KR20120102913A - Apparatus and method of detecting the accessing area using a routing point - Google Patents
Apparatus and method of detecting the accessing area using a routing point Download PDFInfo
- Publication number
- KR20120102913A KR20120102913A KR1020110020804A KR20110020804A KR20120102913A KR 20120102913 A KR20120102913 A KR 20120102913A KR 1020110020804 A KR1020110020804 A KR 1020110020804A KR 20110020804 A KR20110020804 A KR 20110020804A KR 20120102913 A KR20120102913 A KR 20120102913A
- Authority
- KR
- South Korea
- Prior art keywords
- routing
- game
- user terminal
- router
- server
- Prior art date
Links
Images
Classifications
-
- A—HUMAN NECESSITIES
- A63—SPORTS; GAMES; AMUSEMENTS
- A63F—CARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
- A63F13/00—Video games, i.e. games using an electronically generated display having two or more dimensions
- A63F13/30—Interconnection arrangements between game servers and game devices; Interconnection arrangements between game devices; Interconnection arrangements between game servers
- A63F13/35—Details of game servers
- A63F13/352—Details of game servers involving special game server arrangements, e.g. regional servers connected to a national server or a plurality of servers managing partitions of the game world
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/26—Route discovery packet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0492—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
The present invention relates to a method for detecting a connection area using a search server and a routing point for identifying and limiting a game user's access area using a routing point. This is to effectively block even if the server tries to access the server indirectly.
Due to the development of communication technology and the development of related technologies such as graphics and sound, various types of computer games are being produced. Computer games have been developed in the form of online games that allow a single user to play alone on a personal computer (PC), and participate in and play with other users at the same time using the Internet. Doing.
On the other hand, as the number of users using online games increases, various problems appear. As an example, users of online games want to increase their game level or have better game items, which can be obtained by investing a lot of time and effort, as well as by paying for them. There are many things to buy.
In other words, game items and the like have a value equal to cash for users who want them. As a result, a situation arises in that a game service is used to sell a game item obtained by playing a game, not for one's own enjoyment, to other users for cash. In order to collect the game items and make money, these users have to play a game with many game characters.
The illegal method used by them is that in order to own a large number of game accounts, a large number of social security numbers are required. You can also create a computer program to play the game. In addition, runaway youths can be hired to provide meals or to continue playing at low wages to collect game items. When they are legally sanctioned due to employment and other problems in Korea, they set up offices that specialize in these tasks in other countries where labor costs are low and domestic laws can be avoided.
When such illegal users participate in the game, normal users who use the game service in the domestic country suffer various damages, such as losing the chance to obtain good items in the game, which reduces the interest in the game and uses the game. This can be a major factor in avoiding. Therefore, attempts have been made to effectively block the use of such illegal or inappropriate game services.
The conventional method of blocking access to a domestic game server in another country is to collect an IP address set in a network interface card (NIC) of a user terminal using an IP address collector installed and operated in the user terminal. When a user terminal collects and transmits an IP address used for Internet communication on a path connected to a game server, there is a method of determining whether the game server is an IP of another country. However, if you look at the above method, the IP address set in the network interface card (NIC) of the user's computer can be changed at any time by the user. Since the IP is generated and used, since it is difficult to know the exact IP of the user terminal, it is impossible to determine the access area by this method.
Another conventional method is to use the 'trace route' function supported by most operating systems (OSs), and to provide a path to various network devices existing on the path from the user terminal to the game server as the final destination. You can find out the response speed, etc. In this process, you can find the IP address of the network equipment located in another country. However, even when the 'trace route' function is used, it is difficult to determine the exact routing point when passing through the virtual private network (VPN) server on the route of the network to be connected. .
Therefore, illegal users in other countries are currently using a bypass method to access the game server through a domestic virtual private network (VPN) server or proxy server, and in this case, attempts to connect to the game server even though the user is connected from another country. Since the IP address is the domestic IP address assigned by the virtual private network server or the proxy server, the game server cannot determine the exact access area and thus cannot block the access attempt. That is, there is a problem in that it is not possible to screen out illegal users who attempt to access by chance through a domestic virtual private network server or a proxy server, so that illegal users cannot be blocked.
Accordingly, the present invention has been made to solve the above problems, it is possible to find out that the access from the computer device located in the other country even if the other country indirect access through the virtual private network server or proxy server in the other country, It is an object of the present invention to provide an apparatus and method for restricting the access area of a game user by using a routing point that can effectively block access from other countries.
In order to achieve the above object, the access point detection method using a routing point, the packet receiving unit of the game server receives the IP of the router that responds first on the connection path connected through the Ethernet drive used for the game from the user terminal In the first step of determining, the routing point extracting unit of the game server extracts the number of routing points to the first step router, the packet receiving unit of the game server path of the packet transmitted from the user terminal through the virtual security network drive In the third step of extracting the number of routing points to the router of the first step in the step, the access area determination unit of the game server by comparing the number of routing points extracted in the second step and the number of routing points extracted in the third step And a fourth step of determining an access area of the user terminal.
According to the present invention, even if a user located in another country bypasses a domestic virtual private network server or a proxy server and accesses a game server, it is possible to accurately determine that the connection attempt is made in another country. As a result, it is possible not to enjoy the game itself, but to block the access of other users, which are made for inappropriate purposes, such as to secure game items and sell them to others. There is an effect that can be maintained.
1 is a diagram of a state connecting to a game server in the country
2 is a diagram of a detour connection to a domestic game server through a virtual private network server or a proxy server in another country
3 is a diagram illustrating another embodiment of a state of bypassing a domestic game server through a virtual private network server or a proxy server in another country;
4 is a block diagram of an authentication module of a game server according to the present invention.
5 is a flowchart illustrating a method for detecting a connection area using a routing point according to the present invention.
6 is a flowchart illustrating another embodiment of a method for detecting a connection area using a routing point according to the present invention.
Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.
With reference to FIG. 1, a connection structure between a user terminal and a game server, and a difference in the number of routing points according to the connection structure, will be described.
The
In addition, the
The
The
First, when a user executes game software installed in the
In addition, the
In the case of a normal domestic game user as shown in FIG. 1, a packet transmitted through an Ethernet
2 is a diagram of a state of bypassing a domestic game server through a virtual private network server or a proxy server in another country according to the present invention.
Referring to FIG. 2, when accessing the
A method of detecting a router that responds first on the connection path will now be described. If the response is received from the router by executing the command ping with the game server as the destination TTL = 1, the first router is the first router to respond. If no response is received, the TTL is increased to repeat the response. In other words, if there is no response at TTL = 1, if a response is received from the router by executing a command ping with TTL = 2, the second router becomes the first router to respond. One way to determine the IP of the router is to use the trace route command.
In addition, the packet transmitted through the virtual security network drive 130 of the
When the number of routing points A on the connection path through the Ethernet drive 120 and the number of routing points B on the connection path through the virtual secure network drive 130 are compared, the foreign private network (VPN) Since the server or proxy eventually connects to a domestic VPN server or proxy, the routing point number A and the routing point number B show a big difference. In this way, the number of routing points A and the number of routing points B are compared, and when the difference exceeds the reference value, it is determined as a connection from a user of another country.
3 is another embodiment of a method for determining a connection area according to the present invention.
Referring to FIG. 3, when accessing the
In addition, the packet transmitted through the virtual security network drive 130 of the
When the number of routing points A on the connection path through the Ethernet drive 120 and the number of routing points B on the connection path through the virtual secure network drive 130 are compared, the virtual private network (VPN) of the own country is used. The number of routing points B is constant while the number of routing points A to the VPN server is zero while the number of routing points B is constant while connecting to a virtual private network (VPN) server or proxy in Korea. Or, since it is almost zero, the routing point number A and the routing point number B show a big difference. In this way, the number of routing points A and the number of routing points B are compared, and when the number of routing points B is greater than zero, it is determined as a connection from another country user. It is determined by the connection of the domestic user.
Referring to FIG. 4, an embodiment of an authentication module of a game server for restricting access area according to the present invention will be described. The
The packet receiver 411 receives a packet transmitted from the Ethernet drive 120 and the virtual secure network drive 130 used for the game.
The routing point extracting unit 412 extracts the number of routing points on the connection path of the packet from the received packet.
The access area determiner 413 determines the access area of the
Then, the authentication processing unit 414 informs the
5 is a flowchart illustrating a method for detecting a connection area using the number of routing points according to the present invention.
The packet receiver 411 of the
The routing point extracting unit 412 of the
In addition, the packet receiver 411 of the
The routing point extracting unit 412 of the
The access area determiner 413 of the
The authentication processing unit 414 of the
6 is a flowchart illustrating another embodiment of a method for detecting a connection area using the number of routing points according to the present invention.
The packet receiver 411 of the
The
In addition, the packet receiving unit 411 of the
The routing point extraction unit 412 of the
The access area determiner 413 of the
The authentication processing unit 414 of the
It is to be understood that the present invention is not limited to the above-described embodiment, and various changes and modifications may be made by those skilled in the art without departing from the technical spirit of the present invention. to be.
100: user terminal 200: virtual private network server / proxy server of another country
300: domestic virtual private network server / proxy server 400: game server
410: packet receiving unit 420: routing point extraction unit
430: access area determination unit 440: authentication processing unit
500: the country's workplace detection server
Claims (5)
A second step of extracting the number of routing points to the first step router from the routing point extracting unit of the game server;
A third step of extracting the number of routing points from the user terminal to the router of the first step on the path of the packet transmitted from the user terminal through the virtual security network drive;
A fourth step of determining an access area of the user terminal by comparing the number of routing points extracted in the second step with the number of routing points extracted in the third step;
Access point detection method using a routing point comprising a.
A second step of extracting the number of routing points from the user terminal to the VPN server of the first step on the path of the packet transmitted from the user terminal through the virtual security network drive;
A third step of determining an access area of the corresponding user terminal by determining the number of routing points extracted in the second step;
Access point detection method using a routing point comprising a.
The method for determining the access area compares the number of routing points extracted in the second step with the number of routing points extracted in the third step, and if the difference exceeds the reference value, determines that the connection is from a user of another country. If the difference is less than the reference value, the access point detection method using a routing point characterized in that it is determined that the connection of the domestic user.
In the method of determining the access area, when the number of routing points extracted in the second step is much larger than zero, the access area is determined by a connection from another country user. Connection area detection method using a routing point.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020110020804A KR20120102913A (en) | 2011-03-09 | 2011-03-09 | Apparatus and method of detecting the accessing area using a routing point |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020110020804A KR20120102913A (en) | 2011-03-09 | 2011-03-09 | Apparatus and method of detecting the accessing area using a routing point |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20120102913A true KR20120102913A (en) | 2012-09-19 |
Family
ID=47111121
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020110020804A KR20120102913A (en) | 2011-03-09 | 2011-03-09 | Apparatus and method of detecting the accessing area using a routing point |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20120102913A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10250560B2 (en) | 2013-09-27 | 2019-04-02 | Soosan Int Co., Ltd. | Network security method and device using IP address |
CN110812844A (en) * | 2019-11-06 | 2020-02-21 | 网易(杭州)网络有限公司 | Path finding method in game, terminal and readable storage medium |
-
2011
- 2011-03-09 KR KR1020110020804A patent/KR20120102913A/en not_active Application Discontinuation
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10250560B2 (en) | 2013-09-27 | 2019-04-02 | Soosan Int Co., Ltd. | Network security method and device using IP address |
CN110812844A (en) * | 2019-11-06 | 2020-02-21 | 网易(杭州)网络有限公司 | Path finding method in game, terminal and readable storage medium |
CN110812844B (en) * | 2019-11-06 | 2023-04-07 | 网易(杭州)网络有限公司 | Path finding method in game, terminal and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8370389B1 (en) | Techniques for authenticating users of massive multiplayer online role playing games using adaptive authentication | |
CN103490884B (en) | Be used for the method for the checking of digital certificate | |
EP3244335B1 (en) | Blacklist generation device, blacklist generation system, blacklist generation method, and blacklist generation program | |
US10880677B2 (en) | Method and system for implementing zone-restricted behavior of a computing device | |
CN107819731B (en) | Network security protection system and related method | |
WO2013048125A2 (en) | Device and method for detecting bypass access and account theft | |
JP6717206B2 (en) | Anti-malware device, anti-malware system, anti-malware method, and anti-malware program | |
CN107046516B (en) | Wind control method and device for identifying mobile terminal identity | |
CN108667783B (en) | A kind of Accurate Interception methods, devices and systems for IP address | |
KR20120102913A (en) | Apparatus and method of detecting the accessing area using a routing point | |
CN109474623A (en) | Network safety prevention and its parameter determination method, device and equipment, medium | |
CN108134774B (en) | Privacy protection method and device based on content privacy and user security grading | |
KR101293954B1 (en) | Apparatus and method for detecting roundabout access | |
KR20090000824A (en) | Client apparatus, authentication apparatus and method for connection area restriction | |
KR101062327B1 (en) | Apparatus and method of detecting the accessing area using a routing point | |
KR101160219B1 (en) | Tracking system and method of connecting route for the network security | |
CN108566380B (en) | Proxy internet surfing behavior identification and detection method | |
KR101674566B1 (en) | Method and system for protecting user account in online service | |
Nezarat | A game theoretic method for VM-to-hypervisor attacks detection in cloud environment | |
CN110138760B (en) | Method and device for setting security service | |
Kaur et al. | Classifier for DDoS attack detection in software defined networks | |
CN109743303B (en) | Application protection method, device, system and storage medium | |
JPWO2020195229A1 (en) | Analytical systems, methods and programs | |
CN106375330B (en) | Data detection method and device | |
KR102413344B1 (en) | Method and device to manage access of terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |