WO2005088941A1 - Dispositif pour commander la communication entre les ordinateurs - Google Patents
Dispositif pour commander la communication entre les ordinateurs Download PDFInfo
- Publication number
- WO2005088941A1 WO2005088941A1 PCT/IT2004/000123 IT2004000123W WO2005088941A1 WO 2005088941 A1 WO2005088941 A1 WO 2005088941A1 IT 2004000123 W IT2004000123 W IT 2004000123W WO 2005088941 A1 WO2005088941 A1 WO 2005088941A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- signal
- computer
- interface
- data
- main data
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
Definitions
- the present invention relates to a device for control of communication between electronic computers.
- applications of the proxy type are presently available that are able to carry out a control on the URL string each time a computer, through the Internet, sends a connection request to a predetermined site (typically residing on a remote server) .
- an application of this type does not always succeed in controlling the information travelling from and to the computer with which it is associated in a reliable manner; in fact, it may happen that a given Internet site, identified by a domain name (URL string) as an "innocuous" site, i.e. ' not incorporating any suspicious term, may on the contrary have contents that are not very reliable, such as obscene contents, etc.. _ 9
- Another presently available control system consists of the so-called firewalls that are able to operate on the headers of the information packages travelling t ⁇ irough a telematic network, and in particular the Internet.
- Each information package in fact consists of a series of protocol data (exactly the so-called headers) enabling the different computers and the applications they carry to communicate with each other, as well as of the true data that a user wishes to exchange with a remote user or computer .
- the headers can identify the IP address (univocal identification, code) , of the source computer, the IP address (univocal identification code) of the addressee computer, tre ports employed for communication, etc.
- the control carried out by the presently available firewalls consists in verifying the information contained in the headers of the different packages; then, for example, use of some ports can be limited and/ or data from some IP addresses can be filtered.
- the present invention aims at solving the above mentioned drawbacks.
- FIG. 1 is a block diagram of the device in accordance with the present invention
- Figs. 2a and 2b diagramma.tically show the logic structure of signals employed in the device seen in Fig. 1.
- control device in accordance with the invent! on has been generally identified with reference numerral 1.
- Device 1 first of all comprises a first interface 10, for connection with a first computer 8; this connection may consist of any type of tele ati connection both through local networks and global computer networks.
- the present invention is particularly useful when it is associated with computers connected with each other through the Internet.
- the first interface 10 receives a first signal 100 from the first computer 8.
- the first signal 100 (Fig. 2a) comprises a first portion 101 and a second portion 103.
- the first portion 101 contains protocol information 102, for correct transmission and capture of the first signal 100; practically, the first portion 101 contains all headers that in each communication layer are added to the information package.
- headers are representative of the IP code for example, of the machine sending "the piece of information, of the IP code of the machine addressee of the piece of information, of the ports employed by these machines for communication, etc.
- the first portion 101 of the first signal 100 contains all data tlhat are beyond the true contents of the information that is to be transmitted by the first computer 8 and is exclusively utilised by trie communication carriers in order Ahat such a transmission may be carried out correctly.
- the main data 104 can define the (text or image) contents of one or more web pages that are stored in the first computer 8 and are sent through said first signal 100; more generally, the main data 104 are generated (with reference to the TCP/IP protocol structure) at an application level.
- Device 1 is further provided with a second interface 20 associated with the first interface 10; the second interface 20 has the task of receiving at least the main data 104 from the first interface 10 (following modalities to be better described in the following) and transmitting them to a second computer 9.
- the second computer 9 is provided with collection means (not shown in the accompanying figures) for the purpose of processing said main data 104; the collection means can also include appropriate displaying means to allow a user to utilise such main data 104.
- first connection means 30 is provided; said means can be piloted between a first and a second operating conditions .
- the first connection means 30 allows transmission of the main data 104 from the first to the second interface 10, 20 in such a manner that these main data 104 can be received and displayed by the second computer 9; in the second operating condition, the first connection means 30 do not allow flow of the main data 104 from the first to the second interface 10, 20.
- Operation of the first connection means 30 in the first or in the second condition depends on the contents of the main data 104, as hereinafter described.
- Device 1 is provided with a selecting block 40 connected with the first interface 10 to single out the second portion 103 internally of the first signal 100; in otier words, the selecting block 40 singles out the main data 104.
- a control unit 50 is connected with the selecting block 40 to receive the second portion 103 and the main data 104 contained therein, for the purpose of generating a corresponding first command signal 110 for the first connection means 30; through the first command signal 110, the first connection means 30 is piloted between its first and second operating conditions depending on the main data 104.
- control unit 50 comprises a memory 51 containing first reference data 104a; said reference data are reference terms for the main data 104 to establish the operating condition of the first connection means 30.
- comparing means 52 connected with said memory 51; the comparing means 52 compare the main data 104 received by the selecting block 40 with the first reference data 104 stored in memory 51.
- the first command signal 110 pilots the first connection means 30 to the first or second operating condition thereof:.
- the first connection means 30 shall be piloted to its second operating condition; vice versa, should all the main data 104 contain none of the first reference data 104, the first connection means 30 shall be piloted to its first operating condition.
- the first reference data 104a can be pertinent to typologi es of information (pornog aphic sites, sites that unlawfully make available inforraation material, etc.) to whicl. access from the second computer 9 is wished to be inhibited; therefore it is apparent that device 1 can be conveniently used in schools, offices, and generally in any structure where a control on the nature of the in ormation exchanged with external computers may be required.
- device 1 can be also associated with local computer networks connected with each other by means of the Internet, for example.
- device 1 is interposed in circuit between the first and second computers 8, 9; in this way, said computers 8, 9 cannot avoid or escape the control carried out by device 1 so as to be able to communicate with each other. It is apparent that, in accordance with this configuration, device 1 is particularly useful and reliable .
- device 1 can be associated with a local computer network, it can be in particular inserted between the local network itself and the router allowing access to the Internet; in this way connection between each, machine of the local network and the Internet is subjected to the controls carried out by device 1.
- device 1 is also provided with a third and a fourth interfaces 60, 70: the third interface 60 is connected with the second computer 9 to receive a second signal 200 from the latter, whereas the fourth interface 70 is connected with the first computer 8 to transmit at least part of the contents of the second signal 200 thereto.
- the second signal 200 (Fig. 2b) , in the same manner as the first signal 100, is made up of a first portion 201 and a second portion 203; the first portion 201 contains protocol information 202, i.e. the different headers of the information package, whereas the second portion 203 contains auxiliary data 204 defining the true contents of the information that must travel from the second to the first computer 9, 8.
- the auxiliary data can be generated, at an application level, at the second computer 9 and, in particular, can be directly inserted by a user during use of a search engine, for example.
- Second connection means 80 is ⁇ interposed between the third and fourth interfaces 60, 70 to connect said interfaces with each other; the second connection means 80, in the same manner as the first connection means 30 described above, can be piloted between a first and a second operating conditions.
- the second connection means 80 allows communication between the third and fourth interface 60, 70, whereas at the second operating condition it does not allow this information flow.
- Operation of the second connection means 80 in tle first or in the second condition depends on the auxiliary data 204 contained in the second portion 203 of the second signal 200, and in particular on a comparison between these auxiliary data 204 and second reference data 204a contained in memory 51.
- the selecting block 40 is also connected with the third interface 60 to receive the second signal 200 and single out the second portion 203, i.e. the auxiliary data 204, internally of said second signal.
- the auxiliary data 204 are thus inputted to the comparison means 52 carrying out a comparison with the second reference data 204a.
- the comparison means 52 shall generate a second command signal 210 to pilot the second connection means 80 to the second operating condition, thus inhibiting connection between the third and fourth interfaces 60, 70 and the relevant data flow from the second to the first computer 9, 8.
- the second command signal 210 generated by the comparison means 52 shall pilot the second connection means 80 to the first operating condition, therefore allowing passage of information from the second to the first computer 9 , 8.
- each first signal 100 and each second signal 200 can define a respective information package; each package is therefore made up of one or more headers (first portion 101 or 201 ) and of true contents ( second portion 103 or 203 ) , said true contents being preferably defined at the application level of the first or second computer 8 , 9.
- the control carried out by device 1 takes place on each of the information packages travelling between the first and second computers 8 , 9.
- the control shall be carried out on each portion - i . e . each word - of said web pages .
- the package containing this sequence is not transmitted to the second computer 9, whereas the remaining packages of the communication are correctly received and displayed, if they are considered as "acceptable".
- the second computer 9 following filtering carried out by device 1, it is possible for the second computer 9 to display incomplete pages having empty regions at the discriminated words or images.
- first, second, third and fourth interfaces 10, 20, 60, 70 have been described separately for the only purpose of clarifying the operating characters of device 1; obviously, the first and fourth interfaces 10, 70 can be made, in real terms, as a single means for connection to the Internet, and in the same manner the second and third interfaces 20, 60 can be made as a single connection through the USB port with the second computer 9.
- device 1 is not identified by respective IP addresses, as it often happens with devices inserted in local computer networks connected with the Internet; in other words, device 1 is quite transparent to operation of the network and the relevant connections and is capable of performing its control functions without requiring particular configurations. Practically, device 1 can be considered as a "bridging firewall" that, in addition to the devices presently on the market, is capable, as above described, of verifying the contents of the information packages travelling from and to a predetermined machine or set of machines. 1 i.
- device 1 can be made as a removable medium provided with the necessary hardware and software for execution of the above described operations (in particular, provided with the list of the first and second reference data 104, 204a) .
- first and second reference data 104a, 204a it is provided for said data to be periodically updated, through a predetermined Internet site for example, that against a subscription automatically checks whether variations or integrations are required for the reference data 104a, 204a.
- the invention achieves important advantages.
- device 11 allows a safe and reliable control of the contents of the information exchanged between two or more electronic computers .
- structure of device 1 is simple, cheap and characterised by low manufacturing costs.
Abstract
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IT2004/000123 WO2005088941A1 (fr) | 2004-03-15 | 2004-03-15 | Dispositif pour commander la communication entre les ordinateurs |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IT2004/000123 WO2005088941A1 (fr) | 2004-03-15 | 2004-03-15 | Dispositif pour commander la communication entre les ordinateurs |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005088941A1 true WO2005088941A1 (fr) | 2005-09-22 |
Family
ID=34957514
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IT2004/000123 WO2005088941A1 (fr) | 2004-03-15 | 2004-03-15 | Dispositif pour commander la communication entre les ordinateurs |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2005088941A1 (fr) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6233618B1 (en) * | 1998-03-31 | 2001-05-15 | Content Advisor, Inc. | Access control of networked data |
WO2001063835A1 (fr) * | 2000-02-21 | 2001-08-30 | Clicksafe.Com Llc | Systeme et procede permettant d'identifier et d'empecher l'acces a un contenu d'internet pornographique et analogue |
US6493744B1 (en) * | 1999-08-16 | 2002-12-10 | International Business Machines Corporation | Automatic rating and filtering of data files for objectionable content |
-
2004
- 2004-03-15 WO PCT/IT2004/000123 patent/WO2005088941A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6233618B1 (en) * | 1998-03-31 | 2001-05-15 | Content Advisor, Inc. | Access control of networked data |
US6493744B1 (en) * | 1999-08-16 | 2002-12-10 | International Business Machines Corporation | Automatic rating and filtering of data files for objectionable content |
WO2001063835A1 (fr) * | 2000-02-21 | 2001-08-30 | Clicksafe.Com Llc | Systeme et procede permettant d'identifier et d'empecher l'acces a un contenu d'internet pornographique et analogue |
Non-Patent Citations (1)
Title |
---|
CHEN DING ET AL: "Centralized content-based Web filtering and blocking: how far can it go?", SYSTEMS, MAN, AND CYBERNETICS, 1999. IEEE SMC '99 CONFERENCE PROCEEDINGS. 1999 IEEE INTERNATIONAL CONFERENCE ON TOKYO, JAPAN 12-15 OCT. 1999, PISCATAWAY, NJ, USA,IEEE, US, 12 October 1999 (1999-10-12), pages 115 - 119, XP010363557, ISBN: 0-7803-5731-0 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6751671B1 (en) | Method of communication between a user station and a network, in particular such as internet, and implementing architecture | |
AU772508B2 (en) | Safe terminal provided with a smart card reader designed to communicate with a server via an internet-type network | |
CN101159552B (zh) | 控制从计算机终端访问网络的方法和系统 | |
Handel et al. | Hiding data in the OSI network model | |
EP1203297B1 (fr) | Procede et dispositif permettant d'extraire les caracteristiques d'un protocole d'application | |
US5918009A (en) | Technique for sharing information on world wide web | |
US6351810B2 (en) | Self-contained and secured access to remote servers | |
CN103095676A (zh) | 过滤系统以及过滤方法 | |
CN104040538B (zh) | 一种互联网应用交互方法、装置及系统 | |
US20020103878A1 (en) | System for automated configuration of access to the internet | |
KR20150137599A (ko) | 차량 정보 유출 방지 장치 및 그 방법 | |
US7171684B1 (en) | Data processing system providing secure communication between software components | |
AU2018208696A1 (en) | Microkernel gateway server | |
KR100323548B1 (ko) | 계정인증 정보를 이용한 인터넷 접속 방법 | |
US6370576B1 (en) | System and method for obstacle-free network communication | |
WO2005088941A1 (fr) | Dispositif pour commander la communication entre les ordinateurs | |
US6763387B1 (en) | Method and system for sharing a single communication port between a plurality of servers | |
US7536479B2 (en) | Local and remote network based management of an operating system-independent processor | |
EP1379027B1 (fr) | Dispositif de réseau local sans fil | |
US8375226B1 (en) | System and method for selectively isolating a computer from a computer network | |
SE506628C2 (sv) | Metod och anordning för signering och kryptering av information i ett tele- och datakommunikationssystem | |
US20030105872A1 (en) | Data interfacing method and apparatus | |
EP1039719A2 (fr) | Procédé et installation permettant le developpement d'application avec carte à puces dans les réseaux de données | |
CN107819830A (zh) | 一种im软件发送文件方法及装置 | |
JP2000092111A (ja) | 中継装置、ならびに同装置を備えたネットワークシステム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |