WO2007078037A1 - Procédé de protection de page web faisant intervenir un dispositif de sécurité et boîtier décodeur comprenant ledit dispositif de sécurité intégré - Google Patents
Procédé de protection de page web faisant intervenir un dispositif de sécurité et boîtier décodeur comprenant ledit dispositif de sécurité intégré Download PDFInfo
- Publication number
- WO2007078037A1 WO2007078037A1 PCT/KR2006/002242 KR2006002242W WO2007078037A1 WO 2007078037 A1 WO2007078037 A1 WO 2007078037A1 KR 2006002242 W KR2006002242 W KR 2006002242W WO 2007078037 A1 WO2007078037 A1 WO 2007078037A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- web page
- security
- web
- security appliance
- allowing
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000008569 process Effects 0.000 claims abstract description 26
- 230000004927 fusion Effects 0.000 abstract description 4
- 230000002265 prevention Effects 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 235000015250 liver sausages Nutrition 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
Definitions
- the present invention relates to a web page protection method employing a security appliance and a set-up box having the security appliance built therein, and more particularly to such a web page protection method in which a security appliance that is equipment for transparently ensuring web site security in terms of prevention of copy, capture, link, etc., of a web site being originally connected, or a set-up box having the security appliance built therein is connected to a front end of a web server so that when a user visits a web site to which the security appliance is applied, a browser plug-in (Active X, etc.) is automatically installed at a user terminal to allow the installed browser plug-in to prevent the unauthorized outflow of information due to an illegal access to a web page as well as various components within the web page, in which user authentication, billing process, and interception of various hackings of memory, network, cache, file, etc., owing to fusion of the Digital Right Management (DRM) technique and web site security are performed, and in which a variety of contents driven on the web page
- HTTP HTTP Uniform Resource Locator
- the authentication system is weak so that if a third party knows only an HTTP Uniform Resource Locator (URL), corresponding web contents easily flow to the outside world.
- URL Uniform Resource Locator
- the outflow of the contents is promoted and the contents such as images, etc., of a shopping mall through the link to the web site are fraudulently or unlawfully appropriated.
- numerous script kids using search engines, robots, web site mirroring tools, etc. are proliferated so that there is a possibility for general people to easily duplicate and unlawfully appropriate the contents, thereby leading to vulnerability of the web site to security threats as described above.
- the present invention has been made in view of the above problems occurring in the prior art, and it is an object of the present invention to provide a web page protection method employing a security appliance and a set-up box having the security appliance built therein, in which a security appliance that is equipment for transparently ensuring web site security in terms of prevention of copy, capture, link, etc., of a web site being originally connected, or a set-up box having the security appliance built therein is connected to a front end of a web server so that when a user visits a web site to which the security appliance is applied, a browser plug-in (Active X, etc.) is automatically installed at a user terminal to allow the installed browser plug- in to prevent the unauthorized outflow of information due to an illegal access to a web page as well as various components within the web page.
- a security appliance that is equipment for transparently ensuring web site security in terms of prevention of copy, capture, link, etc., of a web site being originally connected
- DRM Digital Right Management
- FIG. 1 is a block diagram illustrating the operational process of a web page protection system employing a security appliance and a set-up box having the security appliance built therein according to one embodiment of the present invention
- FIG. 2 is a flow chart illustrating a web page protection process employing a security appliance and a set-up box having the security appliance built according to one embodiment of the present invention. Best Mode for Carrying Out the Invention
- a web page protection method employing a security appliance and a set-up box having the security appliance built therein, the web protection method comprising the steps of: (a) allowing a user to request a web page to a web server through a web browser using a user terminal; (b) allowing a security appliance to check if security is established for a URL corresponding to the requested web page and to route the request for the web page to an actual web server if the security for the corresponding URL is not established and the requested web page is a general web page; (c) allowing the security appliance to check if the request for the web page is a request from a security client module to determine whether or not the request for the web page is a request by a security client, and to check a policy for the corresponding URL through the cooperative operation with an external server if it is determined that the request for the web is the request by the security client to thereby request the policy from an external policy server; (d)
- the step (c) may further comprise the steps of: if it is determined that the request for the web is not the request by the security client, allowing the security appliance to route the request for the web page to a web page that loads a security client module; allowing the web browser to load the security client module from the routed web page; and allowing the loaded security client to re-request the corresponding web page and to permit the program to proceed to the previous step (b).
- the step (c) may further comprise the steps of: (e) allowing the security appliance to request the web page that has the corresponding URL from the actual web server if the security appliance does not request the policy from the external policy server; (f) allowing the web server to process the requested web page and then transmit the processed web page to the security appliance; allowing the security appliance to check if security is established for the URL corresponding to the web page transmitted to the security appliance.
- the step (g) may comprise allowing the security appliance to transmit the requested web page to the security client if it is checked that the security for the corresponding URL is not established.
- the step (i) comprises allowing the web browser to process the web page transmitted to the web browser from the security client if it is checked that the security for the web page is not established.
- FIG. 1 is a block diagram illustrating the operational process of a web page protection system employing a security appliance and a set-up box having the security appliance built according to one embodiment of the present invention.
- the web page protection system employing a security appliance and a set-up box having the security appliance built includes a plurality of web servers 100, a security appliance administration terminal 200, a plurality of security appliance modules 300, a plurality of user terminals 400, a user cache 410, a switch 500, and an Internet network 600.
- the security appliance modules 300 mounted at front ends of the web servers 100 transmit encrypted information about the user to a corresponding user terminal 400 to confirm the user s identity. If it is determined that the user who has accessed the web servers 100 is an unauthorized user, the security appliance modules 300 completely intercepts the access of the user terminal 400 to the web servers 100. On the other hand, if it is determined that the user who has accessed the web servers 100 is an authorized user, the user can use a corresponding web site connected to the web servers 100 through a switch 500 and the security appliance modules 300.
- the security appliance management terminal 200 that manages a plurality of security appliance modules 300 stores and manages various information used by the user who has accessed the web servers 100 via the security appliance modules 300. That is, the security appliance management terminal 200 serves to manage information about billing identification/authentication control by web page, billing/authentication by component such as PDF, image, word, etc. Also, the authenticated user information is stored in the user cache 410, and is decrypted after authentication so as to perform the control of mouse, print, capture and source view.
- the web page protection function is performed only by the direct connection of a security appliance to the front end of an existing web server and the simple settings of the security appliance even without any conventional modification of a web page.
- a user who visits the web page can be provided with the same remaining operational environments except installation of the plug-in so that the web page protection system is applicable according to easy and simple installation thereof.
- the check of billing, user identity and client PC IP/MAC is possible through the cooperative operation with a service provider (SP), the authentication of the web page can be performed in the unit of the web page URL, and other authentications depending on Intranet and Extranet is possible to enable its application to various authentication mechanisms.
- SP service provider
- FIG. 2 is a flow chart illustrating a web page protection process employing a security appliance and a set-up box having the security appliance built according to one embodiment of the present invention.
- a user requests a web page to a web server through a web browser using a user terminal.
- a security appliance checks if security is established for a URL corresponding to the requested web page and routes the request for the web page to an actual web server if the security for the corresponding URL is not established and the requested web page is a general web page.
- the security server checks if the request for the web page is a request from a security client module to determine whether or not the request for the web page is a request by a security client, and checks a policy for the corresponding URL through the cooperative operation with an external server if it is determined at step S3 that the request for the web is the request by the security client to thereby request the policy at step S7.
- step S3 if it is determined that the request for the web is not the request by the security client, the program proceeds to step S4 where the security appliance routes the request for the web page to a web page that loads a security client module, and then a web browser loads the security client module from the routed web page.
- step S6 the loaded security client re-requests the corresponding web page, and then the program returns to the previous step S2.
- step S9 if it is determined that the policy for the corresponding URL is not requested, the program proceeds to step S9 where the security appliance requests the web page from the actual web server.
- step SlO the web server processes the requested web page and transmits the processed web page to the security appliance.
- step SI l the security appliance receives the processed web page from the web server and checks if security is established for a URL corresponding to the received web page.
- an external policy server processes the policy of the corresponding URL requested at step S7 and transmits a result of the processed policy to the security appliance.
- the security appliance requests the web page that has the corresponding URL from the actual web server, and the program proceeds to step SlO where the web server processes the requested web page and transmits the processed web page to the security appliance.
- the security appliance checks if security is established for a URL corresponding to the web page received from the web server. If it is checked at step SI l that the security for the corresponding URL is established, the program proceeds to step S 12 where the security encrypts the web page and sets a policy for the corresponding web page. On the other hand, if it is checked at step SI l that the security for the corresponding URL is not established, the program proceeds to step S 13 where the security appliance transmits the requested web page to the security client.
- the security appliance transmits the web page requested at step Sl 1 to the security client, and then at step S 14, the security client checks if security is established for the web page transmitted to the security client. Then, the security client stores a policy for the web page if it is checked at step S 14 that the security for the web pate is established. On the other hand, if it is checked at step S 14 that the security for the web page is not established, the program proceeds to step S 16 where the web browser processes the web page transmitted from security client.
- step S 15 the security client decrypts the web page encrypted at step S 14 and then transmit the decrypted web page to the web browser.
- step S 16 the web browser to process the web page transmitted to the web browser from the security client.
- a security appliance that is equipment for transparently ensuring web site security in terms of prevention of copy, capture, link, etc., of a web site being originally connected, or a set-up box having the security appliance built therein is connected to a front end of a web server so that when a user visits a web site to which the security appliance is applied, a browser plug-in (Active X, etc.) is automatically installed at a user terminal to allow the installed browser plug-in to prevent the unauthorized outflow of information due to an illegal access to a web page as well as various components within the web page.
- a browser plug-in Active X, etc.
- DRM Digital Right Management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Security & Cryptography (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un procédé de protection de page Web faisant intervenir un dispositif de sécurité, ainsi qu'un boîtier décodeur dans lequel est intégré ledit dispositif de sécurité. L'invention concerne plus particulièrement un procédé de protection de page Web dans lequel le dispositif de sécurité représenté par un équipement permettant d'assurer de manière transparente la sécurité d'un site Web en termes de prévention contre la copie, capture, liaison, etc., pour un site Web connecté, ou par un boîtier décodeur dans lequel est intégré le dispositif de sécurité, est connecté à une extrémité avant d'un serveur Web de façon que lorsqu'un utilisateur visite un site Web protégé par le dispositif de sécurité, un plugiciel de navigation (Active X, etc.) est automatiquement installé sur un terminal d'utilisateur pour empêcher le flux non autorisé d'informations dû à un accès illégal à une page Web et la présence de divers composants à l'intérieur de la page Web. Selon le procédé de l'invention, l'authentification d'utilisateur, les processus de facturation et l'interception de piratages divers de mémoire, réseau, mémoire cache, fichier, etc., sont assurés par combinaison d'une technique de gestion des droits numériques (DRM) et de sécurité de site Web. En outre, divers contenus gérés par la page Web peuvent aisément être utilisés sans l'introduction d'une solution DRM.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020060000729A KR100683166B1 (ko) | 2006-01-04 | 2006-01-04 | 안전서버 또는 안전서버가 탑재된 셋톱박스를 이용한 웹페이지 보호 방법 |
KR10-2006-0000729 | 2006-01-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2007078037A1 true WO2007078037A1 (fr) | 2007-07-12 |
Family
ID=38106451
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2006/002242 WO2007078037A1 (fr) | 2006-01-04 | 2006-06-13 | Procédé de protection de page web faisant intervenir un dispositif de sécurité et boîtier décodeur comprenant ledit dispositif de sécurité intégré |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR100683166B1 (fr) |
WO (1) | WO2007078037A1 (fr) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102523216A (zh) * | 2011-12-15 | 2012-06-27 | 四川长虹电器股份有限公司 | 实现互联网电视浏览器安全访问互联网的系统及方法 |
CN102647425A (zh) * | 2012-04-20 | 2012-08-22 | 汉柏科技有限公司 | 防火墙防木马功能的实现方法及系统 |
CN103118026A (zh) * | 2013-02-01 | 2013-05-22 | 北京奇虎科技有限公司 | 显示网址安全鉴定信息的方法及装置 |
CN103473214A (zh) * | 2013-09-06 | 2013-12-25 | 百度在线网络技术(北京)有限公司 | 一种页面文字的显示方法和装置 |
CN104965827A (zh) * | 2014-04-25 | 2015-10-07 | 腾讯科技(深圳)有限公司 | 一种插件处理的方法、装置及终端 |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100740682B1 (ko) * | 2006-11-30 | 2007-07-19 | (주)필라넷 | 로컬 피씨로의 데이터 저장을 방지하는 보안파일서버시스템및 그 방법과 그 방법에 대한 컴퓨터 프로그램을 저장한기록매체 |
KR100932847B1 (ko) | 2007-06-26 | 2009-12-21 | 엔에이치엔(주) | 복제 방지 방법 및 그 시스템 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005011061A (ja) * | 2003-06-19 | 2005-01-13 | Nec Fielding Ltd | ホームページ改ざん攻撃からWebサーバを守る監視/運用システム,方法およびプログラム |
US6868395B1 (en) * | 1999-12-22 | 2005-03-15 | Cim, Ltd. | Business transactions using the internet |
US6941368B1 (en) * | 2000-05-31 | 2005-09-06 | International Business Machines Corporation | Protecting resource URLs from being served without a base web page |
US6970849B1 (en) * | 1999-12-17 | 2005-11-29 | Microsoft Corporation | Inter-server communication using request with encrypted parameter |
-
2006
- 2006-01-04 KR KR1020060000729A patent/KR100683166B1/ko not_active IP Right Cessation
- 2006-06-13 WO PCT/KR2006/002242 patent/WO2007078037A1/fr active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6970849B1 (en) * | 1999-12-17 | 2005-11-29 | Microsoft Corporation | Inter-server communication using request with encrypted parameter |
US6868395B1 (en) * | 1999-12-22 | 2005-03-15 | Cim, Ltd. | Business transactions using the internet |
US6941368B1 (en) * | 2000-05-31 | 2005-09-06 | International Business Machines Corporation | Protecting resource URLs from being served without a base web page |
JP2005011061A (ja) * | 2003-06-19 | 2005-01-13 | Nec Fielding Ltd | ホームページ改ざん攻撃からWebサーバを守る監視/運用システム,方法およびプログラム |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102523216A (zh) * | 2011-12-15 | 2012-06-27 | 四川长虹电器股份有限公司 | 实现互联网电视浏览器安全访问互联网的系统及方法 |
CN102647425A (zh) * | 2012-04-20 | 2012-08-22 | 汉柏科技有限公司 | 防火墙防木马功能的实现方法及系统 |
CN103118026A (zh) * | 2013-02-01 | 2013-05-22 | 北京奇虎科技有限公司 | 显示网址安全鉴定信息的方法及装置 |
WO2014117687A1 (fr) * | 2013-02-01 | 2014-08-07 | 北京奇虎科技有限公司 | Procédé et dispositif d'affichage d'informations d'évaluation de sécurité d'adresse web |
CN103473214A (zh) * | 2013-09-06 | 2013-12-25 | 百度在线网络技术(北京)有限公司 | 一种页面文字的显示方法和装置 |
CN104965827A (zh) * | 2014-04-25 | 2015-10-07 | 腾讯科技(深圳)有限公司 | 一种插件处理的方法、装置及终端 |
Also Published As
Publication number | Publication date |
---|---|
KR100683166B1 (ko) | 2007-02-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107209830B (zh) | 用于识别并抵抗网络攻击的方法 | |
CN102077208B (zh) | 向应用程序集发放受保护内容的许可证的方法和系统 | |
EP0940960A1 (fr) | Authentification entre serveurs | |
US20070271599A1 (en) | Systems and methods for state signing of internet resources | |
US20030163691A1 (en) | System and method for authenticating sessions and other transactions | |
US20020032873A1 (en) | Method and system for protecting objects distributed over a network | |
CN103944900A (zh) | 一种基于加密的跨站请求攻击防范方法及其装置 | |
KR20120128674A (ko) | 안전한 동적 권한위임 | |
CA2648997A1 (fr) | Procede permettant d'assurer la securite d'application internet | |
CN103401885B (zh) | 网络文档权限控制方法、装置及系统 | |
WO2010003261A1 (fr) | Filtrage de sécurité d'application web | |
JP6572750B2 (ja) | 認証制御プログラム、認証制御装置、及び認証制御方法 | |
WO2007078037A1 (fr) | Procédé de protection de page web faisant intervenir un dispositif de sécurité et boîtier décodeur comprenant ledit dispositif de sécurité intégré | |
CN101222335A (zh) | 一种应用系统间的级联认证方法及装置 | |
JP5452192B2 (ja) | アクセス制御システム、アクセス制御方法およびプログラム | |
CN113949566B (zh) | 资源访问方法、装置、电子设备和介质 | |
US8559637B2 (en) | Securing information exchanged via a network | |
Kubovy et al. | A secure token-based communication for authentication and authorization servers | |
US11716374B2 (en) | Forced identification with automated post resubmission | |
US7421576B1 (en) | Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes | |
CN104811421A (zh) | 基于数字版权管理的安全通信方法及装置 | |
JP3877388B2 (ja) | 情報提供システム | |
CN104506518A (zh) | Mips平台网络系统访问控制的身份认证方法 | |
KR20020083551A (ko) | 멀티에이전트 기반 다단계 사용자 인증 시스템 개발과운용 방법 | |
KR101962349B1 (ko) | 인증서 기반 통합 인증 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS EPO FORM 1205A DATED 07.10.2008. |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06768840 Country of ref document: EP Kind code of ref document: A1 |