TWI396144B - System and method for controlling network usage rights in attendance state - Google Patents
System and method for controlling network usage rights in attendance state Download PDFInfo
- Publication number
- TWI396144B TWI396144B TW98100802A TW98100802A TWI396144B TW I396144 B TWI396144 B TW I396144B TW 98100802 A TW98100802 A TW 98100802A TW 98100802 A TW98100802 A TW 98100802A TW I396144 B TWI396144 B TW I396144B
- Authority
- TW
- Taiwan
- Prior art keywords
- attendance
- network
- employee
- computer
- controlling
- Prior art date
Links
Landscapes
- Small-Scale Networks (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Description
本發明之以出勤狀態管制網路使用權限之系統及方法,係關於管制網路使用權限之系統及方法,特別是指以員工出勤的紀錄來開啟網際網路使用權限的方法,利用網路權限控制器發送阻斷電腦連結的位址解譯協定(Address Resolution Protocol,以下簡稱:ARP)封包,讓該電腦無法連結網際網路,以確保網際網路使用的安全權限。The system and method for controlling the use rights of the network in the attendance state are the system and method for controlling the use rights of the network, in particular, the method for opening the use permission of the Internet by using the record of employee attendance, and utilizing the network authority The controller sends an Address Resolution Protocol (ARP) packet that blocks the computer connection, so that the computer cannot connect to the Internet to ensure the security rights of the Internet.
習知網際網路使用權限管制,大多是在公司內部架設代理伺服器(porxy server),員工需要透過該proxy server才能連結網際網路,proxy server會詢問該員工的帳號密碼以做為認證,未通過認證將無法連結網際網路,但此種方式有其缺失,第一,個人帳號密碼容易被盜用或破解;第二,proxy server只針對特定的網路連接埠(例如port 80)做管制,亦即只管制使用超文本傳輸協定(HyperText Transfer Protocol,HTTP)的封包,其他網路連接埠的管制就得依靠防火牆。The familiar Internet access control is mostly used to set up a proxy server (porxy server) inside the company. The employee needs to connect to the Internet through the proxy server. The proxy server will ask the employee's account password for authentication. Authentication will not be able to connect to the Internet, but this method has its shortcomings. First, the personal account password is easily stolen or cracked. Second, the proxy server only controls the specific network connection (such as port 80). That is, only the packets using the HyperText Transfer Protocol (HTTP) are controlled, and the control of other network ports depends on the firewall.
由此可見,上述習用方式仍有諸多缺失,實非一良善之設計,而亟待加以改良。It can be seen that there are still many shortcomings in the above-mentioned methods of use, which is not a good design, but needs to be improved.
本案發明人鑑於上述習用方式所衍生的各項缺點,乃亟思加以改良創新,並經多年苦心孤詣潛心研究後,終於成功研發完成本件以出勤狀態管制網路使用權限之裝置及其方法。In view of the shortcomings derived from the above-mentioned conventional methods, the inventor of the present invention has improved and innovated, and after years of painstaking research, he finally succeeded in researching and developing the device and method for controlling the use of the network in the attendance state.
本發明之目的即在於提供一種以出勤狀態管制網路使用權限之系統及方法,係為改善目前以proxy管制使用者連上網際網路的方法,其帳號密碼容易被盜用的缺失。The object of the present invention is to provide a system and method for controlling network usage rights in an attendance state, which is to improve the current method of using a proxy to control a user's connection to the Internet, and the account password is easily stolen.
本發明之另一目的在於改善習知技術只針對特定的網路連接埠做管制的缺點,在不須新增網路交換設備下,可以有效阻斷無權使用網際網路的電腦設備其網路的使用權,未經許可電腦無論透過任何連接埠皆無法連結網際網路。Another object of the present invention is to improve the shortcomings of the prior art that only the specific network connection is controlled, and can effectively block the network of the computer device that does not have the right to use the Internet without adding a new network switching device. The right to use the road, the unlicensed computer can not connect to the Internet through any connection.
達成上述發明目的之以出勤狀態管制網路使用權限之系統及方法,係利用員工出勤的記錄,做為是否開放其所屬電腦設備聯結網際網路權限的依據,網路權限管制伺服器定時執行位址解譯協定查詢(ARP request),以獲得目前於此區域網路內所有開機的電腦之IP及MAC列表;若發現為無權使用網際網路的電腦設備,網路權限管制伺服器將連續發送位址解譯協定回應(ARP reply),將目標電腦位址解譯協定表格(ARP table)中的閘道器(gateway)的實體位址(physical address)改掉,造成目標電腦無法上網;反之,若該電腦屬於合法可上網的電腦,網路權限管制伺服器將發送一次ARP reply,將目標電腦ARP table中的gateway的實體位址改回正確值,以開放其連結網際網路的權限。The system and method for achieving the use rights of the attendance state control network for achieving the above object is to use the record of the employee's attendance as the basis for opening or not the network device authority of the computer device to which it belongs, and the network authority control server timing execution bit. ARP request to obtain a list of IP and MAC addresses of all computers currently booted in the local area network; if it is found to be a computer device that does not have access to the Internet, the network rights control server will continue Sending an address resolution agreement (ARP reply), the physical address of the gateway in the target computer address interpretation agreement table (ARP table) is changed, causing the target computer to be unable to access the Internet; On the other hand, if the computer is a legitimate Internet-accessible computer, the network authority control server will send an ARP reply to change the physical address of the gateway in the target computer ARP table back to the correct value to open its connection to the Internet. .
請參閱圖一所示,為本發明以出勤狀態管制網路使用權限之系統及方法之系統架構圖,本發明使用出勤讀卡機1讀取使用者的IC卡,取得員工的識別證號,透過出勤資料伺服器2將員工的上下班時間記錄下來,網路控制伺服器3將針對出勤資料,決定是否提供員工的電腦存取網際網路 的權限。網路權限控制伺服器3內含員工所登記的電腦IP與MAC對應資料,結合出勤資料伺服器2所記錄的上下班簽到時間,可產生一使用者出勤資料庫。網路權限控制伺服器3會定期發送ARP request,找出目前該公司網段下所有開機的電腦,並且與使用者出勤資料庫的IP及MAC互相比對,若發現未上班員工其IP或MAC出現在ARP掃描列表中,網路權限控制伺服器3將會發送ARP封包,更改目標電腦的ARP的gateway的實體位址(physical address),使該台電腦找不到正確的Gateway MAC而無法上網,達到封鎖該台電腦的目的。Please refer to FIG. 1 , which is a system architecture diagram of a system and method for controlling network usage rights in an attendance state according to the present invention. The present invention uses an attendance card reader 1 to read a user's IC card and obtain an employee identification number. The employee's commute time is recorded through the attendance data server 2, and the network control server 3 will determine whether to provide the employee's computer access to the internet for the attendance data. permission. The network authority control server 3 includes the IP and MAC corresponding data registered by the employee, and combined with the log-on time recorded by the attendance data server 2, a user attendance database can be generated. The network access control server 3 will periodically send an ARP request to find out all the computers that are currently powered on under the company's network segment, and compare them with the IP and MAC of the user attendance database. If the IP or MAC of the employee is not found, Appears in the ARP scan list, the network access control server 3 will send the ARP packet, change the physical address of the ARP gateway of the target computer, so that the computer can not find the correct Gateway MAC and can not access the Internet. To achieve the purpose of blocking the computer.
圖二為該以出勤狀態管制網路使用權限之裝置及其方法之流程圖,步驟101為員工以IC卡執行上下班簽到退;接著步驟102由出勤資料伺服器主動收集員工的上下班時間紀錄;步驟103由網路權限管制伺服器定時執行ARP request,可獲得目前於此區域網路內所有開機的電腦之IP及MAC列表;接著步驟104網路權限管制伺服器針對使用者出勤資料庫與目前所有開機的電腦比對,若發現未出勤者的電腦處於開機狀態,則進入步驟105,網路權限管制伺服器將連續發送ARP reply,將目標電腦ARP table中的gateway的實體位址改掉,造成目標電腦無法上網,反之,則進入步驟106,將目標電腦ARP table中的gateway的實體位址改回正確值,使其可上網。FIG. 2 is a flow chart of the device and method for controlling the use of the network by the attendance state, and step 101 is for the employee to perform the check-in and check-out with the IC card; then, step 102, the attendance data server actively collects the employee's commute time record. Step 103: The network authority control server periodically executes the ARP request, and obtains the IP and MAC list of all the computers currently booted in the local area network; then, step 104, the network authority control server targets the user attendance database and At present, all the computers that are turned on are compared. If it is found that the computer of the non-attendor is turned on, the process proceeds to step 105, and the network authority control server will continuously send the ARP reply to change the physical address of the gateway in the target computer ARP table. The target computer cannot access the Internet. Otherwise, proceed to step 106 to change the physical address of the gateway in the target computer ARP table back to the correct value to make it available for Internet access.
本發明所提供之以出勤狀態管制網路使用權限之系統及方法,與其他習用技術相互比較時,更具備下列優點:The system and method for controlling the use of the network by the attendance state control system provided by the present invention have the following advantages when compared with other conventional technologies:
1.本發明可以結合出勤紀錄作為是否允許該員工電腦連上網網際網路的媒介,避免以往透過帳號密碼管制所產生的密碼盜用、借用等問題。1. The present invention can combine the attendance record as a medium for allowing the employee's computer to connect to the Internet, and avoid the problems of password theft and borrowing caused by the password control of the account in the past.
2.本發明透過ARP table的更新,更改非授權電腦的gateway實體位址, 可完全禁止用戶透過任何port連上網際網路。2. The present invention changes the gateway entity address of an unauthorized computer through the update of the ARP table. Users can be completely banned from connecting to the Internet through any port.
2.本發明可適用於各企業或公司環境內的區域網路,ARP功能為網際網路協定規範的基本功能,故無更換公司內的網路交換設備4架構,僅需加裝管制伺服器即可輕鬆達到管制上網權限控管的效果,其經濟效益非常明顯。2. The present invention can be applied to a regional network in an enterprise or company environment. The ARP function is a basic function of the Internet Protocol specification, so there is no replacement of the network switching device 4 architecture in the company, and only a control server needs to be installed. It is easy to achieve the effect of controlling the control of Internet access, and its economic benefits are very obvious.
上列詳細說明乃針對本發明之一可行實施例進行具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。The detailed description of the present invention is intended to be illustrative of a preferred embodiment of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.
綜上所述,本案不僅於技術思想上確屬創新,並具備習用之傳統方法所不及之上述多項功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。To sum up, this case is not only innovative in terms of technical thinking, but also has many of the above-mentioned functions that are not in the traditional methods of the past. It has fully complied with the statutory invention patent requirements of novelty and progressiveness, and applied for it according to law. Approved this invention patent application, in order to invent invention, to the sense of virtue.
1‧‧‧出勤讀卡機1‧‧‧Attendance card reader
2‧‧‧出勤資料伺服器2‧‧‧Attendance data server
3‧‧‧網路權限控制伺服器3‧‧‧Network Authority Control Server
4‧‧‧網路交換設備(switch)4‧‧‧Network switching equipment (switch)
5‧‧‧個人電腦5‧‧‧PC
6‧‧‧網際網路6‧‧‧Internet
請參閱有關本發明之詳細說明及其附圖,將可進一步瞭解本發明之技術內容及其目的功效;有關附圖為:圖一為本發明以出勤狀態管制網路使用權限之系統及方法之系統架構圖;以及圖二為該以出勤狀態管制網路使用權限之系統及方法之流程圖;The detailed description of the present invention and the accompanying drawings will be further understood, and the technical contents of the present invention and the functions thereof can be further understood. FIG. 1 is a system and method for controlling the use rights of the network in the attendance state according to the present invention. System architecture diagram; and Figure 2 is a flow chart of the system and method for controlling network usage rights by attendance status;
1‧‧‧出勤讀卡機1‧‧‧Attendance card reader
2‧‧‧出勤資料伺服器2‧‧‧Attendance data server
3‧‧‧網路權限控制伺服器3‧‧‧Network Authority Control Server
4‧‧‧網路交換設備(switch)4‧‧‧Network switching equipment (switch)
5‧‧‧個人電腦5‧‧‧PC
6‧‧‧網際網路6‧‧‧Internet
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW98100802A TWI396144B (en) | 2009-01-10 | 2009-01-10 | System and method for controlling network usage rights in attendance state |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW98100802A TWI396144B (en) | 2009-01-10 | 2009-01-10 | System and method for controlling network usage rights in attendance state |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201027462A TW201027462A (en) | 2010-07-16 |
TWI396144B true TWI396144B (en) | 2013-05-11 |
Family
ID=44853218
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW98100802A TWI396144B (en) | 2009-01-10 | 2009-01-10 | System and method for controlling network usage rights in attendance state |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI396144B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI615002B (en) * | 2016-11-02 | 2018-02-11 | 國立臺北科技大學 | Method and System for Network Connection Authority Controlling |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI228902B (en) * | 2002-06-12 | 2005-03-01 | Rdc Semiconductor Co Ltd | Method and system for controlling and managing network security |
TW200643706A (en) * | 2005-06-06 | 2006-12-16 | Mosdan Internat Co Ltd | Method to use network switch for controlling computer access to network system |
-
2009
- 2009-01-10 TW TW98100802A patent/TWI396144B/en not_active IP Right Cessation
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI228902B (en) * | 2002-06-12 | 2005-03-01 | Rdc Semiconductor Co Ltd | Method and system for controlling and managing network security |
TW200643706A (en) * | 2005-06-06 | 2006-12-16 | Mosdan Internat Co Ltd | Method to use network switch for controlling computer access to network system |
Non-Patent Citations (1)
Title |
---|
呂少青、葉乃菁," 網路概論", 文魁資訊,2008年8月 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI615002B (en) * | 2016-11-02 | 2018-02-11 | 國立臺北科技大學 | Method and System for Network Connection Authority Controlling |
Also Published As
Publication number | Publication date |
---|---|
TW201027462A (en) | 2010-07-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Alwarafy et al. | A survey on security and privacy issues in edge-computing-assisted internet of things | |
US20190052647A1 (en) | Managing Access to User Profile Information via a Distributed Transaction Database | |
CN104717223B (en) | Data access method and device | |
KR20060117570A (en) | Method and apparatus for managing individual information | |
US10749851B2 (en) | Network monitoring method and device | |
Kapoor et al. | Privacy issues in wearable technology: An intrinsic review | |
US10515187B2 (en) | Artificial intelligence (AI) techniques for learning and modeling internal networks | |
TWI396144B (en) | System and method for controlling network usage rights in attendance state | |
Decker et al. | eSeal–a system for enhanced electronic assertion of authenticity and integrity | |
US10148669B2 (en) | Out-of-band encryption key management system | |
Ladan | E-Commerce security issues | |
Fatima et al. | Home Automation and RFID-Based Internet of Things Security: Challenges and Issues | |
El Bouanani et al. | Towards understanding internet of things security and its empirical vulnerabilities: a survey | |
Vaughan et al. | Bringing them in and checking then out: Laptop use in the modern academic library | |
CN105991524A (en) | Family information security system | |
Daniel | Hidden dangers of Internet of Things | |
TWI468979B (en) | System and method for integrating access control and information facilities | |
Kagita | Security and privacy issues for business intelligence in IoT | |
Omar et al. | Blockchain for Enhancing Security of IoT Devices | |
US10523715B1 (en) | Analyzing requests from authenticated computing devices to detect and estimate the size of network address translation systems | |
JP2008250869A (en) | Management system, management server and management program | |
Badhwar et al. | Cybersecurity lessons from the breach of physical security at US capitol building | |
You et al. | Defending against insider threats and internal data leakage | |
Nancy Ambritta et al. | Proposed identity and access management in future internet (IAMFI): a behavioral modeling approach | |
de Borde | Selecting a two-factor authentication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | Annulment or lapse of patent due to non-payment of fees |