KR20020094195A - control system for contents of sites - Google Patents

Abstract

PURPOSE: A system for controlling the site information is provided to restrict the accessing to an Internet web site of a computer not in connection with a specific physical server regardless of an application program and a setup file and to block the information of a specific site according to the request of a group or a user. CONSTITUTION: A user is connected to the Internet by using a client(100). An address replacement module(200) replaces a destination address to a specific destination address via the client with response to the selection or the input of the user. A central server(300) has the address replaced by the address replacement module, determines the allowance or blocking to access the address desired by the client, and informs the result. A site database(400) interlocks with the central server and stores the information about the Internet site of which accessing is allowed or blocked. An external web server(500) is sought by the central server. A search module(600) performs the searching for the accessing to the address with response to the request of the central server.

Description

Control system for contents of sites

The present invention relates to a site information control system, and more particularly, in the use of the Internet through a terminal connected to the Internet, when a web page is requested, the user replaces an IP address of a desired destination with an IP address of a specific destination server. The present invention relates to a system for retrieving site information requested by a user from the destination server and allowing or disallowing access according to information content.

The characteristics of modern society can be summarized from the point of view of information by the continuous production of information, the reprocessing of information, and the movement of this information to the final consumer. In all fields, including science and technology, trade, transportation, industrial production, the environment, and defense, complex and diverse situations arise all the time, and individual and group states need rapid situation determination and decision making to respond appropriately to these situations and problems. In order to make good judgments and decisions, we need constant information. As a result of the use of the Internet, more information can be obtained in a shorter time. As the Internet is applied to companies, it is obvious that the Internet has made a significant contribution to improving the productivity of companies such as data exchange and business communication through the Internet. In addition, using personal computer at home, they use personal office work, search for students' learning materials, etc., and are used as learning materials and educational means in schools.

However, while there are positive aspects of the Internet as described above, there are many negative aspects due to the use of the Internet in businesses, schools, homes, and the like. Such negative aspects include social problems such as deterioration of work efficiency due to access to securities, games, chats, and sexually explicit sites through the Internet, access to sexually explicit sites such as teenagers at home, and sexually explicit sites at school. The situation is emerging as a problem.

First of all, in the case of a company, Internet users (workers) in the company have a large number of users who use the Internet to make online stock trading during working hours, while using the Internet to obtain valuable and valuable information. Workers learn to trade stocks from their colleagues, and more than 80% of investors are losing money, and more than 20% of them are forced to break into homes due to severe economic crises. In addition, the craze of cyber securities trading and day trading has led to the fact that stock trading is inevitable during office hours, and head competition with companies to prevent it is fierce. During the working hours, a huge loss of work occurs as described above by using the Internet outside of work such as online stock trading, securities companies, online games, pornographic sites, chats, etc. during working hours.

In order to prevent such a loss of work, the management of the company is controlling the use of the Internet by employees, such as Internet access blocking program, proxy server (Proxy Server) installation.

The Internet access blocking program is installed to close a particular Internet site that employees prefer or block LANs within the company in the judgment that the management of the company is an obstacle to productivity improvement such as online stock trading, pornography, and games. In addition, the Internet sites that companies are trying to ban are not limited to stocks, games, and pornographic sites, which currently account for the largest share. Recently, it is spreading to all the sites that are not directly related to work such as news, shopping and hiring. In particular, the basic method for companies to block Internet sites is to block users by installing blocking programs in the form of blocking the access by making a 'black list' such as securities companies, securities information sites, and obscene sites that employees frequently access. . In the above method, if the user uses the Internet while the Internet access blocking program is installed in the computer, the administrator may search a database of restricted access sites that are 'blacklisted' registered on the computer, and may be indecent, chat, securities managers, etc. If the site corresponds to the prohibited site, access is restricted.

However, such a case corresponds to a method for blocking access to the Internet using software, and a person having ordinary knowledge of a computer operating system may delete and use the software from the computer. As described above, there are cases where a program prepared for deletion of software is developed and installed. However, in the case of using the Microsoft Windows as described above, the registry on Windows is used. If the setting value for the Internet blocking program set in (Registry) is deleted, there is another problem that an Internet site for chatting, pornography, games, and stocks can be used without restriction of the Internet access program.

In addition, in order to solve the above problems, in the case of a company, a proxy server is installed on a server side connected to a computer on a local area network (LAN) to configure a computer used by employees of an enterprise to use the Internet through a proxy server. . Thus, when the employees use the Internet, it is configured to pass through the proxy server. Therefore, the address of the Internet site that the employee wants to visit is delivered to the proxy server, and the address is delivered when the user of the computer uses the Internet by searching a database in which the address to be restricted for the website is stored in the proxy server. This limits the use of the Internet. However, the above-described method also has a problem that the user can use it without restriction in visiting the website because the user can delete the proxy set part when setting the user's Internet. In addition, when controlling the access to the Internet using the proxy server, it is possible to visit other securities, pornographic sites, etc. by connecting to a server that provides a web proxy provided on the Internet, even if using the anonimizer service There is a problem that you can visit other securities, obscene sites and the like. In addition, there is another problem that the server administrator and database administrator, etc. are separately required as using the proxy server as described above.

In the case of adolescents at home or at school, the activities of the teenagers in cyberspace are not only diverse, but also differ in the contents from the activities of the teenagers in the real world. Moreover, because of the complex nature of the virtual world, it is difficult to understand the cyber activities of adolescents with a single dimension such as the time of use or the purpose of use. Also, depending on how adolescents use the Internet, the Internet environment can have a positive effect on their social and psychological development, but it can also have a negative effect. In other words, the infinite world of information provided by the Internet not only broadens the youth's field of view, but also the youth learns through the active learning process that navigates them, thus improving their motivation and self-confidence, and increasing their knowledge and learning ability. On the other hand, indiscriminate exposure to negative environments such as pornography and the anonymity provided by the Internet are likely not only to stimulate adolescents' sexual impulses, but also to influence values, creating an overly open and feminine sexual consciousness. Excessive immersion into the Internet (Internet addiction) can negatively affect young people's values and sociality, including weakening family and friend relationships. Accordingly, an appropriate internet information blocking method is devised at home or school for the internet used by the youth, and the internet access blocking program is installed at home as the blocking method, and in the case of a school, pornography is used on a proxy server or a server. It will install a program that can block. In fact, there is a statistical result that adolescents' contact with pornography through the Internet is frequent through the home.

However, although Internet blocking programs for families such as teenagers are sold on the market, there is a problem that the effect of blocking is significantly reduced due to the above-described program deletion, registry deletion, and the like. In addition, the method of using the proxy server used in the above-mentioned companies is expensive and there is another problem that it is difficult to install in a normal home.

In order to solve this problem, a smart card reader is attached to the keyboard of a computer using the Internet so that users who are authenticated through smart card authentication can use the unlimited Internet. Some are configured to use. However, the above-described method may delete the blocking program through booting through the boot disk by replacing the keyboard, or modify the registry file to stop the operation of the blocking program when using Microsoft's Windows. In addition, there is another problem that can stop the operation of the blocking system by formatting or replacing the hard disk.

Also, in the case of a school, there is a case of using the Internet access blocking program as in the home and blocking the Internet using a proxy server of a similar type as in the enterprise.

However, it is possible to make the Internet blocking method installed in the enterprise or home as described above relatively easily. In addition, the invalidation method as described above is easy for a user having ordinary knowledge of a computer.

The present invention has been made to solve the above problems, and an object thereof is to provide a system for restricting access to an Internet website to be blocked regardless of an application program or a configuration file.

Another object is to provide a system that can block a particular Internet website of a computer that is not connected to a specific physical server.

In addition, another object of the present invention is to provide a system that can block specific site information according to a group of users or a user's request.

In addition, there is another purpose of controlling access to a site without a separate site blocking management personnel in an organization using multiple computers.

1 is a conceptual diagram of a three-step handshake of TCP / IP.

2 is a block diagram of a site information control system according to a first embodiment of the present invention.

Fig. 3a: Flow chart of internet usage and datagram transmission according to the first embodiment of the present invention.

3b: Flow chart of adding a new IP header according to the first embodiment of the present invention.

3c is a flowchart of a destination search and search module according to a first embodiment of the present invention.

3d is a process flow diagram in accordance with a search of the first embodiment of the present invention;

4 is a block diagram of a site information control system according to a second embodiment of the present invention.

Fig. 5a: Flow chart of internet usage and datagram transmission according to the second embodiment of the present invention.

5b: Flow chart of adding a new IP header according to a second embodiment of the present invention.

5C: Destination Search and Search Module Flowchart according to a second embodiment of the present invention.

6 is a block diagram of a site information control system according to a third embodiment of the present invention.

Fig. 7a: Flow chart of internet usage and datagram transmission according to the third embodiment of the present invention.

7B is a flowchart of a destination search and search module according to a third embodiment of the present invention.

<Description of Symbols for Major Parts of Drawings>

100: client 101: network interface card

102: memory 110: host A

120: host B 200: address replacement module

300: central server 310: intermediate server

400: site database 500: external web server

600: search module

The present invention to achieve the above object, the user connects to the Internet using a wired or wireless to use the client; An address replacement module for converting a destination address requested through the client into a specific destination address according to a user's selection or input when the user uses the Internet; A central server having a destination address according to a selection or input of the client user having an address replaced by the address replacement module, and determining whether to allow / disable access to a destination address desired by the client and notifying a result value; A site database interworking with the central server and storing information on Internet sites which are allowed or disabled in the request destination addresses of the clients; An external web server corresponding to a destination address according to the selection or input of the client and searched by the central server; And a search module for performing a search for allowing or disallowing access to the destination address according to the selection or input of the client according to the request of the central server.

A wired or wireless network interface card including a memory storing information on accessible / disabled Internet sites; A client that allows a user to access any external web server connected to the Internet via a wired or wireless LAN; A first search module for performing a connection permission / non-search for an Internet site in a memory embedded in the network interface card with a destination address of an external web server to which the client wants to connect; An address replacement module inserted into the network interface card and replacing the destination address of the external web server to which the client is to be connected with the address of the specific server so as to pass through the specific server; A central server having an address replaced by the address replacement module, which determines whether to allow / disable access to a destination address of an external web server to which the client is to access, and notifies a result value; A site database interworking with the central server and storing information on Internet sites which are allowed or disabled in the request destination addresses of the clients; And a second search module for performing a search for allowing or disallowing access to a destination address to which the client wants to access, according to a request of the central server, for a site not registered in the site database.

The present invention having the technical features as described above will be described in detail below. However, it will be apparent to those skilled in the art that the following embodiments are not limited to the specific embodiments of the present invention, but various modifications can be made within the technical scope of the present invention.

First, the basic concept of the present invention, when using the Internet, forcibly connects to a specific server using a physically configured network interface card to access the external web server that the user wants to visit, and the visited request is requested from the specific server. It is a system that can allow or disable the user's access to the Internet according to the search result of the address of the external web server. Various embodiments will be possible under this concept, and the present invention will be described in more detail with reference to the following specific embodiments.

Hereinafter, with reference to the accompanying drawings will be described in detail with respect to the site information control system according to an embodiment of the present invention. 3 is a first configuration diagram of a site information control system according to a first embodiment of the present invention.

First, the site information control system according to an embodiment of the present invention is largely, the client 100, the address translation module 200, the central server 300, the site database 400, the external web server 500, search It can be divided into module 600.

<Configuration of First Embodiment>

First, the client 100 will be described. The client 100 serves to allow a user to access any external web server 500 connected to the Internet through a wired or wireless network interface card. In addition, the client 100 refers to a terminal capable of receiving Internet information by accessing a specific server such as a personal computer, a notebook computer, a network computer, a wireless mobile communication terminal, and an Internet TV. In addition, in order to receive information on the client 100, a server must be connected, and a protocol is used to share and receive resources between the servers for communication with the server. In addition, the protocol generally uses TCP / IP (Transmission Control Protocol / Internet Protocol). The greatest advantage of TCP / IP is that it provides a means of communication that is compatible between all kinds of hardware and operating systems. Therefore, TCP / IP is required for Internet connection or data sharing between computers. In general, there is no fixed rule in the method of expressing TCP / IP as a layered model, but in general, it is divided into application layer, transport layer, internet layer, and network layer from the upper level.

First, the Application layer includes TCP / IP applications such as telnet, File Transfer Protocol (FTP), Simple Message Trasnfer Protocol (SMTP), and Hyper Text Transfer Protocol (http). The application layer protocol works regardless of the data flow in the network. In addition, the application layer performs a task by a user using the application, and transmits the result of the performed task to a transport layer which will be described later to transmit the result to another computer on the network.

Next, the Transport layer plays a role of transmitting the content worked in the Application layer. The most important protocols of the transport layer are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The TCP provides a reliable data transfer service with end-to-end error detection and correction function, and the UDP serves to provide a connectionless datagram delivery service without being overloaded.

Table 1 shows a message format of UDP. In the case of UDP, any technology that checks whether data is delivered to a computer on a network has a protocol that does not have a protocol inside, or plays a role of speeding up transmission by minimizing overhead.

In addition, since TCP confirms that the data is delivered in the correct and correct order through the network, an application that requires the Transport protocol to provide stable data transmission uses the TCP.

Table 2 above is a message format of TCP. The TCP then provides reliability with a mechanism called retransmission through authentication. A system using retransmission for the authentication sends the data again if it does not hear from the remote system that the data arrived well. The data units exchanged between the TCP modules are called segments. Each segment has a checksum that the receiver uses to check for corruption of the data. If the data segment is received intact, the receiver sends an authentication value to the sender, and if the data segment is damaged, the receiver discards the data. In addition, the TCP module transmitting after a reasonable time passes again the segments for which the authentication value has not arrived.

In addition, the TCP corresponds to a connection-based protocol, and the connection is confirmed by using control information called a three-step handshake. The third step handshake will be described with reference to FIG. 1. 1 is a conceptual diagram of a three-step handshake. In step 3, the host A 110 sends a segment to the host B 120 by setting a SYN (Synchronize Sequence Number) bit. The segment starts the host A 110 to the host B 120. ) Indicates that it wants to start the connection and tells Host A 110 which Sequence Number value to use as the start number of the segments. Host B 120 responds by sending segment ACK (Acknowledgement) and SYN bit set to Host A 110. The segment of host B 120 indicates that it has received the segment of host A 110 and informs host A 110 of the starting serial number to be used by host B 120. Finally, host A 110 sends a segment indicating that it has received a segment of host B 120 and transmits the first actual data. Accordingly, it is possible to transmit and receive data through the network.

Next, the Internet layer IP (Internet Protocol) is the core of TCP / IP and is the most important protocol in the Internet layer. IP provides a basic datagram delivery service that is the foundation of a TCP / IP network. All protocols in the layers above and below IP use IP to carry data. All data in TCP / IP enters and leaves IP, regardless of its final destination. In addition, IP functions define datagrams and the Internet address system, which are the basic units of Internet transport, move data between the network layer and the transport layer between hosts and hosts, route datagrams to remote hosts, and fragment datagrams. ) And re-assembly. In addition, the datagram is a datagram format defined by IP. Table 3 shows a chart of the IP datagrams.

Next, the network layer is the lowest layer in the TCP / IP protocol structure. This layer of protocol provides a means for the system to pass data through the network to other devices directly attached to the network. Unlike the higher level protocols, the Network Access layer protocol must know the details of the actual network in order to comply with network rules and to correctly format the data being transmitted. The detailed information refers to a datagram structure, an addressing scheme, and the like. Functions performed at this layer include the task of making IP datagrams into frames transmitted over the network and the mapping of IP addresses to physical addresses used in the network. Also, one of the advantages of TCP / IP is absolute addressing. The IP address must be translated into an address suitable for the physical network on which the datagram is being sent. After the work in each layer is completed, the datagram is input to a network interface card.

Next, the address replacement module 200 will be described. The address translation module 200 completes the work of each layer of the TCP / IP when receiving information on a site using a terminal connected to the Internet, and a network interface card through a final network layer. Card) is used to replace the Destination Address among the datagrams entered into the IP address of a specific server. Therefore, the client 100 does not access the site that the user of the client 100 wants to visit by the address replacement module 200, but accesses to a specific server already set in the address replacement module 200. In addition, the address replacement module 200 is composed of hardware for replacing the destination address transmitted by the Internet user's selection with a specific destination address. In addition, the hardware is composed of a module chip or ROM in which a program for substituting a specific destination address is embedded, and the module chip or ROM is installed on a network interface card to specify a destination address of a datagram to be input. It is configured to be replaced with the address of the server.

In addition, the address replacement module 200 is a method of 1: 1 replacement of the destination address of the datagram with the destination address of the specific server and a new IP header with the transmitted datagram itself as the destination address of the specific server. A method of performing encapsulation is used.

The 1: 1 substitution method is configured such that the initial destination address of the replaced user is temporarily stored in the data area and restored to the original destination address of the user upon the final access permission of the central server 300, which will be described later. The temporary storage method may be temporarily stored in an area such as a type of service (TOS) which is not currently used or temporarily stored in the above-mentioned data area. In addition, the source for address substitution and temporary storage used in the 1: 1 substitution method corresponds to general knowledge for network programmers, and thus detailed description thereof will be omitted.

In addition, the address translation module 200 may be separately implemented by performing encapsulation of attaching a new IP header. The encapsulation process treats the datagram input to the network interface card as one piece of data and sends it to the transmission queue of the interface as the interface is ready for transmission. And, to add a new IP header, first allocate the memory for the datagram to copy, assign the buffer's top pointer, and allocate the datagram size buffer. Then, the datagram is copied to the allocated buffer. After that, the structure and variable for the transmission level datagram are initialized, the destination address of the IP header is assigned to the address of a specific server, and the checksum is calculated for the new IP header. Then, the datagram is inserted into the allocated buffer. The datagram completed as above is sent to the transmission queue by calling a specific function. In addition, the above scheme is composed of hardware that replaces a destination address transmitted by a user's selection with a specific destination address. In addition, the hardware is composed of a module chip or ROM in which a program for replacing a specific destination address is embedded, and the module chip or ROM is installed on a network interface card and replaces the destination address of a datagram inputted with the address of a specific server. Configured to do so. In the address exchange of the above-described method, since the information on the destination address designated by the user has information in the IP header inputted to the initial network interface card, the IP header can be referred to.

In addition, the address replacement module 200 is modified to be driven in hardware and undergoes a compile process, and then constitutes a module chip or a ROM. In addition, the program includes a data retrieval module 600 for retrieving whether or not reception is possible by retrieving data included in the datagram received through the network interface card 101. The data retrieval module 600 searches for data included in the datagram received through the network interface card 101 and deletes the received data when data corresponding to the set term is received. Therefore, it is possible to block information such as obscene, securities provided by the 014XY service using a program such as telnet (telnet).

Next, the central server 300 will be described. The central server 300 has the address of a specific server replaced by the address replacement module 200. In addition, the central server 300 searches for the information of the site corresponding to the address requested to be initially accessed by the client 100, and allows or disables access to the site that the user wants to access according to the search result. Done. Determination of whether to allow or not to refer to the site database 400 to be described later by searching the address of the external web server 500 that is the destination address by the user request before being replaced by the address replacement module 200 When the address of the external web server 500 is registered in the site database 400, a final determination is made by searching a field of the site database 400 for allow or disallow. The site database 400 If not registered in the) will be a search request to the search module 600 to be described later. In this case, the central server 300 provides the search results by the search module 600 to the client 100 again. In addition, when the search result is provided, the source address substituted by the search module 600, which will be described later, is replaced with the original client 100 address and transmitted.

Next, the site database 400 will be described. The site database 400 stores information about Internet sites that are allowed or disabled from among request destination addresses of the client 100 user. In addition, the site database 400 stores an address, an IP address, an allowance, a field, a web proxy or an anonimizer service, etc. of the corresponding site. The address of the corresponding site and the IP address field correspond to a field for comparing the address of the external web server 500, which is the destination server requested by the client 100 user, and the allowance is the corresponding site. It will include information about allowing or disallowing access to IP addresses or IP addresses. The address of the site generally corresponds to a domain name. The field field is a classification of contents of the external web server 500 and corresponds to a classification of which site corresponds to a pornographic site, a stock site, a chat site, or a game site. In addition, the web proxy or anonimizer service provision field (field) is a field required to hide the external web server 500 that provides a proxy-type server in order to hide the connection to the site of the external web server 500. Will correspond to Accordingly, the central server 300 determines whether to permit or disable access to the request destination address of the user of the client 100 with reference to the site database 400, and the Internet registered in the site database 400. In the case of a site, the allowance field is searched to provide a result of allowing or disallowing access of the client 100 to the central server 300. As a result, the client 100 may provide the client 100 with the result of allowing or disallowing access. In addition, the site database 400 may be stored in the central server 300 or in a separate server connected to the central server 300 as it is configured to interwork with the central server 300. In addition, the information about whether to provide the web proxy or anonimizer service can be configured in a separate database to increase the search efficiency.

Next, the search module 600 will be described. As a result of the search module 600 searching the site database 400 in the central server 300, in the case of an access request for a site not registered in the site database 400, a separate search process is performed. The search request of the central server 300 is performed. In addition, the search module 600, according to the search request of the central server 300, the address of the external web server 500 that is the destination address that the user of the client 100 transmitted to the central server 300 access request Restore to the destination address, the address recovery is configured in the same form as the source described in the address replacement module 200. Then, the source address is replaced with the IP address of the central server 300 in the source. Therefore, the web document provided by the external web server 500 is input to the central server 300.

In addition, the search module 600 updates a web document through an internet search engine to continuously update information about a site registered in the site database 400 separately from a request of the client 100. The "herf =" and "src =" strings of the strings of the web document are found. Next, the URL address is extracted from the found string position, and the extracted URL address is validated. If the URL has been validated, it will determine whether the site has been visited before, and if it contains the "http: //" character from the extracted URL address, it will contain "http: //". In this case, since it represents the URL of another place, the extracted URL address is added to the URL global variable together with the delimiter. When the URL does not include the "http: //" character, the current external web server 500 Since it represents a URL, it is transformed into "http: //" + "current address" + URL and added to the global URL variable with a separator. And now "herf =". The web document is searched again through an Internet search engine to find the string "src =". The search method relates to a method of searching an address for a site within a search engine, and performs a search for a separate text, image, etc. with respect to the searched address.

In addition, the search module 600 is a web document provided by the external web server 500 when the client 100 is not registered in the site database 400 linked with the central server 300 when the user uses the Internet. By searching the contents of the site, search site information, securities site information, game site information, chat site information about which site information is searched through search terms, image search, etc. In the case of being found to be a sound site, the central server 300 transmits a result value accessible to the central server 300, and a result value that is not accessible to a site that is inaccessible to a site according to a user's selection of the client 100 among the sites. It will be transmitted to the central server 300. In addition, a method of determining whether to allow or disallow access to the site includes a text search, an image search, a sound search, etc., but most commonly, a text search is performed. The text search is generally performed by searching for a predetermined specific search word such as "securities investment" and "securities information" corresponding to the securities site among the texts provided in the external web server, and the search term may be additionally set. It is configured to search within a web page.

The image search is performed by selecting a specific image among the images in the web page, which will be described later. In a general sense, an image search indicates that a search word for the image is searched in a preset database, but the image search provided by the search module 600 includes:

1.After formatting the image,

2. The raw image is converted into a digital image,

Conditioning eliminates unnecessary elements.

4. Through structural analysis (labling), we find out the structural elements that make up things.

5. Grouping is used to group related elements among structural components.

6. Feature extraction extracts features such as brightness, color, center of object, area, direction, circumscribed circle, and inscribed circle.

7. Finally, a matching process is performed to determine what objects are represented.

Next, the search module 600 is provided from the central server 300 with the consent of the client 100 user, and runs on the client 100 to search for an Internet website to be searched and obtains the result value. It is characterized in that the supply to the central server (300). This approach is implemented using techniques such as distributed networking. In general, personal computers are known to have a central processing unit (CPU) share of less than 5% on average. Therefore, the search module 600 provided by the central server 300 is transformed into a form driven on a distributed network to the client 100 to provide a web document through a search engine on the Internet from the client 100. Search for information on the Internet site included in the web document and provide the search results to the central server 300 or change the information on the site registered in the site database 400, the main monitoring target Internet site It is possible to continuously update the information. Therefore, the search result, information change or the like is provided from the client 100 to the central server 300, the search result, information change or the like is added to the site database 400.

<Use of the first embodiment>

Hereinafter, an embodiment using the site information control system will be described. 4 is a flowchart of a site information control system according to the first embodiment of the present invention.

First, a user may include a network interface card (S300) in which the address replacement module 200 is embedded (S300) or a personal computer equipped with the network interface card (Network Interface Card) (S300 '. ). In this case, when only the network interface card is provided, a network interface card is inserted into a computer used in the prior art (S301), and a driver suitable for the network interface card is installed. (S302). Through the above process, the personal computer can use the Internet. When the client 100 uses the personal computer to use the Internet, the client 100 generally executes a web browser (S303). Using the web browser, the user of the client 100 inputs a URL for a site to be visited (S304-1), a method of using a URL registered in a bookmark (S304-2), and any other site. In step S305-3, a user attempts to access a site through at least one method of selecting a linked URL. The above connection request is made through the Application layer (S306), Transport layer (S307), Internet layer (S308), and Network layer (S309) of TCP / IP.

After TCP / IP, the memory is allocated to copy the transmission datagram input to the network interface card through the network layer (S310). Then, a top pointer of the buffer is designated (S311). A datagram size buffer is allocated (S312) and the datagram is copied to the memory (S313). The structure and the variable for the datagram of the transmission level are initialized (S314), and the IP header of the datagram is copied (S315). And, the process of inputting the destination address of the IP header to the IP address of the central server 300 (S316), calculates and inputs a checksum for the new IP header (S317), the data in the allocated buffer It will put a gram (S318). The datagram completed through the above process is sent to the transmission queue by calling a specific function (S319). In addition, the datagram is input to the controller of the network interface card (S320), and the controller attaches a MAC (Media Access Control) header to the input data (S321) and finally transmits it through an encoding process (S322). It goes through the process (S323).

Accordingly, the datagram is transmitted to the central server 300 (S324), and the central server 300 searches for information corresponding to a destination address to which the client 100 user wants to access among the transmitted datagrams. It is made (S325). In addition, the searched destination address is searched for an IP address or URL registered in the site database 400 linked with the central server 300 (S326), to find out whether the corresponding IP address or URL exists (S327), If the corresponding IP address or URL exists (S328), a search for a field regarding whether to allow the record corresponding to the IP address is performed (S329) to allow / disable access of the user of the client 100. It is determined whether or not (S330). In the case where the access is permitted (S331), the central server 300 replaces the destination address of the external web server 500 to which the user of the client 100 is to be connected by the address replacement module 200. It exchanges the IP address of the central server 300 (S332), converts the starting address to the starting address of the client 100 (S333) and transmits it to the external web server 500 (S334). The server 500 provides site information to the transmitted starting address (S335). In addition, when the connection is not possible in the above (S336), the central server 300 sets the message for the connection can not be set to the IP address of the client 100 as a destination address (S337) and sent to the client 100 side. (S338).

In addition, when the destination address of the external web server 500 requested by the user of the client 100 transmitted to the central server 300 does not exist in the site database 400 (S339), the central server 300 may search the search module. In step S340, a search for the external web server 500 is requested. Then, according to the search request, the search module 600 sets the starting address to the central server 300 (S341), and a destination address of the external web server 500 requested by the client 100 user. By setting the address (S342) to request the web page to the external web server 500 (S343), the external web server 500 is to transmit the web page to the central server 300 (S344). ). At this time, the search module 600 searches for an image, text, etc. for the web page transmitted to the central server 300 (S345) to include information about pornography, chat, games, securities, etc. (S346) In addition to the site database 400 is stored (S347), and transmits a message that the connection to the client (100) (S348). When the search module 600 corresponds to sound information that is not information about the lewdness, chat, game, securities, etc. (S349), it is added to the site database 400 (S350). A key value for allow or disable is allocated to a field for (S351). The field field stores contents of a field of information provided from the external web server 500 such as pornography, chat, game, and stock (S352). In addition, the search module 600 is connected to the external web server 500 through an internet search engine for continuous updating of the site database 400 by the central server 300 separately from the Internet usage of the client 100 user. Received a web document for (S353) through the text search, image search and the like to search for information about pornography, chat, games, securities (S354) to add the site database 400 (S355). Accordingly, by the configuration according to the first embodiment, the destination address on the datagram transmitted to the network interface card is transmitted to the central server 300 so as to search the web site requested by the Internet user, such as obscene, securities, chat, games, etc. The advantage is that you can block access to specific sites in hardware.

Hereinafter, other embodiments according to the present invention will be described.

<Configuration of Second Embodiment>

The second embodiment is different from the central server 300 in which the determination is made as to allow or disable by referring to the site database 400 connected to the central server 300 when the client 100 uses the Internet in the first embodiment. In order to reduce the load, a specific intermediate server 310 is located between the client 100 and the central server 300 to replace the destination address with the IP address of the intermediate server 310 in the address replacement module 200. Receive the Internet connection information of the client 100 and search the site database 400 linked with the intermediate server 310 to determine whether to allow or disallow the client 100 to access the Internet. It is characterized by.

More specifically, the intermediate server 310 is located between the client 100 and the central server 300, by building a separate intermediate server 310 can reduce the load of the central server 300. By establishing a site database 400 to be described later in the intermediate server 310 to determine whether to allow or disable access to the Internet site registered in the intermediate server 310, registered in the intermediate server 310 The central server 300 can be searched only for a connection request to a non-internet site, thereby reducing the load of the central server 300.

In addition, the intermediate server 310 is the address replacement module 200 of the client 100 when the external web server 500 which is the destination address requested by the client 100 is allowed to access according to the search result. The destination address for the external web server 500 requested by the user is returned to the state before replacement, and at the same time, the starting address of the datagram transmitted from the client 100 is converted into the IP address of the client 100. Set to transmit to the external web server 500.

In addition, when the external web server 500, which is the destination address requested by the client 100, becomes inaccessible in the intermediate server 310, the source address in the datagram is replaced with a destination address, and the requested external address is changed. Using the address of the destination or the address of the intermediate server as the source address to provide a message that the connection is not possible to the client (100) side. Therefore, it is possible to control the access to the external web server 500 requested by the client 100. Further, in addition to the method of transmitting the starting address to the address of the external destination or the address of the intermediate server as the starting address, the starting address may be concealed by sending without an address or assigning an internal address. It may also be configured to block access to the requested Internet site without mentioning accessibility / availability.

<Use of Second Embodiment>

Hereinafter, a second embodiment using the site information control system will be described. 6 is a flowchart of a site information control system according to a second embodiment of the present invention. The use of the second embodiment will be described taking the case of using a mobile communication terminal as an example.

The mobile communication terminal needs a physical configuration in the form of a network interface card that can be transmitted through the Internet, such as a personal computer, and the physical configuration will be used as the term network interface card. In addition, although the transmission process is performed in the same process as the use of the first embodiment, the mobile communication terminal will be described again with the embodiment. In addition, the mobile communication terminal has a WAP method, which is a method of setting a starting address through a unique serial number or a simple IP method of the mobile communication terminal, and has a direct IP address in the mobile communication terminal, and uses a simplified TCP / IP. The explorer method is a typical example.

The WAP method must go through the process of converting the conventional HTTP to WAP, the conversion process is performed in the WAP gateway. The Internet access request transmitted from the mobile communication terminal sets a starting address to a unique serial number or a simple IP of the mobile communication terminal, and a destination address of the external web server 500 requested by the user is separately stored in the WAP. The destination address is set as the address of the WAP gateway. As described above, setting the destination address to the WAP gateway is different from the IP address method used in the Internet even when the external web server 500 receives a direct connection request from the mobile communication terminal. This is because it is not possible to provide a web page or information directly to the mobile communication terminal. Also, the WAP gateway converts a starting address into the WAP gateway according to a request for accessing the external web server 500 of the mobile communication terminal, and converts the address of the external web server 500 requested by the user into a destination address. After accessing to the external web server 500, receiving the web page provided by the external web server 500 and converts the destination address back to the unique serial number or simple IP of the mobile communication terminal to be transmitted to the mobile communication terminal. Use the way. Therefore, the mobile communication terminal can receive the Internet information through the WAP gateway.

In the case of using the MS Explorer method, wireless Internet use such as IMT2000 is difficult to describe in detail because there is no standardized protocol yet, but since it is prevalent to use simplified TCP / IP, Since the same method as using the Internet, a detailed description will be omitted.

Both the WAP method and the MS Explorer method mentioned above can be implemented, but the WAP method will be described as an example of the substitution and transmission process.

First, the user is provided with a mobile communication terminal equipped with an address replacement module 200 (S500). If the user uses the Internet using a mobile communication terminal (S501) to run a browser (browser) provided by the mobile communication terminal. Using the browser, the user of the mobile communication terminal inputs a URL for a site to be visited (S502-1), a method of using a URL registered in a bookmark (S502-2), and a link from any other site. The user attempts to access the site through at least one of the method (S502-3) of selecting the URL (S503). The above connection request uses a WAP (Wireless Application Protocol), the WAP (Wireless Application Protocol), such as TCP / IP, Application layer (S504), Transport layer (S505), Internet layer (S506), Network It goes through the layer (S507).

After the WAP, the memory is allocated to copy the transmission datagram input to the network interface card through the network layer (S508). A top pointer of a buffer is designated (S509), a buffer of the datagram size is allocated (S510), and the datagram is copied to the memory (S511). Then, the structure and the variable for the datagram of the transmission level is initialized (S512), and the IP header of the datagram is copied (S513). The IP address of the intermediate server 310 is input to the destination address of the IP header (S514), a checksum for a new IP header is calculated and input (S515), and the data is allocated to the allocated buffer. It will put a gram (S516). The datagram completed through the above process is sent to the transmission queue by calling a specific function (S517). The datagram is input to the controller of the network interface card (S518), and the datagram input to the controller is attached to a new IP header having a WAP gateway as a destination address (S519) and transmitted to the WAP gateway (S519). S520). In addition, the datagram transmitted to the WAP gateway reads the destination address of the user through the WAP gateway (S521), and the destination address is converted into the destination address of the intermediate server 310 (S522). Accordingly, the datagram is transmitted to the intermediate server 310 (S523).

The intermediate server 310 searches for information corresponding to the destination address that the user of the mobile communication terminal wants to access among the transmitted datagrams (S524). Then, the searched destination address is searched for an IP address or URL registered in the site database 400 linked with the intermediate server 310 (S525) to find whether the corresponding IP address or URL exists (S526), If the corresponding IP address or URL is present (S527), whether to allow or not access the user of the mobile communication terminal by searching a field for whether or not the record of the record corresponding to the IP address (S528). It is determined (S529). And, in the case where the access is permitted (S530), the intermediate server 310 is replaced by the address replacement module 200 to the destination address of the external web server 500 to which the client 100, the user wants to connect It is exchanged with the IP address of the intermediate server 310 (S531), and converts the starting address to the address of the WAP gateway (S532) to be transmitted to the external web server 500 (S533), the external web server 500 ) Provides the site information to the transmitted starting address (S534). In addition, when the connection is not possible in the above (S535), the message for the connection is set by using the address of the WAP gateway as a destination address (S537) and transmitted (S537).

And, for a site that is not registered in the site database 400 (S538), the intermediate server 310 receives a destination address of the received datagram in order to request a search for the external web server 500. The IP address of S300 is converted (S539), and the starting address is set to the IP address of the WAP gateway (S540) and transmitted to the central server 300 (S541).

Hereinafter, since the search request (S542) from the central server 300 to the search module 600 is performed, the search for the corresponding external web server 500 is the same process as the first embodiment, and thus a detailed description thereof will be omitted.

<Configuration of Third Embodiment>

The configuration of the third embodiment will be described in detail with reference to FIG. 7. 7 is a block diagram of a site information control system according to a third embodiment of the present invention.

First, the site information control system according to the third embodiment of the present invention is largely the network interface card 101, the client 100, the first search module 600, the address replacement module 200, the central server 300 It may be divided into a site database 400 and a second search module 600.

Since the client 100, the address replacement module 200, the central server 300, the site database 400, and the like are the same as those of the first embodiment, detailed description thereof will be omitted. In addition, since the second search module 600 plays the same role as the search module 600 in the configuration of the first embodiment, a detailed description thereof will be omitted. Therefore, components different from those of the first embodiment are classified into a network interface card 101 and a first search module 600.

First, the network interface card 101 will be described. The network interface card 101 includes a memory 102, and stores information on sites that are always accessible or not accessible at all. Therefore, in the case where the user of the client 100 wants to access the external web server 500 using the Internet, a general Internet site such as www.yahoo.co.kr is used by the client 100 in the address translation module. It can be directly connected without the action of (200). And, the address information for the representative chat site, game site, securities site, sexually explicit site is stored together on the memory 102 to access the chat site, game site, securities site, sexually explicit site without any time delay. Can be blocked. In addition, when requesting access to an internet site not registered in the memory 102 provided on the network interface card 101, the address replacement module 200 is operated, and is accessed by the address replacement module 200. The destination address of the external web server 500 to be transmitted is replaced with the IP address of the central server 300 like the site information system according to the first embodiment. In addition, when the memory 102 is connected to the central server 300, the memory 102 is configured to update information about an internet site that is always allowed or not accessible in the memory 102. You will be able to store information about the site being added.

Next, the first search module 600 will be described. The first search module 600 searches for the memory 102 embedded in the network interface card 101. In addition, the destination address of the external web server 500 selected or input by the client 100 user may be searched in a datagram via TCP / IP to be compared with a site that is always accessible or inaccessible stored in the memory 102. do. In addition, the first search module 600 is to search for the destination address requested by the client 100 in the previous step of the operation of the address replacement module 200, the Internet always allowed or disabled access stored in the memory (102) You will search the site.

In addition, in the configuration of the third embodiment, the intermediate server 310 as described in the configuration of the second embodiment may be separately configured to reduce the load of the central server 300.

<Use of the third embodiment>

Hereinafter, a third embodiment using the site information control system will be described. 8 is a flowchart of a site information control system according to a third embodiment of the present invention. The use of the third embodiment will be described taking the case of using the Internet TV as an example.

First, the user prepares an Internet TV equipped with a set-top box in which the address replacement module 200 is embedded (S700). When the user uses the Internet using the Internet TV, a browser running on the Internet TV is executed (S701). Using the web browser, the user of the client 100 inputs a URL for a site to be visited (S702-1), a method of using a URL registered in a bookmark (S702-2), and any other other site. In step S703, a user attempts to access a site through at least one method of selecting a linked URL. In the case of the set-top box used in the Internet TV as described above, a network interface card is used. Therefore, it is assumed that TCP / IP is used. Accordingly, the connection request as described above passes through the application layer (S704), the transport layer (S705), the Internet layer (S706), and the network layer (S707) of TCP / IP.

After the above TCP / IP, the destination address of the external web server 500 to be visited by the user from among the datagrams input through the network layer is searched (S708), and the memory embedded in the network interface card 101 is stored. Compared with the site stored in the 102 (S709) is always allowed (S710) is to use the Internet site without the operation of the address replacement module 200 (S711), if not always possible (S712) The connection not available message is transmitted to the client 100 (S713). If the site is not stored on the memory 102 (S714), the process proceeds in the same manner as in the first embodiment.

As described above, according to the site information control system according to an embodiment of the present invention, there is an advantage in that sound site information can be used by controlling access to a site using hardware.

In addition, there is another advantage of controlling access to a site without a separate site blocking management personnel in an organization using a plurality of computers such as an enterprise.

It is also another advantage to provide an inexpensive system that can block specific Internet websites on computers that are not connected to specific physical servers.

In addition, there is another advantage to provide a system that can block the specific site information according to the user's group or the user's request.

Claims (24)

A client that allows a user to access any external web server connected to the Internet via a wired or wireless network interface card; An address replacement module inserted into the network interface card and replacing the destination address of the external web server to which the client is to be connected with the address of the specific server so as to pass through the specific server; A central server having an address replaced by the address replacement module, which determines whether to allow / disable access to a destination address of an external web server to which the client is to access, and notifies a result value; A site database interworking with the central server and storing information on Internet sites which are allowed or disabled in the request destination addresses of the clients; A search module for performing a search for allowing or disallowing access to a destination address to be accessed by the client according to a request of the central server for a site not registered in the site database. Information control system. The method of claim 1, wherein the address replacement module, Site information control system, characterized in that the hardware configured to replace the destination address sent by the Internet user's selection to a specific destination address. The method of claim 1, wherein the address replacement module 200, A site information control system comprising hardware that performs an encapsulation process of attaching a new IP header whose address is a specific server address to an entire datagram input to a network interface card. The method of claim 2 or 3, wherein the address replacement module, Site information system, characterized in that for performing at least one or more of the pornographic site, securities site, chat site, game site access permission. According to claim 2 or 3, wherein the hardware, A site information control system comprising a module chip or a ROM for performing an encapsulation process of substituting a specific destination address or attaching a new IP header. The method of claim 5, wherein the program, And a data retrieval module configured to retrieve data contained in the datagram received through the network interface card to determine whether to receive or not to receive the data. The method of claim 1, wherein the central server, And an intermediate server located between the central server and the client, and the client can directly access a desired destination if the site corresponds to a site registered in an always-accessible site database. Site Information Control System. The method of claim 1, wherein the intermediate server, And an intermediate server located between the central server and the client, which prevents the client from accessing a desired destination if it corresponds to a site registered in an inaccessible prohibited database database. Site Information Control System. The method of claim 1, wherein the search module, Site information control system according to the client's selection, searching whether the requested destination address is allowed / disabled to the external web server and notifying the central server or the client of the result value. The method of claim 1 or 9, wherein the search module, A site information control system provided with a central server with the client user's consent, and searches for an Internet website to be run and searched on the client and supplies the result value to the central server. The method of claim 10, wherein the search module, Characterized in that it has a source address as the address of the central server, the destination address as the address of the external web server that is the user request destination address, and receives information to access the external web server to determine whether access is allowed or not. Site Information Control System. The method of claim 1, wherein the client is Site information control system comprising at least one of a personal computer, a wireless Internet terminal, a wireless mobile communication device, an Internet TV, a laptop. A wired or wireless network interface card including a memory storing information on accessible / disabled Internet sites; A client that allows a user to access any external web server connected to the Internet via a wired or wireless LAN; A first search module for performing a connection permission / non-search for an Internet site in a memory embedded in the network interface card with a destination address of an external web server to which the client wants to connect; An address replacement module inserted into the network interface card and replacing the destination address of the external web server to which the client is to be connected with the address of the specific server so as to pass through the specific server; A central server having an address replaced by the address replacement module, which determines whether to allow / disable access to a destination address of an external web server to which the client is to access, and notifies a result value; A site database interworking with the central server and storing information on Internet sites which are allowed or disabled in the request destination addresses of the clients; And a second search module for searching for a site not registered in the site database in accordance with a request of the central server to allow or disallow access to a destination address to which the client wants to access. Site information control system. The method of claim 13, wherein the address replacement module, Site information control system, characterized in that the hardware configured to replace the destination address sent by the Internet user's selection to a specific destination address. The method of claim 13, wherein the address replacement module, A site information control system comprising hardware that performs an encapsulation process of attaching a new IP header whose address is a specific server address to an entire datagram input to a network interface card. The method of claim 14 or 15, wherein the hardware, A site information control system comprising a module chip or a ROM for performing an encapsulation process of substituting a specific destination address or attaching a new IP header. The method of claim 16, wherein the program, And a data retrieval module configured to retrieve data contained in the datagram received through the network interface card to determine whether to receive or not to receive the data. The method of claim 13, wherein the central server, And an intermediate server located between the central server and the client, and the client can directly access a desired destination if the site corresponds to a site registered in an always-accessible site database. Site Information Control System. The method of claim 13, wherein the intermediate server, And an intermediate server located between the central server and the client, which prevents the client from accessing a desired destination if it corresponds to a site registered in an inaccessible prohibited database database. Site Information Control System. The method of claim 13, wherein the search module, Site information control system according to the client's selection, searching whether the requested destination address is allowed / disabled to the external web server and notifying the central server or the client of the result value. The method of claim 13 or 20, wherein the search module, A site information control system provided with a central server with the client user's consent, and searches for an Internet website to be run and searched on the client and supplies the result value to the central server. The method of claim 21, wherein the search module, Characterized in that it has a source address as the address of the central server, the destination address as the address of the external web server that is the user request destination address, and receives information to access the external web server to determine whether access is allowed or not. Site Information Control System. The method of claim 13, wherein the client is Site information control system comprising at least one of a personal computer, a wireless Internet terminal, a wireless mobile communication device, an Internet TV, a laptop. The method of claim 13, wherein the memory, Site information control system, characterized in that it contains information about the site is always accessible or unavailable according to the user's request to access the Internet.