KR20120102913A - Apparatus and method of detecting the accessing area using a routing point - Google Patents

Apparatus and method of detecting the accessing area using a routing point Download PDF

Info

Publication number
KR20120102913A
KR20120102913A KR1020110020804A KR20110020804A KR20120102913A KR 20120102913 A KR20120102913 A KR 20120102913A KR 1020110020804 A KR1020110020804 A KR 1020110020804A KR 20110020804 A KR20110020804 A KR 20110020804A KR 20120102913 A KR20120102913 A KR 20120102913A
Authority
KR
South Korea
Prior art keywords
routing
game
user terminal
router
server
Prior art date
Application number
KR1020110020804A
Other languages
Korean (ko)
Inventor
김진우
Original Assignee
김진우
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 김진우 filed Critical 김진우
Priority to KR1020110020804A priority Critical patent/KR20120102913A/en
Publication of KR20120102913A publication Critical patent/KR20120102913A/en

Links

Images

Classifications

    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/30Interconnection arrangements between game servers and game devices; Interconnection arrangements between game devices; Interconnection arrangements between game servers
    • A63F13/35Details of game servers
    • A63F13/352Details of game servers involving special game server arrangements, e.g. regional servers connected to a national server or a plurality of servers managing partitions of the game world
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/26Route discovery packet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

PURPOSE: Connection area detection using a routing point and a method thereof are provided to prevent an access of a user who lives in foreign nations for an improper purpose, thereby protecting users who normally enjoy a game service in a domestic country. CONSTITUTION: A packet receiving unit finds an IP of a router which responds at the first on a connection path connected through an Ethernet drive for a game from a user terminal(s12). A routing point extracting unit extracts the number of routing points until the router(s13). The packet receiving unit extracts the number of routing points until the router on a path of a packet transmitted through a virtual security network drive from a user terminal(s15). A connection area determining unit compares the number of routing points, and determines a connection area of the user terminal(s16). [Reference numerals] (AA) Start; (BB) End; (S11) Receiving a packet of a connection path; (S12) Finding IP of a router which firstly responds to the connection path; (S13) Extracting A which is the number of routing pointer until the router; (S14) Receiving the packet of a virtual security drive; (S15) Extracting B which is the number of the routing pointer until the router; (S16) A<<B; (S17) Foreign connection; (S18) Domestic connection; (S19) Authentication processing

Description

{Apparatus and method of detecting the accessing area using a routing point}

The present invention relates to a method for detecting a connection area using a search server and a routing point for identifying and limiting a game user's access area using a routing point. This is to effectively block even if the server tries to access the server indirectly.

Due to the development of communication technology and the development of related technologies such as graphics and sound, various types of computer games are being produced. Computer games have been developed in the form of online games that allow a single user to play alone on a personal computer (PC), and participate in and play with other users at the same time using the Internet. Doing.

On the other hand, as the number of users using online games increases, various problems appear. As an example, users of online games want to increase their game level or have better game items, which can be obtained by investing a lot of time and effort, as well as by paying for them. There are many things to buy.

 In other words, game items and the like have a value equal to cash for users who want them. As a result, a situation arises in that a game service is used to sell a game item obtained by playing a game, not for one's own enjoyment, to other users for cash. In order to collect the game items and make money, these users have to play a game with many game characters.

The illegal method used by them is that in order to own a large number of game accounts, a large number of social security numbers are required. You can also create a computer program to play the game. In addition, runaway youths can be hired to provide meals or to continue playing at low wages to collect game items. When they are legally sanctioned due to employment and other problems in Korea, they set up offices that specialize in these tasks in other countries where labor costs are low and domestic laws can be avoided.

When such illegal users participate in the game, normal users who use the game service in the domestic country suffer various damages, such as losing the chance to obtain good items in the game, which reduces the interest in the game and uses the game. This can be a major factor in avoiding. Therefore, attempts have been made to effectively block the use of such illegal or inappropriate game services.

The conventional method of blocking access to a domestic game server in another country is to collect an IP address set in a network interface card (NIC) of a user terminal using an IP address collector installed and operated in the user terminal. When a user terminal collects and transmits an IP address used for Internet communication on a path connected to a game server, there is a method of determining whether the game server is an IP of another country. However, if you look at the above method, the IP address set in the network interface card (NIC) of the user's computer can be changed at any time by the user. Since the IP is generated and used, since it is difficult to know the exact IP of the user terminal, it is impossible to determine the access area by this method.

Another conventional method is to use the 'trace route' function supported by most operating systems (OSs), and to provide a path to various network devices existing on the path from the user terminal to the game server as the final destination. You can find out the response speed, etc. In this process, you can find the IP address of the network equipment located in another country. However, even when the 'trace route' function is used, it is difficult to determine the exact routing point when passing through the virtual private network (VPN) server on the route of the network to be connected. .

Therefore, illegal users in other countries are currently using a bypass method to access the game server through a domestic virtual private network (VPN) server or proxy server, and in this case, attempts to connect to the game server even though the user is connected from another country. Since the IP address is the domestic IP address assigned by the virtual private network server or the proxy server, the game server cannot determine the exact access area and thus cannot block the access attempt. That is, there is a problem in that it is not possible to screen out illegal users who attempt to access by chance through a domestic virtual private network server or a proxy server, so that illegal users cannot be blocked.

Accordingly, the present invention has been made to solve the above problems, it is possible to find out that the access from the computer device located in the other country even if the other country indirect access through the virtual private network server or proxy server in the other country, It is an object of the present invention to provide an apparatus and method for restricting the access area of a game user by using a routing point that can effectively block access from other countries.

In order to achieve the above object, the access point detection method using a routing point, the packet receiving unit of the game server receives the IP of the router that responds first on the connection path connected through the Ethernet drive used for the game from the user terminal In the first step of determining, the routing point extracting unit of the game server extracts the number of routing points to the first step router, the packet receiving unit of the game server path of the packet transmitted from the user terminal through the virtual security network drive In the third step of extracting the number of routing points to the router of the first step in the step, the access area determination unit of the game server by comparing the number of routing points extracted in the second step and the number of routing points extracted in the third step And a fourth step of determining an access area of the user terminal.

According to the present invention, even if a user located in another country bypasses a domestic virtual private network server or a proxy server and accesses a game server, it is possible to accurately determine that the connection attempt is made in another country. As a result, it is possible not to enjoy the game itself, but to block the access of other users, which are made for inappropriate purposes, such as to secure game items and sell them to others. There is an effect that can be maintained.

1 is a diagram of a state connecting to a game server in the country
2 is a diagram of a detour connection to a domestic game server through a virtual private network server or a proxy server in another country
3 is a diagram illustrating another embodiment of a state of bypassing a domestic game server through a virtual private network server or a proxy server in another country;
4 is a block diagram of an authentication module of a game server according to the present invention.
5 is a flowchart illustrating a method for detecting a connection area using a routing point according to the present invention.
6 is a flowchart illustrating another embodiment of a method for detecting a connection area using a routing point according to the present invention.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

With reference to FIG. 1, a connection structure between a user terminal and a game server, and a difference in the number of routing points according to the connection structure, will be described.

The user terminal 100 is generally composed of a personal computer (PC), and game software is installed to enable the game service provided by the game server 400 to be used. The game software is configured using a computer program installed and operated in the user terminal 100, and may be recorded and stored separately in a storage medium such as a CD-ROM, but is downloaded and installed through the game server 400 and always It is usually configured to keep it up to date.

In addition, the user terminal 100 is generally configured to use the Internet service through the server of the Internet provider that provides the Internet service in the country.

The user terminal 100 may directly access the game server 400 through the Internet network as shown in FIG. 1, but as shown in FIG. 2, through a virtual private network (VPN) server or a proxy server (200,300). The game server 400 may be accessed by-pass.

The game server 400 guides users connected to the Internet through various game service-related information and allows them to open a game account by receiving a membership or operate a web shop where game items can be purchased. Web module for performing the authentication, the authentication module for the user's authentication and notifies the game server that the authenticated user to allow the game server to proceed with the game service between the user terminal, the user terminal authenticated by the authentication module A game module for playing various online games, a charging module for charging game usage fees, a database storing various information necessary for the operation of the game server 400, and a database server for controlling and managing the database. And the like.

First, when a user executes game software installed in the computer device 100, the packet transmitter 110 transmits a packet to the game server 400 through an Ethernet drive 120 used for a game. In this case, using the 'ping or trace route' function supported by most operating systems (OS: Operating System), various network equipment existing on the path from the user terminal 100 to the game server 400 as the final destination It can detect route, response speed, IP, etc. The router which detects the router which responds first on the connection path among the network equipment existing on the path between the user terminal 100 of the normal domestic user and the game server 400 and detects the IP of the router.

In addition, the packet transmitter 110 transmits the packet to the IP of the router that responds first on the connection path through the network drive 130 virtually installed for security.

In the case of a normal domestic game user as shown in FIG. 1, a packet transmitted through an Ethernet drive 120 used for a game does not need to bypass a virtual private network (VPN) server or a proxy server. The number of routing points A from 100 to the first responding router on the connection path is equal to or close to the number B of routing points to the router through the virtual security network drive 130 or within a certain error range. Furthermore, even if a domestic user uses a VPN server or a proxy server, the number of routing points A and the number of routing points B do not show a big difference.

2 is a diagram of a state of bypassing a domestic game server through a virtual private network server or a proxy server in another country according to the present invention.

Referring to FIG. 2, when accessing the game server 400 indirectly through a virtual private network (VPN) server or proxy server (200,300) in another country, it is used for a game from the user terminal (100). When the connection path to the game server 400 is tracked through the Ethernet drive 120, the terminal 100 passes through the tunneling from the user terminal 100 to the final virtual private network (VPN) server or the proxy server 300. The router, which is a network device existing on the path between the final virtual private network (VPN) server or the proxy server 300 to the game server 400, responds to the transmitted packet. At this time, the IP of the router that responds first on the access path is identified and the number of routing points A is counted up to the router.

A method of detecting a router that responds first on the connection path will now be described. If the response is received from the router by executing the command ping with the game server as the destination TTL = 1, the first router is the first router to respond. If no response is received, the TTL is increased to repeat the response. In other words, if there is no response at TTL = 1, if a response is received from the router by executing a command ping with TTL = 2, the second router becomes the first router to respond. One way to determine the IP of the router is to use the trace route command.

In addition, the packet transmitted through the virtual security network drive 130 of the user terminal 100 is not connected to the virtual private network (VPN) server or proxy server (Proxy) server (200,300) on the connection path of the Ethernet drive 120 Is connected to the router that responds first, and counts the routing point number B up to the router.

When the number of routing points A on the connection path through the Ethernet drive 120 and the number of routing points B on the connection path through the virtual secure network drive 130 are compared, the foreign private network (VPN) Since the server or proxy eventually connects to a domestic VPN server or proxy, the routing point number A and the routing point number B show a big difference. In this way, the number of routing points A and the number of routing points B are compared, and when the difference exceeds the reference value, it is determined as a connection from a user of another country.

3 is another embodiment of a method for determining a connection area according to the present invention.

Referring to FIG. 3, when accessing the game server 400 indirectly through a virtual private network (VPN) server or proxy server (200,300) in another country, it is used for the game from the user terminal (100) It tracks the IP of the last VPN server on the connection path to the game server 400 via the Ethernet drive 120 and counts the number of routing points A to the VPN server.

In addition, the packet transmitted through the virtual security network drive 130 of the user terminal 100 accesses the VPN server and counts the number of routing points B to the VPN server.

When the number of routing points A on the connection path through the Ethernet drive 120 and the number of routing points B on the connection path through the virtual secure network drive 130 are compared, the virtual private network (VPN) of the own country is used. The number of routing points B is constant while the number of routing points A to the VPN server is zero while the number of routing points B is constant while connecting to a virtual private network (VPN) server or proxy in Korea. Or, since it is almost zero, the routing point number A and the routing point number B show a big difference. In this way, the number of routing points A and the number of routing points B are compared, and when the number of routing points B is greater than zero, it is determined as a connection from another country user. It is determined by the connection of the domestic user.

Referring to FIG. 4, an embodiment of an authentication module of a game server for restricting access area according to the present invention will be described. The authentication module 410 is provided on the game server 400 side to block inappropriate access attempts.

The packet receiver 411 receives a packet transmitted from the Ethernet drive 120 and the virtual secure network drive 130 used for the game.

The routing point extracting unit 412 extracts the number of routing points on the connection path of the packet from the received packet.

The access area determiner 413 determines the access area of the corresponding user terminal 100 by comparing the number of routing points on various paths extracted by the routing point extractor 412. That is, when the number of routing points A and the number of routing points B are compared and the difference exceeds the reference value, it is determined as a connection from another country user.

Then, the authentication processing unit 414 informs the game server 400 that the connection of the user terminal 100 is blocked or the game service is permitted in accordance with the determination by the access area determining unit 413. When the use of the game service is permitted, the game server 400 advances the game service procedure with the user terminal 100.

5 is a flowchart illustrating a method for detecting a connection area using the number of routing points according to the present invention.

The packet receiver 411 of the game server 400 receives a packet transmitted from the user terminal 100 through the Ethernet drive 120 used for a game (S11).

The routing point extracting unit 412 of the game server 400 grasps the IP of the first responding router on the connection path of the packet (S12), and extracts the number of routing points A to the router (S13).

In addition, the packet receiver 411 of the game server 400 receives a packet transmitted from the user terminal 100 through the virtual security network drive 130 (S14).

The routing point extracting unit 412 of the game server 400 routes to the first responding router on the packet access path through the Ethernet drive 120 on the packet path through the virtual secure network drive 130. The number B of points is extracted (S15).

The access area determiner 413 of the game server 400 determines the access area of the corresponding user terminal 100 by comparing the number of routing points on various paths extracted by the routing point extractor 412 (S16). That is, when the number of routing points A and the number of routing points B are compared and the difference exceeds the reference value, it is determined that the connection is from another country's user (S17). (S18).

The authentication processing unit 414 of the game server 400 notifies the game server 400 that the connection of the user terminal 100 is blocked or the game service is allowed according to the determination of the access area determining unit 413. (S19).

6 is a flowchart illustrating another embodiment of a method for detecting a connection area using the number of routing points according to the present invention.

The packet receiver 411 of the game server 400 receives a packet transmitted from the user terminal 100 through the Ethernet drive 120 used for the game (S21).

The game server 400 tracks the IP of the last VPN server on the connection path from the user terminal 100 to the game server 400 through the Ethernet drive 120 used for the game (S22). Count the routing point number A to the server. (S23).

In addition, the packet receiving unit 411 of the game server 400 receives the packet transmitted to the workplace detection server 500 installed in the country through the virtual security network drive 130 (S24).

The routing point extraction unit 412 of the game server 400 is the last VPN on the connection path from the packet through the virtual secure network drive 130 to the game server 400 via the Ethernet drive 120. The number of routing points B to the server is extracted (S25).

The access area determiner 413 of the game server 400 determines the access area of the corresponding user terminal 100 by comparing the number of routing points on other paths extracted by the routing point extractor 412 (S26). That is, when the number of routing points A and the number of routing points B are compared and the difference exceeds the reference value, it is determined that the connection is from another country's user (S27). (S28).

The authentication processing unit 414 of the game server 400 notifies the game server 400 that the connection of the user terminal 100 is blocked or the game service is permitted according to the determination of the access area determining unit 413. (S29).

It is to be understood that the present invention is not limited to the above-described embodiment, and various changes and modifications may be made by those skilled in the art without departing from the technical spirit of the present invention. to be.

100: user terminal 200: virtual private network server / proxy server of another country
300: domestic virtual private network server / proxy server 400: game server
410: packet receiving unit 420: routing point extraction unit
430: access area determination unit 440: authentication processing unit
500: the country's workplace detection server

Claims (5)

A packet receiving unit of the game server, the first step of identifying an IP of a router that responds first on an access path connected through an Ethernet drive used for a game from a user terminal;
A second step of extracting the number of routing points to the first step router from the routing point extracting unit of the game server;
A third step of extracting the number of routing points from the user terminal to the router of the first step on the path of the packet transmitted from the user terminal through the virtual security network drive;
A fourth step of determining an access area of the user terminal by comparing the number of routing points extracted in the second step with the number of routing points extracted in the third step;
Access point detection method using a routing point comprising a. The game server is a first step of identifying the IP of the last VPN server on the connection path connected through the Ethernet drive used for the game from the user terminal;
A second step of extracting the number of routing points from the user terminal to the VPN server of the first step on the path of the packet transmitted from the user terminal through the virtual security network drive;
A third step of determining an access area of the corresponding user terminal by determining the number of routing points extracted in the second step;
Access point detection method using a routing point comprising a. The method of claim 1,
The method for determining the access area compares the number of routing points extracted in the second step with the number of routing points extracted in the third step, and if the difference exceeds the reference value, determines that the connection is from a user of another country. If the difference is less than the reference value, the access point detection method using a routing point characterized in that it is determined that the connection of the domestic user. The method of claim 2,
In the method of determining the access area, when the number of routing points extracted in the second step is much larger than zero, the access area is determined by a connection from another country user. Connection area detection method using a routing point. The method of claim 1, wherein the first router that responds to the access path detects the TL by sequentially pinging the TTL.
KR1020110020804A 2011-03-09 2011-03-09 Apparatus and method of detecting the accessing area using a routing point KR20120102913A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110020804A KR20120102913A (en) 2011-03-09 2011-03-09 Apparatus and method of detecting the accessing area using a routing point

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110020804A KR20120102913A (en) 2011-03-09 2011-03-09 Apparatus and method of detecting the accessing area using a routing point

Publications (1)

Publication Number Publication Date
KR20120102913A true KR20120102913A (en) 2012-09-19

Family

ID=47111121

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110020804A KR20120102913A (en) 2011-03-09 2011-03-09 Apparatus and method of detecting the accessing area using a routing point

Country Status (1)

Country Link
KR (1) KR20120102913A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10250560B2 (en) 2013-09-27 2019-04-02 Soosan Int Co., Ltd. Network security method and device using IP address
CN110812844A (en) * 2019-11-06 2020-02-21 网易(杭州)网络有限公司 Path finding method in game, terminal and readable storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10250560B2 (en) 2013-09-27 2019-04-02 Soosan Int Co., Ltd. Network security method and device using IP address
CN110812844A (en) * 2019-11-06 2020-02-21 网易(杭州)网络有限公司 Path finding method in game, terminal and readable storage medium
CN110812844B (en) * 2019-11-06 2023-04-07 网易(杭州)网络有限公司 Path finding method in game, terminal and readable storage medium

Similar Documents

Publication Publication Date Title
US8370389B1 (en) Techniques for authenticating users of massive multiplayer online role playing games using adaptive authentication
CN103490884B (en) Be used for the method for the checking of digital certificate
EP3244335B1 (en) Blacklist generation device, blacklist generation system, blacklist generation method, and blacklist generation program
US10880677B2 (en) Method and system for implementing zone-restricted behavior of a computing device
CN107819731B (en) Network security protection system and related method
WO2013048125A2 (en) Device and method for detecting bypass access and account theft
JP6717206B2 (en) Anti-malware device, anti-malware system, anti-malware method, and anti-malware program
CN107046516B (en) Wind control method and device for identifying mobile terminal identity
CN108667783B (en) A kind of Accurate Interception methods, devices and systems for IP address
KR20120102913A (en) Apparatus and method of detecting the accessing area using a routing point
CN109474623A (en) Network safety prevention and its parameter determination method, device and equipment, medium
CN108134774B (en) Privacy protection method and device based on content privacy and user security grading
KR101293954B1 (en) Apparatus and method for detecting roundabout access
KR20090000824A (en) Client apparatus, authentication apparatus and method for connection area restriction
KR101062327B1 (en) Apparatus and method of detecting the accessing area using a routing point
KR101160219B1 (en) Tracking system and method of connecting route for the network security
CN108566380B (en) Proxy internet surfing behavior identification and detection method
KR101674566B1 (en) Method and system for protecting user account in online service
Nezarat A game theoretic method for VM-to-hypervisor attacks detection in cloud environment
CN110138760B (en) Method and device for setting security service
Kaur et al. Classifier for DDoS attack detection in software defined networks
CN109743303B (en) Application protection method, device, system and storage medium
JPWO2020195229A1 (en) Analytical systems, methods and programs
CN106375330B (en) Data detection method and device
KR102413344B1 (en) Method and device to manage access of terminal

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application