WO2007078037A1 - Procédé de protection de page web faisant intervenir un dispositif de sécurité et boîtier décodeur comprenant ledit dispositif de sécurité intégré - Google Patents

Procédé de protection de page web faisant intervenir un dispositif de sécurité et boîtier décodeur comprenant ledit dispositif de sécurité intégré Download PDF

Info

Publication number
WO2007078037A1
WO2007078037A1 PCT/KR2006/002242 KR2006002242W WO2007078037A1 WO 2007078037 A1 WO2007078037 A1 WO 2007078037A1 KR 2006002242 W KR2006002242 W KR 2006002242W WO 2007078037 A1 WO2007078037 A1 WO 2007078037A1
Authority
WO
WIPO (PCT)
Prior art keywords
web page
security
web
security appliance
allowing
Prior art date
Application number
PCT/KR2006/002242
Other languages
English (en)
Inventor
Sung Yub Kim
Original Assignee
Sung Yub Kim
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sung Yub Kim filed Critical Sung Yub Kim
Publication of WO2007078037A1 publication Critical patent/WO2007078037A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]

Definitions

  • the present invention relates to a web page protection method employing a security appliance and a set-up box having the security appliance built therein, and more particularly to such a web page protection method in which a security appliance that is equipment for transparently ensuring web site security in terms of prevention of copy, capture, link, etc., of a web site being originally connected, or a set-up box having the security appliance built therein is connected to a front end of a web server so that when a user visits a web site to which the security appliance is applied, a browser plug-in (Active X, etc.) is automatically installed at a user terminal to allow the installed browser plug-in to prevent the unauthorized outflow of information due to an illegal access to a web page as well as various components within the web page, in which user authentication, billing process, and interception of various hackings of memory, network, cache, file, etc., owing to fusion of the Digital Right Management (DRM) technique and web site security are performed, and in which a variety of contents driven on the web page
  • HTTP HTTP Uniform Resource Locator
  • the authentication system is weak so that if a third party knows only an HTTP Uniform Resource Locator (URL), corresponding web contents easily flow to the outside world.
  • URL Uniform Resource Locator
  • the outflow of the contents is promoted and the contents such as images, etc., of a shopping mall through the link to the web site are fraudulently or unlawfully appropriated.
  • numerous script kids using search engines, robots, web site mirroring tools, etc. are proliferated so that there is a possibility for general people to easily duplicate and unlawfully appropriate the contents, thereby leading to vulnerability of the web site to security threats as described above.
  • the present invention has been made in view of the above problems occurring in the prior art, and it is an object of the present invention to provide a web page protection method employing a security appliance and a set-up box having the security appliance built therein, in which a security appliance that is equipment for transparently ensuring web site security in terms of prevention of copy, capture, link, etc., of a web site being originally connected, or a set-up box having the security appliance built therein is connected to a front end of a web server so that when a user visits a web site to which the security appliance is applied, a browser plug-in (Active X, etc.) is automatically installed at a user terminal to allow the installed browser plug- in to prevent the unauthorized outflow of information due to an illegal access to a web page as well as various components within the web page.
  • a security appliance that is equipment for transparently ensuring web site security in terms of prevention of copy, capture, link, etc., of a web site being originally connected
  • DRM Digital Right Management
  • FIG. 1 is a block diagram illustrating the operational process of a web page protection system employing a security appliance and a set-up box having the security appliance built therein according to one embodiment of the present invention
  • FIG. 2 is a flow chart illustrating a web page protection process employing a security appliance and a set-up box having the security appliance built according to one embodiment of the present invention. Best Mode for Carrying Out the Invention
  • a web page protection method employing a security appliance and a set-up box having the security appliance built therein, the web protection method comprising the steps of: (a) allowing a user to request a web page to a web server through a web browser using a user terminal; (b) allowing a security appliance to check if security is established for a URL corresponding to the requested web page and to route the request for the web page to an actual web server if the security for the corresponding URL is not established and the requested web page is a general web page; (c) allowing the security appliance to check if the request for the web page is a request from a security client module to determine whether or not the request for the web page is a request by a security client, and to check a policy for the corresponding URL through the cooperative operation with an external server if it is determined that the request for the web is the request by the security client to thereby request the policy from an external policy server; (d)
  • the step (c) may further comprise the steps of: if it is determined that the request for the web is not the request by the security client, allowing the security appliance to route the request for the web page to a web page that loads a security client module; allowing the web browser to load the security client module from the routed web page; and allowing the loaded security client to re-request the corresponding web page and to permit the program to proceed to the previous step (b).
  • the step (c) may further comprise the steps of: (e) allowing the security appliance to request the web page that has the corresponding URL from the actual web server if the security appliance does not request the policy from the external policy server; (f) allowing the web server to process the requested web page and then transmit the processed web page to the security appliance; allowing the security appliance to check if security is established for the URL corresponding to the web page transmitted to the security appliance.
  • the step (g) may comprise allowing the security appliance to transmit the requested web page to the security client if it is checked that the security for the corresponding URL is not established.
  • the step (i) comprises allowing the web browser to process the web page transmitted to the web browser from the security client if it is checked that the security for the web page is not established.
  • FIG. 1 is a block diagram illustrating the operational process of a web page protection system employing a security appliance and a set-up box having the security appliance built according to one embodiment of the present invention.
  • the web page protection system employing a security appliance and a set-up box having the security appliance built includes a plurality of web servers 100, a security appliance administration terminal 200, a plurality of security appliance modules 300, a plurality of user terminals 400, a user cache 410, a switch 500, and an Internet network 600.
  • the security appliance modules 300 mounted at front ends of the web servers 100 transmit encrypted information about the user to a corresponding user terminal 400 to confirm the user s identity. If it is determined that the user who has accessed the web servers 100 is an unauthorized user, the security appliance modules 300 completely intercepts the access of the user terminal 400 to the web servers 100. On the other hand, if it is determined that the user who has accessed the web servers 100 is an authorized user, the user can use a corresponding web site connected to the web servers 100 through a switch 500 and the security appliance modules 300.
  • the security appliance management terminal 200 that manages a plurality of security appliance modules 300 stores and manages various information used by the user who has accessed the web servers 100 via the security appliance modules 300. That is, the security appliance management terminal 200 serves to manage information about billing identification/authentication control by web page, billing/authentication by component such as PDF, image, word, etc. Also, the authenticated user information is stored in the user cache 410, and is decrypted after authentication so as to perform the control of mouse, print, capture and source view.
  • the web page protection function is performed only by the direct connection of a security appliance to the front end of an existing web server and the simple settings of the security appliance even without any conventional modification of a web page.
  • a user who visits the web page can be provided with the same remaining operational environments except installation of the plug-in so that the web page protection system is applicable according to easy and simple installation thereof.
  • the check of billing, user identity and client PC IP/MAC is possible through the cooperative operation with a service provider (SP), the authentication of the web page can be performed in the unit of the web page URL, and other authentications depending on Intranet and Extranet is possible to enable its application to various authentication mechanisms.
  • SP service provider
  • FIG. 2 is a flow chart illustrating a web page protection process employing a security appliance and a set-up box having the security appliance built according to one embodiment of the present invention.
  • a user requests a web page to a web server through a web browser using a user terminal.
  • a security appliance checks if security is established for a URL corresponding to the requested web page and routes the request for the web page to an actual web server if the security for the corresponding URL is not established and the requested web page is a general web page.
  • the security server checks if the request for the web page is a request from a security client module to determine whether or not the request for the web page is a request by a security client, and checks a policy for the corresponding URL through the cooperative operation with an external server if it is determined at step S3 that the request for the web is the request by the security client to thereby request the policy at step S7.
  • step S3 if it is determined that the request for the web is not the request by the security client, the program proceeds to step S4 where the security appliance routes the request for the web page to a web page that loads a security client module, and then a web browser loads the security client module from the routed web page.
  • step S6 the loaded security client re-requests the corresponding web page, and then the program returns to the previous step S2.
  • step S9 if it is determined that the policy for the corresponding URL is not requested, the program proceeds to step S9 where the security appliance requests the web page from the actual web server.
  • step SlO the web server processes the requested web page and transmits the processed web page to the security appliance.
  • step SI l the security appliance receives the processed web page from the web server and checks if security is established for a URL corresponding to the received web page.
  • an external policy server processes the policy of the corresponding URL requested at step S7 and transmits a result of the processed policy to the security appliance.
  • the security appliance requests the web page that has the corresponding URL from the actual web server, and the program proceeds to step SlO where the web server processes the requested web page and transmits the processed web page to the security appliance.
  • the security appliance checks if security is established for a URL corresponding to the web page received from the web server. If it is checked at step SI l that the security for the corresponding URL is established, the program proceeds to step S 12 where the security encrypts the web page and sets a policy for the corresponding web page. On the other hand, if it is checked at step SI l that the security for the corresponding URL is not established, the program proceeds to step S 13 where the security appliance transmits the requested web page to the security client.
  • the security appliance transmits the web page requested at step Sl 1 to the security client, and then at step S 14, the security client checks if security is established for the web page transmitted to the security client. Then, the security client stores a policy for the web page if it is checked at step S 14 that the security for the web pate is established. On the other hand, if it is checked at step S 14 that the security for the web page is not established, the program proceeds to step S 16 where the web browser processes the web page transmitted from security client.
  • step S 15 the security client decrypts the web page encrypted at step S 14 and then transmit the decrypted web page to the web browser.
  • step S 16 the web browser to process the web page transmitted to the web browser from the security client.
  • a security appliance that is equipment for transparently ensuring web site security in terms of prevention of copy, capture, link, etc., of a web site being originally connected, or a set-up box having the security appliance built therein is connected to a front end of a web server so that when a user visits a web site to which the security appliance is applied, a browser plug-in (Active X, etc.) is automatically installed at a user terminal to allow the installed browser plug-in to prevent the unauthorized outflow of information due to an illegal access to a web page as well as various components within the web page.
  • a browser plug-in Active X, etc.
  • DRM Digital Right Management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de protection de page Web faisant intervenir un dispositif de sécurité, ainsi qu'un boîtier décodeur dans lequel est intégré ledit dispositif de sécurité. L'invention concerne plus particulièrement un procédé de protection de page Web dans lequel le dispositif de sécurité représenté par un équipement permettant d'assurer de manière transparente la sécurité d'un site Web en termes de prévention contre la copie, capture, liaison, etc., pour un site Web connecté, ou par un boîtier décodeur dans lequel est intégré le dispositif de sécurité, est connecté à une extrémité avant d'un serveur Web de façon que lorsqu'un utilisateur visite un site Web protégé par le dispositif de sécurité, un plugiciel de navigation (Active X, etc.) est automatiquement installé sur un terminal d'utilisateur pour empêcher le flux non autorisé d'informations dû à un accès illégal à une page Web et la présence de divers composants à l'intérieur de la page Web. Selon le procédé de l'invention, l'authentification d'utilisateur, les processus de facturation et l'interception de piratages divers de mémoire, réseau, mémoire cache, fichier, etc., sont assurés par combinaison d'une technique de gestion des droits numériques (DRM) et de sécurité de site Web. En outre, divers contenus gérés par la page Web peuvent aisément être utilisés sans l'introduction d'une solution DRM.
PCT/KR2006/002242 2006-01-04 2006-06-13 Procédé de protection de page web faisant intervenir un dispositif de sécurité et boîtier décodeur comprenant ledit dispositif de sécurité intégré WO2007078037A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020060000729A KR100683166B1 (ko) 2006-01-04 2006-01-04 안전서버 또는 안전서버가 탑재된 셋톱박스를 이용한 웹페이지 보호 방법
KR10-2006-0000729 2006-01-04

Publications (1)

Publication Number Publication Date
WO2007078037A1 true WO2007078037A1 (fr) 2007-07-12

Family

ID=38106451

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2006/002242 WO2007078037A1 (fr) 2006-01-04 2006-06-13 Procédé de protection de page web faisant intervenir un dispositif de sécurité et boîtier décodeur comprenant ledit dispositif de sécurité intégré

Country Status (2)

Country Link
KR (1) KR100683166B1 (fr)
WO (1) WO2007078037A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102523216A (zh) * 2011-12-15 2012-06-27 四川长虹电器股份有限公司 实现互联网电视浏览器安全访问互联网的系统及方法
CN102647425A (zh) * 2012-04-20 2012-08-22 汉柏科技有限公司 防火墙防木马功能的实现方法及系统
CN103118026A (zh) * 2013-02-01 2013-05-22 北京奇虎科技有限公司 显示网址安全鉴定信息的方法及装置
CN103473214A (zh) * 2013-09-06 2013-12-25 百度在线网络技术(北京)有限公司 一种页面文字的显示方法和装置
CN104965827A (zh) * 2014-04-25 2015-10-07 腾讯科技(深圳)有限公司 一种插件处理的方法、装置及终端

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100740682B1 (ko) * 2006-11-30 2007-07-19 (주)필라넷 로컬 피씨로의 데이터 저장을 방지하는 보안파일서버시스템및 그 방법과 그 방법에 대한 컴퓨터 프로그램을 저장한기록매체
KR100932847B1 (ko) 2007-06-26 2009-12-21 엔에이치엔(주) 복제 방지 방법 및 그 시스템

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005011061A (ja) * 2003-06-19 2005-01-13 Nec Fielding Ltd ホームページ改ざん攻撃からWebサーバを守る監視/運用システム,方法およびプログラム
US6868395B1 (en) * 1999-12-22 2005-03-15 Cim, Ltd. Business transactions using the internet
US6941368B1 (en) * 2000-05-31 2005-09-06 International Business Machines Corporation Protecting resource URLs from being served without a base web page
US6970849B1 (en) * 1999-12-17 2005-11-29 Microsoft Corporation Inter-server communication using request with encrypted parameter

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6970849B1 (en) * 1999-12-17 2005-11-29 Microsoft Corporation Inter-server communication using request with encrypted parameter
US6868395B1 (en) * 1999-12-22 2005-03-15 Cim, Ltd. Business transactions using the internet
US6941368B1 (en) * 2000-05-31 2005-09-06 International Business Machines Corporation Protecting resource URLs from being served without a base web page
JP2005011061A (ja) * 2003-06-19 2005-01-13 Nec Fielding Ltd ホームページ改ざん攻撃からWebサーバを守る監視/運用システム,方法およびプログラム

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102523216A (zh) * 2011-12-15 2012-06-27 四川长虹电器股份有限公司 实现互联网电视浏览器安全访问互联网的系统及方法
CN102647425A (zh) * 2012-04-20 2012-08-22 汉柏科技有限公司 防火墙防木马功能的实现方法及系统
CN103118026A (zh) * 2013-02-01 2013-05-22 北京奇虎科技有限公司 显示网址安全鉴定信息的方法及装置
WO2014117687A1 (fr) * 2013-02-01 2014-08-07 北京奇虎科技有限公司 Procédé et dispositif d'affichage d'informations d'évaluation de sécurité d'adresse web
CN103473214A (zh) * 2013-09-06 2013-12-25 百度在线网络技术(北京)有限公司 一种页面文字的显示方法和装置
CN104965827A (zh) * 2014-04-25 2015-10-07 腾讯科技(深圳)有限公司 一种插件处理的方法、装置及终端

Also Published As

Publication number Publication date
KR100683166B1 (ko) 2007-02-15

Similar Documents

Publication Publication Date Title
CN107209830B (zh) 用于识别并抵抗网络攻击的方法
CN102077208B (zh) 向应用程序集发放受保护内容的许可证的方法和系统
EP0940960A1 (fr) Authentification entre serveurs
US20070271599A1 (en) Systems and methods for state signing of internet resources
US20030163691A1 (en) System and method for authenticating sessions and other transactions
US20020032873A1 (en) Method and system for protecting objects distributed over a network
CN103944900A (zh) 一种基于加密的跨站请求攻击防范方法及其装置
KR20120128674A (ko) 안전한 동적 권한위임
CA2648997A1 (fr) Procede permettant d'assurer la securite d'application internet
CN103401885B (zh) 网络文档权限控制方法、装置及系统
WO2010003261A1 (fr) Filtrage de sécurité d'application web
JP6572750B2 (ja) 認証制御プログラム、認証制御装置、及び認証制御方法
WO2007078037A1 (fr) Procédé de protection de page web faisant intervenir un dispositif de sécurité et boîtier décodeur comprenant ledit dispositif de sécurité intégré
CN101222335A (zh) 一种应用系统间的级联认证方法及装置
JP5452192B2 (ja) アクセス制御システム、アクセス制御方法およびプログラム
CN113949566B (zh) 资源访问方法、装置、电子设备和介质
US8559637B2 (en) Securing information exchanged via a network
Kubovy et al. A secure token-based communication for authentication and authorization servers
US11716374B2 (en) Forced identification with automated post resubmission
US7421576B1 (en) Interception and modification of network authentication packets with the purpose of allowing alternative authentication modes
CN104811421A (zh) 基于数字版权管理的安全通信方法及装置
JP3877388B2 (ja) 情報提供システム
CN104506518A (zh) Mips平台网络系统访问控制的身份认证方法
KR20020083551A (ko) 멀티에이전트 기반 다단계 사용자 인증 시스템 개발과운용 방법
KR101962349B1 (ko) 인증서 기반 통합 인증 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS EPO FORM 1205A DATED 07.10.2008.

122 Ep: pct application non-entry in european phase

Ref document number: 06768840

Country of ref document: EP

Kind code of ref document: A1