KR20110121198A - Method for blocking internet access by selected pc service - Google Patents

Method for blocking internet access by selected pc service Download PDF

Info

Publication number
KR20110121198A
KR20110121198A KR1020100040682A KR20100040682A KR20110121198A KR 20110121198 A KR20110121198 A KR 20110121198A KR 1020100040682 A KR1020100040682 A KR 1020100040682A KR 20100040682 A KR20100040682 A KR 20100040682A KR 20110121198 A KR20110121198 A KR 20110121198A
Authority
KR
South Korea
Prior art keywords
designated
information
service
user
cpu
Prior art date
Application number
KR1020100040682A
Other languages
Korean (ko)
Inventor
이주형
Original Assignee
(주)네오위즈게임즈
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)네오위즈게임즈 filed Critical (주)네오위즈게임즈
Priority to KR1020100040682A priority Critical patent/KR20110121198A/en
Publication of KR20110121198A publication Critical patent/KR20110121198A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Abstract

The present invention relates to a method for blocking access to the Internet through a designated PC service, and more particularly, to select a PC for accessing an Internet site and to determine whether the designated PC is to access an Internet site with only that PC. And a method for blocking access to the Internet through a designated PC service using IP information.
To this end, the present invention receives a designated PC service requesting access to an Internet site provided by the server only with a designated PC of a user registered in the server through a wired / wireless network and from a designated PC of the user who requested the designated PC service. And extracting the information of the CPU to generate the designated PC information, and registering the designated PC information and the IP address of the designated PC in a designated PC database and, when a login request is made to the Internet site, the designated PC service. If the requested user extracts the HDD and CPU information of the logged-in PC and generates login PC information, compares the registered designated PC information with the login PC information, and compares the registered IP address with the IP address of the logged-in PC. Comparing and if the comparison result is not the same, the step of blocking access of the logged-in user, and The designated PC information and the login PC information are generated by at least one of a cyclic redundancy check 32 (CRC32) and a message-digest algorithm 5 (MD5) using the serial number of the HDD and the CPU ID of the CPU.
Accordingly, by using the IP address and hardware information to create a new type of information that can determine the user PC to maximize the anti-theft effect.

Description

Method for blocking internet access by designated PC service {Method for blocking internet access by selected PC service}

The present invention relates to a method for blocking access to the Internet through a designated PC service, and more particularly, to select a PC for accessing an Internet site and to determine whether the designated PC is to access an Internet site with only that PC. And a method for blocking access to the Internet through a designated PC service using IP information.

Currently, various web services are provided online for users. The web service uses a user authentication step called login to identify and authenticate a member, allow access to various web services suitable for the member's authority, use a web service, and generate content.

Various web services through user authentication are used in news portal services, email services, community services, blog services, and internet games, and individual users use various web services online.

Web service providers also have a large number of users as members, and provide various web services suitable for the rights of the members. However, in order to provide a smooth web service, the rights of the members must be smoothly provided, while the privacy and security of the members must also be maintained. In other words, if the user authentication is successful in providing the web service, there should be no inconvenience in using the authority for the member during a specific session, but security should be maintained in access to the web service requiring the user authentication.

In the related art, in order to maintain security, a session cookie is used to maintain a user's session and provide a web service. Session cookies typically contain a variety of personal information, such as user ID, e-mail, name, date of birth, gender, real name, etc. The session cookie can be used by hackers or the like to steal intermediate packets. There is a problem that is likely to be seized by an illegal user.

Recently, IP address or MAC address is used together with security. However, the method of maintaining security by using IP address and MAC address also does not provide an effective alternative because there is a risk of theft of IP address and MAC address.

SUMMARY OF THE INVENTION The present invention has been made to solve the above problems, and an object of the present invention is to provide a method and a server for preventing theft by generating a new type of information for identifying a user PC using an IP address and hardware information. have.

Internet access blocking method through a designated PC service according to the present invention for achieving the above object requires a designated PC service that can access the Internet site provided by the server only to the designated PC of the user registered in the server through a wired or wireless network Receiving step and extracting the information of the HDD and CPU from the designated PC of the user who requested the designated PC service to generate the designated PC information, and registering the designated PC information and the IP address of the designated PC in the designated PC database; If there is a login request to the Internet site, the user who requested the designated PC service extracts the HDD and CPU information of the logged-in PC and generates login PC information to display the registered designated PC information and the login PC information. Comparing and comparing the registered IP address with the IP address of the logged-in PC; and the comparison result is the same And disconnecting the logged-in user, wherein the designated PC information and the login PC information are included in the CRC32 (Cyclic Redundancy Check 32) and MD5 (Message-) using the serial number of the HDD and the CPU ID of the CPU. Digest algorithm 5) is generated by at least one method.

According to the Internet access blocking method through the designated PC service according to the present invention,

First, by using the IP address and hardware information to create a new type of information that can determine the user PC to maximize the anti-theft effect.

Second, since it is possible to set several designated PCs, it is possible to register and use all the PCs used as designated PCs, thus providing high convenience.

Third, foreign hackers can bypass bypass.

1 is a functional block diagram of a server blocking Internet access through a designated PC service,
2 is a table showing an embodiment of a method for generating designated PC information;
3 is a flowchart illustrating a method for blocking access to the Internet through a designated PC service,
4A to 4D are diagrams illustrating an embodiment of exposing a designated PC service on an Internet site.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. Prior to this, terms or words used in the present specification and claims should not be construed as being limited to the common or dictionary meanings, and the inventors should properly explain the concept of terms in order to best explain their own invention. Based on the principle that it can be defined, it should be interpreted as meaning and concept corresponding to the technical idea of the present invention.

Therefore, the embodiments described in the specification and the drawings shown in the drawings are only the most preferred embodiment of the present invention and do not represent all of the technical idea of the present invention, various modifications that can be replaced at the time of the present application It should be understood that there may be equivalents and variations.

FIG. 1 is a functional block diagram of a server for blocking internet access through a designated PC service. Referring to the drawings, a server for blocking internet access through a designated PC service will be described.

The server 100 that blocks the Internet access receives the designated PC service request receiving unit 110 that receives the designated PC service request from the user terminal that can access the Internet site only from the designated PC, and the request information received from the designated PC service request receiving unit. Designated PC information generation unit 120 and the designated PC service to generate the designated PC information by extracting the HDD, CPU information of the designated PC on the basis of the application and register the generated designated PC information and IP address in the designated PC database Designate to extract the HDD and CPU information of the logged-in PC at the time of login, generate login PC information, compare the login PC information with the registered designated PC information, and compare the registered IP address with the login IP address. Including the PC determining unit 130 and the connection blocking unit 150 to block the connection of the logged-in user terminal when the determination result of the designated PC determination unit is not the designated PC It is sex. In addition, the user authentication for the user of the designated PC changing unit 140 and the user of the user terminal blocked the access block 150 to change the registered PC or add a new designated PC to use the designated PC service It may also include a connection blocking release unit 160 to release the connection blocking through.

First, the designated PC service request receiving unit 110 of the server 100 receives a request for using the designated PC service from the user terminal. The designated PC service request receiving unit 110 registers information of the requesting user in the designated PC database 200 and informs the controller 170 of the request for application. The control unit 170 instructs the designated PC information generation unit 120 to generate the designated PC information 340 based on the received information.

The designated PC information generation unit 120 extracts a serial number (HDD) of a hard disk drive (HDD) and a CPU ID of a central processing unit (CPU) from a designated PC registered as the designated PC and checks the CRC32 (Cyclic Redundancy Check). 32) and the designated PC information is generated by the method of at least one of MD5 (Message-Digest algorithm 5) and registered in the designated PC database (200). 2 is a table illustrating an embodiment of a method of generating designated PC information, and the designated PC information generation unit 120 will be described with reference to the drawings.

As shown in FIG. 2, the designated PC information generation unit 120 merges the CPU ID corresponding to the serial number of the HDD of the designated PC and the CPU of the designated PC to create the combination data 310. The CPU ID can be obtained by using a machine instruction called CPUID or by using another program that provides the CPU ID.

The combination data 310 is converted into primary data 320 through CRC32. The cyclic redundancy check 32 (CRC32) is a checksum generation algorithm based on a cyclic redundancy check published through ISO-3309. In addition, the combination data 310 is converted into secondary data 330 through MD5. The message-digest algorithm 5 (MD5) receives an arbitrary length message, and outputs a 128-bit fixed length output value. to be. The designated PC information 340 is generated by combining the primary data 320 and the secondary data 330 converted by the CRC32 and MD5.

As shown in the table of FIG. 2, the combination data 310 of "WD-WCAPZ0245011.GenuineIntel.Unknown.6.15.6.7.7" is used by using CRC32 and primary data 320 of "8FF16043" and MD5 to "586F0788235470CA8E6AB3A827BBF369. Extract the secondary data 330. Then, the first 2 bits and the second 2 bits of the secondary data 330 were taken and then combined with the primary data 320 in order to generate the designated PC information 340 of "58698FF16043". However, since this combination is an embodiment, the designated PC information can be generated by various methods other than the combination method in FIG. That is, only CRC32 may be used, only MD5 may be used, or CRC32 and MD5 may be used in combination as in the embodiment of FIG. 2. However, which method is used, it is stored in the designated PC database 200 and used when determining whether the designated PC is determined by the designated PC 130.

On the other hand, when the user accesses the Internet site and logs in, the control unit 170 determines whether the user applied for the designated PC service, and if the user is a service user, the designated PC determination unit 130 determines whether the PC is registered with the designated PC service. Command

The designated PC determination unit 130 first determines the method of generating the designated PC information in the designated PC database 200 to generate the login PC information of the login PC in the same manner. That is, the login PC information is generated by extracting the HDD and CPU information of the logged-in PC by at least one of CRC32 and MD5. In this case, the generation method should be the same as the designated PC generation method. The generated login PC information is compared with the designated PC information. If the comparison result is the same, the login IP and the specified PC IP are compared to determine whether they are the same.

The comparison result of the designated PC determination unit 130 is transmitted to the control unit 170. If the login PC is different from the designated PC, the control unit 170 drives the access blocking unit 150 to log in from the logged-in PC to the Internet site. Block the connection.

In addition, the server may further include a connection blocking release unit 160. In the connection blocking release unit 160, the user is authenticated by a method such as an authorized certificate or a mobile phone authentication, and releases the access block for the user terminal that has been authenticated. To allow you to access Internet sites. Considering the reality that computers can be easily used anywhere, it is inefficient to allow access only to designated PCs and to block other PCs unconditionally. Therefore, the exception is to increase the efficiency by allowing access to be disconnected through authentication. .

In addition, the server 100 may further include a designated PC changing unit 140. The designated PC changing unit 140 may change a designated PC registered to use a designated PC service or add a new designated PC. do. Since there is no limit to the number of PCs that can be specified, even if there are many PCs that are designated and used, the PCs can be registered and used to provide convenience to the user.

3 is a flowchart illustrating a method for blocking access to the Internet through a designated PC service, and with reference to the drawings, a method for blocking access to the Internet through a designated PC service will be described.

When the user requests the designated PC service (S10) and generates the designated PC information and stores the specified PC information and IP address in the designated PC database (S20). The designated PC information 340 is generated by at least one of CRC32 and MD5 by using the serial number of the HDD and the CPU ID of the CPU. A specific generation method includes the designated PC information of the designated PC information generation unit 120 ( 340 is the same as the production method. When the user who applied for the designated PC service logs in, the login PC information and IP address are compared with the designated PC information and the designated PC IP address (S30). If the comparison result is not the same (S40), the access to the logged-in PC is blocked. (S50). However, if the user is verified through user authentication before the access is blocked, the access may be released (S60) to allow internet access. When the connection is complete, the game is executed (S70).

4A to 4D are diagrams showing an embodiment of exposing a designated PC service on an Internet game site. Since the designated PC service has a high anti-theft effect, not only the Internet game site but also an email service, a community service, etc., which have a high necessity of anti-theft. It is also available on the provided Internet site.

As described above, although the present invention has been described by way of limited embodiments and drawings, the present invention is not limited thereto and is intended by those skilled in the art to which the present invention pertains. Of course, various modifications and variations are possible within the scope of equivalents of the claims to be described.

100 Server 110 Designated PC Service Request Receiver
120 Designated PC Information Generator 130 Designated PC Decision
140 Designated PC change part 150 Connection cutoff part
160 Disconnect Control 170 Control Unit
200 Designated PC Database 300 Data
310 Combination Data 320 Primary Data
330 Secondary Data 340 Designated PC Information

Claims (1)

Requesting a designated PC service for accessing an Internet site provided by the server only with a designated PC of a user registered in the server through a wired / wireless network;
Extracting information on the HDD and CPU from the designated PC of the user who requested the designated PC service to generate designated PC information, and registering the designated PC information and the IP address of the designated PC in a designated PC database;
If there is a login request to the Internet site, the user who requested the designated PC service extracts the HDD and CPU information of the logged-in PC and generates login PC information to display the registered designated PC information and the login PC information. Comparing and comparing the registered IP address with the IP address of the logged-in PC; And
Blocking the access of the logged-in user if the comparison result is not the same;
The designated PC information and the login PC information,
A method for blocking access to the Internet through a designated PC service generated by at least one of a cyclic redundancy check 32 (CRC32) and a message-digest algorithm 5 (MD5) using a serial number of a HDD and a CPU ID of a CPU.
KR1020100040682A 2010-04-30 2010-04-30 Method for blocking internet access by selected pc service KR20110121198A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020100040682A KR20110121198A (en) 2010-04-30 2010-04-30 Method for blocking internet access by selected pc service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020100040682A KR20110121198A (en) 2010-04-30 2010-04-30 Method for blocking internet access by selected pc service

Publications (1)

Publication Number Publication Date
KR20110121198A true KR20110121198A (en) 2011-11-07

Family

ID=45392112

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020100040682A KR20110121198A (en) 2010-04-30 2010-04-30 Method for blocking internet access by selected pc service

Country Status (1)

Country Link
KR (1) KR20110121198A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101333006B1 (en) * 2012-07-12 2013-11-26 주식회사 잉카인터넷 System and method of confirming a login

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101333006B1 (en) * 2012-07-12 2013-11-26 주식회사 잉카인터넷 System and method of confirming a login

Similar Documents

Publication Publication Date Title
US7836121B2 (en) Dynamic executable
US9009463B2 (en) Secure delivery of trust credentials
CN104519042B (en) Detect and prevent the man-in-the-middle attack on encryption connection
US9485246B2 (en) Distributed authentication with data cloud
US8850219B2 (en) Secure communications
KR101005910B1 (en) Method and apparatus for providing trusted single sign-on access to applications and internet-based services
US8220032B2 (en) Methods, devices, and computer program products for discovering authentication servers and establishing trust relationships therewith
US8893244B2 (en) Application-based credential management for multifactor authentication
US10187373B1 (en) Hierarchical, deterministic, one-time login tokens
US8869258B2 (en) Facilitating token request troubleshooting
US20100100950A1 (en) Context-based adaptive authentication for data and services access in a network
JP2017517823A (en) Techniques for operating services with machine-generated authentication tokens
CN109450633B (en) Information encryption transmission method and device, electronic equipment and storage medium
KR20120085760A (en) Modular device authentication framework
US20230370265A1 (en) Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control
JP2019220238A (en) Computer readable storage media for legacy integration and method and system for utilizing the same
US9954853B2 (en) Network security
Klevjer et al. Extended HTTP digest access authentication
US8875244B1 (en) Method and apparatus for authenticating a user using dynamic client-side storage values
US9621546B2 (en) Method of generating one-time password and apparatus for performing the same
TW201430608A (en) Single-sign-on system and method
US11252143B2 (en) Authentication system, authentication server and authentication method
JP2014215853A (en) Authentication system and authentication method
Huang et al. A method for trusted usage control over digital contents based on cloud computing
JP5161053B2 (en) User authentication method, user authentication system, service providing apparatus, and authentication control apparatus

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination