, and the PC extraction outside the relevant institution. PC management unit for inquiry; a unique information management unit that performs at least one function of inquiring unique information, registering unique information, and correcting or deleting unique information; a history management unit that searches for history information; an authority management unit that performs at least one function of authority management, group management, organization management, user management, authentication policy setting, authorization policy setting, dynamic policy setting, and role access control setting; Statistics Department, which performs general, branch and institutional statistics; and an environment setting unit that performs at least one function of common code management, notice management, and manager notification function management.

In one embodiment, it consists of a user group using a single PC and a group using a server system, which primarily controls the location of the system in which it is installed, and secondarily controls the location of a user PC or server accessing itself. It may further include; a server-type security module for controlling.

In an embodiment, the server-type security module may extract access location control information of the security server to register a security server (Proxy Client) with the location control system, and generate registration data using the extracted information. The registration process is performed using a separate registration program located there, and the location control registration data generated in the registration program is digitally signed and encrypted through the security server and then transmitted to the proxy server, and the proxy server (Proxy Server) ), if the transmitted data is location control registration information, the related contents are transmitted to the location control system to register the security server, and the result is transmitted to the client, but if it is not location control registration information, the Internet information inquiry system By sending data to , position control processing can be performed.

In one embodiment, the registration of the access location control information of the user's PC using the security server (Proxy Client) is to access the registration page of the institution's homepage, install the location control program, and when the installation is completed, the user from the location control program After generating registration data by extracting the unique information of the PC, the generated registration data is transmitted to the security server (Proxy Client), and if the data transmitted from the proxy server is the location control registration information, related contents are displayed. You can register the server by sending it to the location control system and send the result to the client.

In an embodiment, the security server (Proxy Client) may transmit the transmitted location control registration data to the proxy server (Proxy Server) after digital signature and encryption processing.

In one embodiment, the server-type security module extracts the sender's access information using the transmission information transmitted from the institution program, and extracts the access location control information of the server in which the security server is installed using the location control program. The extracted access location control information is included in the transmission document of the electronic document and transmitted to the security server after security processing, and the transmitted document is transmitted to the information inquiry system after security processing in the case of the user PC that is normally registered A normal response can be processed.

In one embodiment, the Internet access location control system according to another embodiment of the present invention, a sliding-type enclosure for accommodating and storing the access control server; may further include.

In one embodiment, the sliding-type housing, the housing portion forming an internal space for accommodating the access control server; a plurality of shelf units installed to be spaced apart from each other in the vertical direction along the inner space of the housing unit to partition the inner space of the housing unit into a plurality of independent spaces; a housing support part installed under the housing part to support the housing part; and a rail part installed along the bottom surface so that the housing support part is connected and slidably moved in the left and right directions.

In one embodiment, the rail unit, the rail groove is formed extending in the left and right direction along the bottom surface; a rail extending in the left and right directions along the bottom surface of the rail groove; a pedestal formed in a flat plate shape so that the lower side of the housing support part can be seated and extending in the left and right directions, the pedestal being installed on the upper side of the rail to be perpendicular to the rail; and a sliding guide part installed in a plurality of rows along the upper portion of the pedestal to induce movement after separating the housing support seated on the pedestal upward from the upper side of the pedestal.

In one embodiment, the housing support unit, the front end and the rear end are respectively bent in the lower right angle direction is seated in the front end and rear end space of the rail groove, and is seated on the pedestal to support the lower side of the housing unit installed on the upper side support frame; The front end bending frame is bent in a direction perpendicular to the rear end from the lower side of the front end bent surface of the support frame, is seated on the lower side of the rail groove, is raised together as the support frame is raised, and is in close contact with the front end lower side of the pedestal; The rear end bending frame is bent from the lower side of the rear end bent surface of the support frame in a direction perpendicular to the front end, is seated on the lower side of the rail groove, and is raised together as the support frame is raised and is in close contact with the lower rear end of the pedestal; a first pad installed to cover the lower side of the support frame seated on the pedestal to cushion the impact; a second pad installed to cover the lower side of the shear bending frame seated in the rail groove to cushion the impact; and a third pad installed to cover the lower side of the rear end bent frame seated in the rail groove to cushion the impact.

In one embodiment, the sliding guide portion, an opening formed in the upper side of the pedestal and a slider seating groove recessed in the upper portion of the pedestal; an elevating slider formed in a shape corresponding to the shape of the slider seating groove, being in close contact with an inner circumferential surface of the slider seating groove, and seated under the slider seating groove; It is rotatably connected to the upper portion of the lifting slider to support the lower surface of the first pad seated on the upper side of the pedestal, and as the lifting slider ascends from the lower side of the slider seating groove, it is raised together to raise the first pad. a transfer wheel for separating the pad upwardly from the pedestal and supporting the lower side of the first pad while rotating as the first pad moves; and a compressed air supply line installed below the slider seating groove and supplying compressed air for raising the elevating slider to the inner space of the slider seating groove.

According to one aspect of the present invention described above, through the establishment of an Internet access location control system, the public's personal information protection is prevented from being used for purposes other than the institution in advance to prevent information leakage accidents and improve the quality of civil service, and to achieve the highest level in Korea. It can provide the expected effect that it will be possible to create a foundation that can be recognized for its reliability and stability by securing a security system.

The effects of the present invention are not limited to the above-mentioned effects, and various effects may be included within the range apparent to those skilled in the art from the description below.

1 is a diagram showing a schematic configuration of an Internet access location control system according to an embodiment of the present invention.
2 is a diagram showing a schematic configuration of an Internet access location control system according to another embodiment of the present invention.
FIG. 3 is a diagram showing the access control server of FIG. 2 .
FIG. 4 is a diagram illustrating a connection manager terminal of FIG. 2 .
5 is a view showing an Internet access location control system according to another embodiment of the present invention.
FIG. 6 is a view showing a connection relationship between the housing support part and the rail part of FIG. 5 .
FIG. 7 is a view showing the sliding guide unit of FIG. 6 .

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0010] DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0010] DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0023] Reference is made to the accompanying drawings, which show by way of illustration specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the present invention. It should be understood that the various embodiments of the present invention are different but need not be mutually exclusive. For example, certain shapes, structures, and characteristics described herein with respect to one embodiment may be implemented in other embodiments without departing from the spirit and scope of the invention. In addition, it should be understood that the location or arrangement of individual components within each disclosed embodiment may be changed without departing from the spirit and scope of the present invention. Accordingly, the detailed description set forth below is not intended to be taken in a limiting sense, and the scope of the invention, if properly described, is limited only by the appended claims, along with all scope equivalents to those claimed. Like reference numerals in the drawings refer to the same or similar functions throughout the various aspects.

Hereinafter, preferred embodiments of the present invention will be described in more detail with reference to the drawings.

1 is a diagram showing a schematic configuration of an Internet access location control system according to an embodiment of the present invention.

Referring to FIG. 1 , the Internet access location control system 10 according to an embodiment of the present invention includes an access control server 100 .

The access control server 100 allows only a user based on a political party location to access an institution (eg, a public institution such as a health care institution, a public office, etc.) through the network N.

That is, the access control server 100 implements an information protection system in consideration of IT-related risks from internal organizations, related organizations, and the outside, so as to satisfy the mission and business goals of a specific organization.

Here, the network N may include, for example, wireless communication, wired communication, optical ultrasound, or a combination thereof. BAN (Body Area Network), satellite communication, cellular communication, Bluetooth, NFC (Near Field Communication), IrDA (Infrared Data Association standard), WiFi (Wireless Fidelity), and WiMAX (Worldwide Interoperability for Microwave access) are included in the communication path. Ethernet, Digital Subscriber Line (DSL), Fiber to the Home (FTTH), and Plain Old Telephone Service (POTS) are examples of wired communication that can be included in a communication network. Additionally, the communication network may traverse multiple network topologies and distances. For example, the communication network may include a direct connection, a personal area network (PAN), a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), or any combination thereof. In addition, it may be achieved through a low power wide area network (Low Power Wide Area Network) including LoRaWAN, NB-Fi, and RPMA. However, as for the network N, the description of the communication network is not limited to the above-described communication network, and any latest data communication network may be applied.

In one embodiment, the access control server 100 includes a virtual machine (not shown in the drawing for convenience of explanation) that processes the actual work for allowing access, generates a random number to generate a temporary password, and The temporary password is sent by SMS to the terminal used by the user based on the stored political party location, the temporary password is entered through the terminal used by the user based on the political party location, and hardware information of the terminal used by the user based on the political party location is stored in advance If the hardware information included in the user information matches, the access to the terminal used by the user based on the political party location is authenticated, and according to the access IP of the terminal used by the user based on the political party location or the position information included in the user information It is possible to set restrictions on the functions of virtual machines that can be used in the terminal used by the user based on the political party location.

In an embodiment, the virtualization server requests and receives the evaluation result text for the authentication processing service from the terminal used by the party location-based user, and accumulates the evaluation result text received from the terminal used by the party location-based user to save, extract the saved evaluation result text as learning data, learn the learning data with the Word2Vec algorithm, build a neural network that extracts context information from the input data, and give ratings for each section of the vector value representing context information. Store the table in advance, extract the evaluation result vector value by inputting the evaluation result text currently received from the terminal used by the user based on party location in the neural network, and calculate the rating corresponding to the evaluation result vector value from the table, and calculate A rating can be guided through a program running on the terminal used by the user based on the location of the political party.

In an embodiment, the virtualization server may request and receive an evaluation of a service provided by a terminal used by a user based on a political party location. Here, the service may include a virtualization service, a file approval service, a smart manager service, and an automatic URL redirection service.

The virtualization server may calculate the rating of the service by analyzing the text of the evaluation result for the service received from the terminal used by the user based on the party location.

For example, the virtualization server may build a neural network that extracts context information for input data. Here, the input data may be evaluation result text.

The virtualization server may accumulate and store the evaluation result text received from the terminal used by the user based on the party location, and may extract the stored evaluation result text as learning data.

The virtualization server can build a neural network that learns learning data with the Word2Vec algorithm and extracts context information from input data.

The Word2Vec algorithm may include a Neural Network Language Model (NNLM). The neural network language model is basically a Neural Network consisting of an Input Layer, a Projection Layer, a Hidden Layer, and an Output Layer. The neural network language model is what is used to vectorize words. Since the neural network language model is a known technology, a detailed description thereof will be omitted.

The Word2vec algorithm, for text mining, is an algorithm that determines the proximity by looking at the front and back relationships between each word. The Word2vec algorithm is an unsupervised learning algorithm. The Word2vec algorithm may be a metric that expresses the meaning of a word in a vector form, as the name indicates. The Word2vec algorithm can represent each word as a vector in a space of about 200 dimensions. Using the Word2vec algorithm, a vector corresponding to a word can be obtained for each word. The Word2vec algorithm may enable a dramatic improvement in precision in the field of natural language processing compared to other conventional algorithms. Word2vec can learn the meaning of a word by using the relationship between a word in the sentence of the input corpus and an adjacent word. The Word2vec algorithm is based on an artificial neural network, and it starts from the premise that words with the same context have close meanings. The Word2vec algorithm learns through a text document, and trains the artificial neural network to learn other words that appear nearby (about 5 to 10 words before and after) for one word as related words. Since words with related meanings are more likely to appear close to each other in the document, the two words can have vectors that are closer to each other in the process of repeating learning.

The learning method of the Word2vec algorithm includes a continuous bag of words (CBOW) method and a skip-gram method. The CBOW method predicts the target word using the context created by the surrounding words. The skip-gram method predicts words that can come around based on one word. The skip-gram method is known to be more accurate in large datasets.

Therefore, in the embodiment of the present invention, the Word2vec algorithm using the skip-gram method is used. For example, if learning is successfully completed through the Word2vec algorithm, similar words in a high-dimensional space may be located nearby. According to the Word2vec algorithm as described above, the closer the distribution of the surrounding words in the learning document is, the more similar the calculated vector values may be, and the similarly the calculated vector values may be regarded as similar. Since the Word2vec algorithm is a well-known technique, a more detailed description related to vector value calculation will be omitted.

The virtualization server can store in advance a table in which a rating is given for each section of a vector value representing context information, and can extract the evaluation result vector value by inputting the evaluation result text received from the terminal used by the user based on the party location in the neural network. there is.

The virtualization server calculates a rating corresponding to the evaluation result vector value from a table giving ratings for each section of the vector value representing context information, and guides the calculated rating through a program running on the terminal used by the user based on the political party location. can

2 is a diagram showing a schematic configuration of an Internet access location control system according to another embodiment of the present invention.

Referring to FIG. 2 , the Internet access location control system 20 according to another embodiment of the present invention includes an access control server 100 and a connection manager terminal 200 .

The access manager terminal 200 manages the management, unique information management, history management, and authority of the inquiry PC, which is a party terminal that is allowed to access the institution.

The Internet access location control system 20 according to another embodiment of the present invention having the configuration as described above may further include a server-type security module (not shown in the drawings for convenience of description).

The server-type security module consists of a group of users using a single PC and a group using a server system, which primarily controls the location of the system where it is installed, and secondarily the location of a user PC or server that accesses itself. control

In one embodiment, the server-type security module extracts the access location control information of the security server to register the security server (Proxy Client) with the location control system, and uses the extracted information to generate registration data. Registration is processed using the registration program of , and the location control registration data generated in the registration program is digitally signed and encrypted through the security server and then transmitted to the proxy server. If the data is location control registration information, the relevant contents are transmitted to the location control system to register the security server and the result is transmitted to the client, but if it is not location control registration information, by transmitting the data to the Internet information inquiry system, Position control processing can be performed.

In one embodiment, the registration of access location control information of the user's PC using a security server (Proxy Client) is performed by accessing the registration page of the institution's homepage and installing the location control program, and when the installation is completed, the location control program of the user PC After generating registration data by extracting unique information, the generated registration data is transmitted to the security server (Proxy Client). If the data transmitted from the proxy server is WIZI control registration information, the related contents are sent to the location control system. You can register the server by sending it and send the result to the client.

In an embodiment, the security server (Proxy Client) may transmit the transmitted location control registration data to the proxy server (Proxy Server) after digital signature and encryption processing.

In one embodiment, the server-type security module extracts the sender's access information using the transmission information transmitted from the institution program, and extracts the access location control information of the server in which the security server is installed using the location control program, The extracted access location control information is included in the transmission document of the electronic document and transmitted to the security server after security processing, and the transmitted document is transmitted to the information inquiry system after security processing. can

The service processing sequence of the Internet access location control system 20 according to another embodiment of the present invention having the above-described configuration is as follows. 1) Access to the Agency Information Center Portal for Institutional Business PC 2) Access Location Control System Acquisition/Registration/Registration of PC Basic Information for Institutional Business 3) Provide desired information in case of registered PC 4) Connect to new or changed PC 5 ) Notification of unregistered PC registration information and warning message pop-up window 6) New and changed PC registration for institutional business / Confirmed by MASTER PC 7) New and changed PC registration details Notify institution administrator and representative by SMS or E-Mail 8) Institutional administrator and representative It can be performed by the order of registration confirmation.

The access location control of the client of the Internet access location control system 20 according to another embodiment of the present invention having the configuration as described above is as follows. 1) New clients can connect to the existing server, but the old clients cannot connect to the server with the access location control function activated. However, it is possible if it is based on a certificate. 2) In case of certificate-based, the result is immediately notified to the client through the certificate DN and client location information. 3) In the case of anonymity, if the access client location information is binary searched in the entire sorted table, the received information is kept instead of passing or passing unconditionally, and when verifying the certificate for signature, etc., it is passed after checking the accessible location information. Verification is performed only if 4) It is recommended to use a certificate-based basis if possible. Anonymous table search is available only when all users receive location control. 5) In the case of ID/PWD-based (anonymous), login is not possible in case of inconsistency with registered information even if ID/PWD verification is normal during ID login. 6) In relation to the implementation of the certificate fee, it is possible to reflect the Login (certificate-based, ID/PWD-based) policy depending on the purpose and type of the certificate.

The registration of extracting access location information of a Client of the Internet access location control system 20 according to another embodiment of the present invention having the configuration as described above is as follows. 1) Automatically extracts IP and MAC information of customers' PCs who have applied for service and manages them in the DB 2) In case of a small number of users, it is managed in the form of an encrypted file in the XecureWeb Premium installation directory

The Internet access location control system 20 according to another embodiment of the present invention having the configuration as described above, by establishing an Internet access location control system, blocks the use of the public's personal information for other purposes other than the institution in advance. It can provide the expected effect that it will be possible to prevent information leakage accidents, improve the quality of civil service, and create a foundation for reliability and stability by securing the highest level of security system in Korea.

FIG. 3 is a diagram showing the access control server of FIG. 2 .

Referring to FIG. 3 , the access control server 100 includes the access location check unit 110 , the location restriction information storage unit 120 , the access location comparison unit 130 , the access determination unit 140 , and the notification unit 150 . ) is included.

The connection location check unit 110 extracts and confirms the unique location information of the connected PC.

The location restriction information storage unit 120 stores location restriction information for determining a location where access is permitted.

The access location comparison unit 130 compares the location limitation information stored in the location limitation information storage unit 120 with the unique location information of the access PC confirmed by the access location check unit 110 .

The connection determination unit 140 reads the result collated by the connection location comparison unit 130 and determines whether to allow the server to connect.

The notification unit 150 notifies the connection manager terminal 200 of the information of the connection PC.

FIG. 4 is a diagram illustrating a connection manager terminal of FIG. 2 .

Referring to FIG. 4 , the connection manager terminal 200 includes a PC management unit for inquiry 210 , a unique information management unit 220 , a history management unit 230 , an authority management unit 240 , a statistics unit 250 , and a currency setting unit. (260).

The inquiry PC management unit 210 performs at least one function of inquiry of PC for inquiry, registration of PC for inquiry, batch arrangement of unconnected PCs, management of registration history, and extraction of PCs outside the relevant institution.

The unique information management unit 220 performs at least one function of inquiring unique information, registering unique information, and correcting or deleting unique information.

The history management unit 230 performs a history information inquiry.

The permission management unit 240 performs at least one function of permission management, group management, organization management, user management, authentication policy setting, authorization policy setting, dynamic policy setting, and role access control setting.

The statistics unit 250 performs statistics for general, branch, and institution.

The exchange setting unit 260 performs at least one function of common code management, notice management, and manager notification function management.

5 is a view showing an Internet access location control system according to another embodiment of the present invention.

Referring to FIG. 5 , the Internet access location control system 30 according to another embodiment of the present invention includes a connection control server 100 , a connection manager terminal 200 , and a sliding enclosure 400 . .

Here, since the access control server 100 and the access manager terminal 200 are the same as those of FIG. 1 or FIG. 2 , descriptions thereof will be omitted.

The sliding housing 400 accommodates and stores the access control server 100 or the access manager terminal 200, and moves in the left and right directions according to the user's needs at the installation site.

In one embodiment, the sliding type enclosure 400 may include an enclosure part 410 , a plurality of shelf parts 420 , an enclosure support part 430 , and a rail part 440 .

The housing unit 410 forms an internal space for accommodating the access control server 100 or the connection manager terminal 200 , and the internal space is divided into a plurality of independent spaces by the shelf unit 420 , and the housing support unit It is installed on the upper side of the 430.

The shelf part 420 is installed to be spaced apart from each other in the vertical direction along the internal space of the housing part 410 so as to divide the internal space of the housing part 410 into a plurality of independent spaces.

The enclosure support part 430 is installed on the lower side of the enclosure part 410 to support the enclosure part 410 , is seated on the rail part 440 , and slides in the left and right direction along the rail part 440 .

The rail unit 440 is installed along the bottom surface of the facility so that the housing support unit 430 is connected and slidably moved in the left and right directions.

Referring to FIG. 6 , the rail unit 440 may include a rail groove 441 , a rail 442 , a pedestal 443 , and a sliding guide unit 444 .

The rail groove 441 extends in the left and right directions along the bottom surface, and the rail 442 is installed along the inner bottom surface.

The rail 442 is formed to extend in the left and right directions along the bottom surface of the rail groove 441 , and the pedestal 443 is installed on the upper side.

The pedestal 443 is formed in a flat plate shape so that the lower side of the housing support 430 can be seated and is formed to extend in the left and right directions, and is installed on the upper side of the rail 442 to be perpendicular to the rail 442 .

The sliding guide part 444 is a support unit 430 seated on the pedestal 443, that is, the first pad 434 is spaced upward from the upper surface of the pedestal 443, and then the pedestal to induce movement. 443) is installed in a row along the upper part.

5 and 6 , the enclosure support 430 includes a support frame 431 , a front bending frame 432 , a rear bending frame 433 , a first pad 434 , a second pad 435 , and A third pad 436 may be included.

The support frame 431 has a front end 431a and a rear end 431b bent in a lower right angle direction, respectively, and is seated in the space at the front end and the rear end of the rail groove 441, and the first pad 434 installed on the lower side is It is seated on the pedestal 443 to support the lower side of the housing unit 410 installed on the upper side.

The front bending frame 432 is bent from the lower side of the front bending surface of the support frame 431 in a right angle direction to the rear end and is seated on the lower side of the rail groove 441, and as the support frame 431 is raised, it is raised together. It is in close contact with the lower front end of the pedestal 443 .

The rear end bent frame 433 is bent from the lower side of the rear end bent surface of the support frame 431 in a right angle direction to the front end, and is seated on the lower side of the rail groove 441, and is raised together as the support frame 431 is raised. It is in close contact with the lower rear end of the pedestal 443 .

The first pad 434 is installed to cover the lower surface of the support frame 431 that is seated on the pedestal 443 to buffer the impact, and is seated on the upper side of the pedestal 443 .

The second pad 435 is installed to cover the lower surface of the front bending frame 432 seated in the rail groove 441 to cushion the impact, and is seated on the bottom surface of the rail groove 441 .

The third pad 436 is installed to cover the lower surface of the rear end bent frame 433 seated in the rail groove 441 to cushion the impact, and is seated on the bottom surface of the rail groove 441 .

The Internet access location control system 30 according to another embodiment of the present invention having the configuration as described above uses the sliding type enclosure 400 in which the access control server 100 or the access manager terminal 200 is installed. By freely setting the installation location of the access control server 100 or the access manager terminal 200 according to the needs of the user, the space efficiency of the institution in which the access control server 100 or the access manager terminal 200 is installed is improved. can do it

FIG. 7 is a view showing the sliding guide unit of FIG. 6 .

Referring to FIG. 7 , the sliding guide part 444 includes a slider seating groove 4441 , a lifting slider 4442 , a transfer wheel 4443 , and a compressed air supply line 4444 .

The slider seating groove 4441 forms an opening in the upper side of the pedestal 443 and is recessed in the upper portion of the pedestal 443 , and the elevating slider 4442 is seated therein.

The elevating slider 4442 is formed in a shape corresponding to the shape of the slider seating groove 4441, is in close contact with the inner circumferential surface of the slider seating groove 4441, and is seated below the slider seating groove 4441, and a transfer wheel ( 4443) is connected and installed, and as compressed air is supplied to the slider seating groove 4441 through the compressed air supply line 4444, it rises to the lower side of the slider seating groove 4441 to support the first pad 434. It raises the transfer wheel (4443).

The transfer wheel 4443 is rotatably connected to the upper portion of the elevating slider 4442 to support the lower surface of the first pad 434 seated on the upper side of the pedestal 443, and the elevating slider 4442 is the slider As it rises from the lower side of the seating groove 4441, the first pad 434 is spaced upward from the pedestal 443, and the first pad is moved as the user moves the housing unit 410 ( While rotating by 434 , the lower side of the first pad 434 is supported to reduce the frictional force between the first pad 434 and the pedestal 443 .

The compressed air supply line 4444 is installed below the slider seating groove 4441, and a compressed air supply device separately provided with compressed air for raising the lifting slider 4442 (not shown in the drawings for convenience of explanation). ) and supplied to the inner space of the slider seating groove 4441 .

The sliding guide part 444 having the configuration as described above minimizes the frictional force between the first pad 434 and the pedestal 443, so that even when the user pushes the enclosure part 410 with a small force, the enclosure part ( 410) may be moved.

The Internet access location control system having the above-described configuration may execute or manufacture various software based on an operating system (OS), that is, the system. The operating system is a system program for software to use the hardware of the device, and is a mobile computer operating system such as Android OS, iOS, Windows Mobile OS, Bada OS, Symbian OS, Blackberry OS, and Windows series, Linux series, Unix series, It can include all computer operating systems such as MAC, AIX, and HP-UX.

The term '~ unit' used in the above embodiments means software or hardware components such as field programmable gate array (FPGA) or ASIC, and '~ unit' performs certain roles. However, '-part' is not limited to software or hardware. The '~ unit' may be configured to reside on an addressable storage medium or may be configured to refresh one or more processors. Thus, as an example, '~' denotes components such as software components, object-oriented software components, class components, and task components, and processes, functions, properties, and procedures. , subroutines, segments of program patent code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables.

Functions provided in components and '~ units' may be combined into a smaller number of components and '~ units' or separated from additional components and '~ units'.

In addition, components and '~ units' may be implemented to play one or more CPUs in a device or secure multimedia card.

The Internet access location control system may also be implemented in the form of a computer-readable medium for storing instructions and data executable by a computer. In this case, the instructions and data may be stored in the form of program code, and when executed by the processor, a predetermined program module may be generated to perform a predetermined operation. In addition, computer-readable media can be any available media that can be accessed by a computer, and includes both volatile and nonvolatile media, removable and non-removable media. In addition, the computer-readable medium may be a computer recording medium, which is a volatile and non-volatile and non-volatile embodied in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data. It may include both volatile, removable and non-removable media. For example, the computer recording medium may be a magnetic storage medium such as HDD and SSD, an optical recording medium such as CD, DVD, and Blu-ray disc, or a memory included in a server accessible through a network.

Also, the Internet access location control system may be implemented as a computer program (or computer program product) including instructions executable by a computer. The computer program includes programmable machine instructions processed by a processor, and may be implemented in a high-level programming language, an object-oriented programming language, an assembly language, or a machine language. . In addition, the computer program may be recorded in a tangible computer-readable recording medium (eg, a memory, a hard disk, a magnetic/optical medium, or a solid-state drive (SSD), etc.).

Accordingly, the Internet access location control system may be implemented by executing the computer program as described above by the computing device. The computing device may include at least a portion of a processor, a memory, a storage device, a high-speed interface connected to the memory and the high-speed expansion port, and a low-speed interface connected to the low-speed bus and the storage device. Each of these components is connected to each other using various buses, and may be mounted on a common motherboard or in any other suitable manner.

Here, the processor may process a command within the computing device, such as for displaying graphic information for providing a Graphical User Interface (GUI) on an external input or output device, such as a display connected to a high-speed interface. Examples are instructions stored in memory or a storage device. In other embodiments, multiple processors and/or multiple buses may be used with multiple memories and types of memory as appropriate. In addition, the processor may be implemented as a chipset formed by chips including a plurality of independent analog and/or digital processors.

Memory also stores information within the computing device. As an example, the memory may be configured as a volatile memory unit or a set thereof. As another example, the memory may be configured as a non-volatile memory unit or a set thereof. The memory may also be another form of computer readable medium such as, for example, a magnetic or optical disk.

In addition, the storage device may provide a large-capacity storage space to the computing device. A storage device may be a computer-readable medium or a component comprising such a medium, and may include, for example, devices or other components within a storage area network (SAN), a floppy disk device, a hard disk device, an optical disk device, or a tape device, a flash memory, or other semiconductor memory device or device array similar thereto.

The above-described embodiments are for illustration, and those of ordinary skill in the art to which the above-described embodiments pertain can easily transform into other specific forms without changing the technical idea or essential features of the above-described embodiments. You will understand. Therefore, it should be understood that the above-described embodiments are illustrative in all respects and not restrictive. For example, each component described as a single type may be implemented in a distributed manner, and likewise components described as distributed may be implemented in a combined form.

The scope to be protected through this specification is indicated by the claims described below rather than the above detailed description, and it should be construed to include all changes or modifications derived from the meaning and scope of the claims and their equivalents. .

10, 20, 30: Internet access location control system
100: access control server
200: connection manager terminal
400: sliding enclosure

Claims (3)

an access control server that allows only users based on political party location to access the organization; and
Including; and an access manager terminal for managing PC for inquiry, which is a party terminal allowing access to the institution, management of unique information, management of history, and authority;
The access control server,
an access location check unit for extracting and checking the unique location information of the access PC;
a location restriction information storage unit storing location restriction information for determining a location where access is permitted;
an access location comparison unit that compares the location limitation information stored in the location limitation information storage unit with the unique location information of the access PC confirmed by the access location check unit;
a connection determination unit that reads the result collated by the connection location comparison unit and determines whether to allow the server to connect; and
and a notification unit that informs the access manager terminal of the information of the access PC.
The connection manager terminal,
a PC management unit for inquiry that performs at least one function of inquiry of the inquiry PC, registration of the inquiry PC, collective arrangement of unconnected PCs, registration history management, and extraction of PCs outside the relevant institution;
a unique information management unit that performs at least one function of inquiring unique information, registering unique information, and correcting or deleting unique information;
a history management unit that searches for history information;
an authority management unit that performs at least one function of rights management, group management, organization management, user management, authentication policy setting, authorization policy setting, dynamic policy setting, and role access control setting;
Statistics Department, which performs general, branch and institutional statistics; and
It includes; an environment setting unit that performs at least one function of common code management, notice management, and manager notification function management.
It consists of a group of users using a single PC and a group using a server system. Server type security that primarily controls the location of the system where it is installed, and secondarily controls the location of the user PC or server that accesses it. module; further comprising,
The server type security module,
In order to register the security server (Proxy Client) in the location control system, the access location control information of the security server is extracted, and registration is processed using a separate registration program that can generate registration data using the extracted information, The location control registration data generated by the registration program is transmitted to a proxy server after digital signature and encryption processing through the security server, and the data transmitted from the proxy server is location control registration information. In this case, the relevant content is transmitted to the location control system, the security server is registered, and the result is transmitted to the client, but if it is not the location control registration information, the location control process is performed by transmitting the data to the Internet information inquiry system, ,
The registration of the access location control information of the user PC using the security server (Proxy Client) is,
The location control program is installed by accessing the registration page of the institution's homepage, and when the installation is completed, the user PC's unique information is extracted from the location control program to generate registration data, and then the generated registration data is transferred to the security server (Proxy Client). When the data transmitted from the proxy server is the location control registration information, the related contents are transmitted to the location control system to register the server, and the result is transmitted to the client,
The security server (Proxy Client),
Transmitting the transmitted location control registration data to the proxy server after digital signature and encryption processing,
The server type security module,
The access information of the sender is extracted using the transmission information transmitted from the institution program, the access location control information of the server in which the security server is installed is extracted using the location control program, and the extracted access location control information of the electronic document is extracted. It is included in the transmission document and transmitted to the security server after security processing, and the transmitted document is transmitted to the information inquiry system after security processing, and in the case of the normally registered user PC, a normal response is processed,
It further includes; a sliding-type enclosure for storing and storing the access control server,
The sliding type enclosure,
an enclosure forming an internal space for accommodating the access control server;
a plurality of shelf units installed to be spaced apart from each other in the vertical direction along the inner space of the housing unit to partition the inner space of the housing unit into a plurality of independent spaces;
a housing support part installed under the housing part to support the housing part; and
and a rail part installed along the bottom surface so that the housing support part is connected and slid in the left and right direction.
The rail unit,
Rail grooves extending in the left and right directions along the bottom surface;
a rail extending in the left and right directions along the bottom surface of the rail groove;
a pedestal formed in a flat plate shape so that a lower side of the housing support part can be seated and extending in the left and right directions, the pedestal being installed on the upper side of the rail to be perpendicular to the rail; and
and a sliding guide part installed in a row along the upper part of the pedestal so that the housing support seated on the pedestal is spaced upward from the upper side of the pedestal and then moved.
The enclosure support portion,
a support frame having front and rear ends bent in a lower right angle direction, respectively, to be seated in the space at the front and rear ends of the rail groove, the support frame being seated on the pedestal to support the lower side of the housing unit installed on the upper side;
The front end bending frame is bent from the lower side of the front end bent surface of the support frame in a right angle direction to the rear end and is seated on the lower side of the rail groove, and is raised together as the support frame is raised and is in close contact with the lower front end of the pedestal;
The rear end bent frame is bent in a direction perpendicular to the front end from the lower side of the rear end bent surface of the support frame, is seated on the lower side of the rail groove, and is raised together as the support frame is raised to be in close contact with the lower rear end of the support frame;
a first pad installed to cover the lower side of the support frame seated on the pedestal to cushion the impact;
a second pad installed to cover the lower side of the shear bending frame seated in the rail groove to cushion the impact; and
Includes; a third pad installed to cover the lower surface of the rear end bent frame seated in the rail groove to cushion the impact;
The sliding guide unit,
a slider seating groove forming an opening in the upper side of the pedestal and recessed in the upper portion of the pedestal; an elevating slider formed in a shape corresponding to the shape of the slider seating groove, being in close contact with an inner circumferential surface of the slider seating groove, and seated under the slider seating groove; It is rotatably connected to the upper part of the lifting slider to support the lower surface of the first pad seated on the upper side of the pedestal, and as the lifting slider ascends from the lower side of the slider seating groove, it is raised together to raise the first pad. a conveyance wheel that separates the pad upward from the pedestal and supports the lower side of the first pad while rotating as the first pad moves; and a compressed air supply line installed below the slider seating groove and supplying compressed air for raising the elevating slider to the inner space of the slider seating groove.
delete delete

Images