WO2012068890A1 - Procédé et dispositif de contrôle de données d'internet de passerelle résidentielle - Google Patents

Procédé et dispositif de contrôle de données d'internet de passerelle résidentielle Download PDF

Info

Publication number
WO2012068890A1
WO2012068890A1 PCT/CN2011/077334 CN2011077334W WO2012068890A1 WO 2012068890 A1 WO2012068890 A1 WO 2012068890A1 CN 2011077334 W CN2011077334 W CN 2011077334W WO 2012068890 A1 WO2012068890 A1 WO 2012068890A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
filtering rule
filtering
home gateway
internet
Prior art date
Application number
PCT/CN2011/077334
Other languages
English (en)
Chinese (zh)
Inventor
朱靖飞
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012068890A1 publication Critical patent/WO2012068890A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9535Search customisation based on user profiles and personalisation

Definitions

  • the present invention relates to the field of communication technologies, and in particular, to a method and apparatus for controlling home network access data. Background technique
  • the Internet plays an increasingly important role in modern people's lives. However, it is undeniable that while the Internet brings people a convenient life, there are still many negative effects, such as: many unhealthy thoughts and content, etc. It has a lot of harm, especially in the growth of adolescents, it will have a deep impact. So there is a need for a way to protect people from the aggression of these unhealthy ideas and cultures.
  • the prior art realizes green Internet access by installing green Internet access software or external hardware filtering equipment on each Internet computer.
  • the disadvantage of the prior art is that it is necessary to install a green internet access software or an external hardware filtering device on each computer. For a case where multiple computers access the Internet through a local area network, there is a problem of complicated installation and high cost. Summary of the invention
  • the technical problem to be solved by the present invention is to provide a method and a device for controlling the data of the home gateway to solve the problem that the prior art needs to install the green internet software or the external hardware filtering device on each computer.
  • the present invention provides a method for controlling home network access data, and the method includes the following steps:
  • the filtering rule includes different levels, where different occasions correspond to different levels of filtering rules.
  • the filtering rule includes filtering rules for the website address and filtering the data content.
  • the present invention further provides an apparatus for controlling data of a home gateway Internet access, where the apparatus includes:
  • a configuration module configured to configure a filtering rule
  • a matching module configured to match the Internet data with a pre-configured filtering rule before the Internet data passes through the home gateway
  • the control module is configured to discard the uplink data when the online data and the filtering rule are successfully matched, and send or receive the online data when the online data fails to match the filtering rule.
  • the configuration module configures the filtering rules to be different levels, where different occasions correspond to different levels of filtering rules.
  • the configuration module configures the filtering rule, including configuring a filtering rule for a website address, a filtering rule of the data content, a filtering rule of the network game, and/or a filtering rule of the network chat software.
  • the device further includes:
  • a detecting module configured to: use the matching data in the online data with a preset filtering rule Before the matching is performed, the legality of the online data is detected.
  • the device further includes:
  • the upgrade module is configured to upgrade the filtering rule to implement reconfiguration of the filtering rule.
  • the invention can effectively filter the restricted data by filtering the data before the home gateway, and does not need to install the green internet software or the external hardware filtering device on each computer, and has the advantages of simple structure, convenient use and low cost. specialty.
  • FIG. 1 is a flow chart of a method for controlling home network access data in an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of an apparatus for controlling home network access data according to an embodiment of the present invention
  • FIG. 3 is a flow chart of configuring a configuration module in a device for controlling home network access data according to an embodiment of the present invention
  • FIG. 4 is a flowchart of upgrading an upgrade module in a device for controlling home network access data according to an embodiment of the present invention
  • FIG. 5 is a flowchart of another upgrade of an upgrade module in a device for controlling home network access data according to an embodiment of the present invention. detailed description
  • the present invention provides a method and a device for controlling the home gateway internet data, and the following is a combination of the drawings and the embodiments.
  • the invention is described in further detail. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
  • an embodiment of the present invention relates to a method for controlling home network access data, including the following steps: Step S101: Match the Internet data with the pre-configured filtering rule before the Internet data passes through the home gateway.
  • the filtering rule is mainly to define which packets can be banned, categorize and abstract the popular software, extract common features, and control (discard) the packets that are not allowed to pass. Filtering rules are divided into two categories according to their functions:
  • the first category hierarchical control; different occasions correspond to different levels of filtering rules. Different levels of filtering rules have different strengths. This can be used to limit different Internet users for different network applications.
  • the second category summarizes the filtering rules for commonly used Internet services.
  • the specific classification is as follows:
  • Website address filtering add some unhealthy website addresses to the blacklist, so when matching is detected, when it is detected that there is a request for the content of the website, it can be filtered;
  • Content filtering mainly analyzes the content of the online data, and compares and matches with the key words preset in the filtering rule to check whether there is matching content;
  • Network game filtering It is forbidden to play certain online games. You can compare and match the feature code or related port number in the message (online data) with the preset feature code or port number in the filtering rule to analyze the corresponding network. The game, according to the filtering rule, determines whether the message is allowed to pass;
  • Network chat software filtering For some instant chat software to be blocked, you can set some ports to be blocked in the filtering rules, and some chat software is prohibited from logging into the network.
  • Step S102 When the online data and the filtering rule are successfully matched, the online data is discarded; when the online data and the filtering rule fail to match, the online data is sent or received.
  • the matching success in this embodiment means that the Internet data includes content that prohibits sending network data in the filtering rule; when the matching mismatch data flows in:
  • the filtering device first detects the legality of the data packet (online data), and performs data packet according to whether the filtering rule is met. To discard or receive work, the steps are as follows:
  • Step 1 Receive a data packet (online data), and then submit the data packet to the filtering device.
  • Step 2 The filtering device detects the data packet and matches the filtering rule to check whether the data packet can be matched or not, and the data packet is received or discarded according to the rule; that is, when the matching succeeds, the data packet is discarded. ; When the match fails, the data message is received and processed. If the data packet is received and processed, the data packet is received normally.
  • the data is sent to the filtering device by the protocol stack, and the filtering system detects the data:
  • Step 1 The application layer constructs the data packet to be sent to the lower layer until it is delivered to the filtering device.
  • Step 2 The filtering device detects the data packet and matches the filtering rule to check whether it can match, and sends the data packet according to the rule or Discarding processing; that is, when the matching is successful, the data packet is discarded; when the matching fails, the data packet is sent and processed. If the data packet is sent for processing, the data packet is sent normally.
  • the filtering rules also need to be changed from time to time. Therefore, the filtering rules can be reconfigured by upgrading the filtering rules.
  • the filtering rule may also be set to allow only certain messages (messages that meet the filtering rules) to pass.
  • the online data and the filtering rule match successfully, the sending or receiving the Internet is sent. Data; When the online data and the filtering rule fail to match, the online data is discarded.
  • the embodiment of the present invention further relates to an apparatus for implementing the foregoing method for controlling data of a home gateway to access the Internet, including:
  • the configuration module 201 is configured to configure a filtering rule.
  • the matching module 202 is configured to match the Internet data with the pre-configured filtering rule before the Internet data passes through the home gateway.
  • the control module 203 is configured to discard the Internet data when the Internet data and the filtering rule are successfully matched, and send or receive the Internet data when the Internet data and the filtering rule fail to match.
  • the configuration module 201 configures the filtering rules to be different levels, and different levels of filtering rules are required in different occasions.
  • the configuration module 201 configures filtering rules, including configuring filtering rules for website addresses, filtering rules for data content, filtering rules for online games, and/or filtering rules for web chat software.
  • the filtering rule user can customize the configuration, add a new configuration or delete some customized configurations.
  • the configuration method uses the WEB page mode, and the user logs in to the configuration page corresponding to the filtering rule, and selects the corresponding category to configure.
  • the page provides a classification of different rules, such as website address class filtering, content filtering, and so on.
  • the specific process of configuring the module 201 for filtering rules is as follows:
  • Step 1 The PC (Personal Computer) user logs in to the WEB server through the WEB page, selects the configuration interface, performs configuration, constructs a new rule or deletes an existing rule.
  • PC Personal Computer
  • Step 2 The WEB server parses the flat configuration script, adds or deletes the configuration, and then sends it to the configuration module.
  • Step 3 Configure the module to build the configuration version, and send the configuration version to the programming sub-module for programming. After the programming sub-module is successfully programmed, the configuration module and the WEB server are used to push the successful configuration interface to the user.
  • the apparatus of this embodiment further includes:
  • the detecting module 204 is configured to detect, by the matching module 202, the validity of the Internet data before matching the Internet data with a preset filtering rule.
  • the upgrade module 205 is configured to upgrade the filtering rule to implement reconfiguration of the filtering rule.
  • the upgrade module 205 further includes an upgrade submodule and a programming submodule.
  • Upgrade configuration information can be upgraded through the home gateway configuration page or TR069 (full name CPE WAN management protocol).
  • 4 is a process of upgrading the upgrade module 205 through the configuration page of the home gateway: Step 1.
  • the user logs in to the WEB server through the WEB browser, selects the upgrade interface, and selects an upgrade version of the uploaded filter rule.
  • the WEB browser stores an upgraded version of the filtering rule, which uses the WEB page as a medium and is compatible with the existing home gateway configuration mode. On the WEB page, select the storage path of the version on the local hard disk, and then upload the upgrade version to the home gateway through POST.
  • the home gateway is connected by the WEB server through the WEB client.
  • the WEB server receives the upgrade version data and notifies the upgrade submodule to upgrade.
  • the WEB server supports WEB client access to the page, and can parse the solution, and execute the internal function module of the gateway according to the content of the script.
  • the WEB server needs to provide a version receiving module, and put the upgraded version content uploaded by the client POST mode into the temporary directory of the gateway for use in the next step of burning the upgraded version.
  • Step 3 After the upgraded sub-module receives the upgraded version, the upgrade sub-module sends the upgraded version to the programming sub-module for programming.
  • the programming sub-module is responsible for programming the upgraded version, mainly the FLASH erase and write work. First, read the temporary storage path of the received version agreed with the WEB server, then read the version content, and perform the programming. After the programming is completed, the upgrade sub-module and the WEB server push the programming success interface to the user.
  • Step 1 The user logs in to the TR069 server through the TR069 client, selects a parameter tree interface (corresponding configuration interface), and configures an upgraded version of the uploaded filtering rule. Contents such as the version path;
  • Step 2 The TR069 server interacts with the TR069 client and follows the TR069 protocol with the board.
  • the TR069 server notifies the upgrade sub-module, and provides information such as the path parameter of the code version, and the upgrade module notifies the upgrade sub-module to perform the upgrade;
  • Step 3 The upgrade sub-module starts the wget program to download the version to the home gateway.
  • the device for controlling the home gateway Internet data in this embodiment can be externally connected to the home gateway (called a USB watchdog) through a USB interface, and is similar to the U-KEY device provided by the online banking, and is inserted into the home gateway. Perform online data filtering.
  • the device in this embodiment can also use other data interfaces to transmit data on the Internet with the home gateway.
  • the device can also be built in the home gateway to implement the object of the present invention in hardware or software.
  • the USB watchdog has internal network data filtering rules.
  • the driver module that reads and filters these filtering rules needs to be added inside the home gateway. Only the packets that meet certain conditions will be released or received by the protocol stack. In this way, the network packets passing through the gateway will be filtered first, and only the packets matching the filtering rules will be passed or prohibited.
  • the filtering rules in the USB watchdog can be upgraded by configuring the software to update the filtering rules. If the USB watchdog is not inserted on the gateway, the Internet service is disabled. Only when the USB watchdog is inserted, the Internet service can be enabled. The USB watchdog also needs to be classified and applied to different occasions.
  • the invention can effectively filter the restricted data by filtering the data before the home gateway, and does not need to install the green internet software or the external hardware filtering device on each computer, and has the advantages of simple structure, convenient use and low cost. specialty.
  • the invention can effectively filter the restricted data by filtering the data before the home gateway, and does not need to install the green internet software or the external hardware filtering device on each computer, and has the advantages of simple structure, convenient use and low cost. specialty.

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé et un dispositif de contrôle de données d'Internet d'une passerelle résidentielle, servant à résoudre le problème de l'art antérieur exigeant l'installation du logiciel Internet Green Dam ou de dispositifs de filtrage matériels externes sur chaque ordinateur personnel. La présente invention permet de filtrer efficacement les données interdites en filtrant les données d'Internet avant qu'elles ne traversent la passerelle résidentielle, sans qu'il soit nécessaire d'installer le logiciel Internet Green Dam ou des dispositifs de filtrage matériels externes sur chaque ordinateur personnel, et elle a pour caractéristique d'être une structure simple, commode à utiliser et de coût réduit.
PCT/CN2011/077334 2010-11-23 2011-07-19 Procédé et dispositif de contrôle de données d'internet de passerelle résidentielle WO2012068890A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010554986.9 2010-11-23
CN2010105549869A CN102480437A (zh) 2010-11-23 2010-11-23 一种对家庭网关上网数据进行控制的方法及装置

Publications (1)

Publication Number Publication Date
WO2012068890A1 true WO2012068890A1 (fr) 2012-05-31

Family

ID=46092921

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/077334 WO2012068890A1 (fr) 2010-11-23 2011-07-19 Procédé et dispositif de contrôle de données d'internet de passerelle résidentielle

Country Status (2)

Country Link
CN (1) CN102480437A (fr)
WO (1) WO2012068890A1 (fr)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932555A (zh) * 2012-12-03 2013-02-13 南京安讯科技有限责任公司 一种快速识别手机客户端软件的方法和系统
CN103124226A (zh) * 2012-12-03 2013-05-29 深圳市共进电子股份有限公司 一种家庭宽带上网监控系统及方法
CN103618733B (zh) * 2013-12-06 2017-06-27 北京中创腾锐技术有限公司 一种应用于移动互联网的数据过滤系统及方法
CN103714160B (zh) * 2013-12-27 2016-08-24 北京像素软件科技股份有限公司 一种网络游戏中敏感词过滤方法及系统
CN104159154B (zh) * 2014-07-22 2018-12-25 小米科技有限责任公司 多媒体播放方法、装置和系统
CN105634835B (zh) * 2014-10-27 2018-12-25 任子行网络技术股份有限公司 一种上网数据的云审计方法、系统以及审计路由器
CN105991646A (zh) * 2016-01-15 2016-10-05 孟莉 一种家用网络多媒体系统
CN106997363A (zh) * 2016-01-26 2017-08-01 华为技术有限公司 一种数据处理方法和设备
CN106254361A (zh) * 2016-08-12 2016-12-21 上海斐讯数据通信技术有限公司 一种无线传输设备的网址过滤方法
CN106385450A (zh) * 2016-09-13 2017-02-08 宇龙计算机通信科技(深圳)有限公司 数据过滤方法及系统
CN107870950A (zh) * 2016-09-28 2018-04-03 深圳市中兴微电子技术有限公司 一种对恶意网站进行过滤的方法及装置
CN112994925A (zh) * 2020-11-19 2021-06-18 上海亿狮摩信息技术有限公司 应用于家庭网络的上网管控装置及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1437361A (zh) * 2002-02-07 2003-08-20 华为技术有限公司 基于网络地址的网络访问控制的方法
KR20060026666A (ko) * 2004-09-21 2006-03-24 주식회사 케이티 아이피-기반 스팸메일 차단 시스템 및 그 방법
CN1815971A (zh) * 2005-02-03 2006-08-09 杭州华为三康技术有限公司 基于集中管理分布控制的绿色上网系统及方法
CN101267304A (zh) * 2007-03-13 2008-09-17 华为技术有限公司 一种上网权限控制方法、装置及系统
CN101834846A (zh) * 2010-03-30 2010-09-15 王兴强 一种未成年人健康网站认证系统及其认证方法

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571361A (zh) * 2004-05-09 2005-01-26 北京联信永益科技有限公司 宽带接入安全及控制保障系统及其方法
CN1728646A (zh) * 2004-07-31 2006-02-01 华为技术有限公司 一种通讯系统中网络访问控制的实现方法和装置
CN100484021C (zh) * 2005-04-30 2009-04-29 华为技术有限公司 实现家庭网络管理的方法和设备
CN1863211A (zh) * 2006-03-23 2006-11-15 华为技术有限公司 内容过滤系统及其方法
CN101106748A (zh) * 2006-07-11 2008-01-16 华为技术有限公司 一种移动网络的内容过滤系统、装置及方法
CN101141243A (zh) * 2006-09-08 2008-03-12 飞塔信息科技(北京)有限公司 一种对通信数据进行安全检查和内容过滤的装置和方法
CN100571216C (zh) * 2007-03-06 2009-12-16 中兴通讯股份有限公司 网络访问控制方法及系统
CN100558089C (zh) * 2007-06-08 2009-11-04 北京工业大学 一种基于网络过滤器的内容过滤网关实现方法
CN101262353A (zh) * 2008-04-30 2008-09-10 杭州华三通信技术有限公司 过滤网址的通信方法、装置及系统
CN101515868A (zh) * 2009-03-31 2009-08-26 华为技术有限公司 一种网络权限管理方法、装置和系统
CN101656734A (zh) * 2009-09-17 2010-02-24 中兴通讯股份有限公司 一种家庭网关及其过滤内容的方法
CN101795272B (zh) * 2010-01-22 2012-09-19 北京网御星云信息技术有限公司 非法网站过滤方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1437361A (zh) * 2002-02-07 2003-08-20 华为技术有限公司 基于网络地址的网络访问控制的方法
KR20060026666A (ko) * 2004-09-21 2006-03-24 주식회사 케이티 아이피-기반 스팸메일 차단 시스템 및 그 방법
CN1815971A (zh) * 2005-02-03 2006-08-09 杭州华为三康技术有限公司 基于集中管理分布控制的绿色上网系统及方法
CN101267304A (zh) * 2007-03-13 2008-09-17 华为技术有限公司 一种上网权限控制方法、装置及系统
CN101834846A (zh) * 2010-03-30 2010-09-15 王兴强 一种未成年人健康网站认证系统及其认证方法

Also Published As

Publication number Publication date
CN102480437A (zh) 2012-05-30

Similar Documents

Publication Publication Date Title
WO2012068890A1 (fr) Procédé et dispositif de contrôle de données d'internet de passerelle résidentielle
US20210392122A1 (en) Network connection automation
US8281363B1 (en) Methods and systems for enforcing network access control in a virtual environment
EP2606606B1 (fr) Protéger des points terminaux contre des attaques 'spoofing'
JP3829794B2 (ja) 情報処理装置、サーバクライアントシステム、および方法、並びにコンピュータ・プログラム
US8713665B2 (en) Systems, methods, and media for firewall control via remote system information
US9471769B2 (en) Method and device for controlling access to a computer system
US11190407B2 (en) Internet of things device discovery and configuration
KR20060047551A (ko) 네트워크 검역을 제공하기 위한 방법 및 시스템
RU2498398C2 (ru) Система и способ эффективной реализации улучшенного маршрутизаторного устройства
US10812680B2 (en) System and method for securely accessing, manipulating and controlling documents and devices using natural language processing
WO2023151354A2 (fr) Procédé et système de transmission de données, et premier terminal, dispositif de réseau intermédiaire et dispositif de commande
KR20100046171A (ko) 전기 장치 구성 시스템 및 방법
CN102299834A (zh) 局域网数据共享方法、设备及系统
CN115462109A (zh) 对附件设备资源的安全访问
JP4824100B2 (ja) 機器の種類に基づいたネットワーク管理方法、ネットワーク管理装置、プログラム
US20130073844A1 (en) Quarantine method and system
CN101340275B (zh) 数据卡及其数据处理和传输方法
US20050188063A1 (en) Modifying a DHCP configuration for one system according to a request from another system
CN111953508A (zh) 设备控制方法、装置、交换机及电子设备
WO2022214019A1 (fr) Procédé et appareil de déploiement d'un dispositif de réseau et dispositif, système et support de stockage
US20150007254A1 (en) Ip-free end-point management appliance
Cisco Troubleshooting
CN114710300B (zh) 一种新型的Windows远程安全防护方法
US11157609B1 (en) Apparatus, system, and method for secure execution of unsigned scripts

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11842834

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11842834

Country of ref document: EP

Kind code of ref document: A1