WO2012077944A9 - 네트워크 패킷을 이용한 공유 단말 구분 시스템 및 처리 방법 - Google Patents
네트워크 패킷을 이용한 공유 단말 구분 시스템 및 처리 방법 Download PDFInfo
- Publication number
- WO2012077944A9 WO2012077944A9 PCT/KR2011/009351 KR2011009351W WO2012077944A9 WO 2012077944 A9 WO2012077944 A9 WO 2012077944A9 KR 2011009351 W KR2011009351 W KR 2011009351W WO 2012077944 A9 WO2012077944 A9 WO 2012077944A9
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- packet
- server
- authentication
- internet
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
- H04M15/41—Billing record details, i.e. parameters, identifiers, structure of call data record [CDR]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
- H04M15/43—Billing software details
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
- H04M15/70—Administration or customization aspects; Counter-checking correct charges
- H04M15/765—Linked or grouped accounts, e.g. of users or devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M15/00—Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
- H04M15/70—Administration or customization aspects; Counter-checking correct charges
- H04M15/765—Linked or grouped accounts, e.g. of users or devices
- H04M15/7652—Linked or grouped accounts, e.g. of users or devices shared by users
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
- H04L12/1403—Architecture for metering, charging or billing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
- H04L12/1432—Metric aspects
- H04L12/1435—Metric aspects volume-based
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Definitions
- the present invention relates to a system and method for authenticating, monitoring and managing all terminals using the Internet connected to a wired / wireless network, and inserting terminal identification values for all terminals using the Internet, and identifying the inserted terminal.
- the terminal authenticates the terminal by reading and analyzing the value, and monitors and manages the shared terminal by connecting multiple terminals to a single line.
- the OS sets cookie values, such as the registry value of the OS referenced by the web browser, the location of the configuration file, or other cookie information, so that the terminal connected to the Internet can include the terminal identification value in the cookie of the HTTP header.
- a management server, a billing server which distinguishes a basic line from an additional line and charges the additional line through a terminal authentication technique of inserting a terminal identification value into all the referenced media and extracting and analyzing the terminal identification value of an HTTP header.
- the present invention relates to a shared terminal management system and processing method including a central server, a central authentication G / W server, and a proxy server.
- a plurality of client subscribers frequently use a network sharing device such as an IP sharer to configure a network address NAT (NAT) on one public IP.
- a network sharing device such as an IP sharer to configure a network address NAT (NAT) on one public IP.
- NAT network address NAT
- the present invention is proposed to solve the conventional technical problems as described above, by analyzing the traffic to determine the actual number of clients per line to determine whether to use NAT, analysis of the number of shares and detection methods, etc. If the client uses the Internet, analyze the mirrored traffic in the environment that can monitor the corresponding traffic, and determine whether NAT is used by the client that configures and uses the private network in addition to the authorized IP, and analyzes and detects the number of shares. It aims to selectively allow and block data when private IP users connect to the Internet at the same time by establishing a policy using data from the database.
- the number of users to be shared is selected based on a predetermined time, such as the average or maximum number of terminals used by the users of the routers detected through the analysis and detection of the number of shared users.
- a system for authenticating a terminal and providing Internet access to a basic line and an additional line comprising: a management server, a billing server, a central server, a central authentication G / W server And a proxy server, charged for the additional line, the additional line using a router, connecting a router and a hub, connecting using a VPN device with a sharing function, or VPN only.
- a terminal management system for detecting the remaining terminals other than the basic terminal among the terminals used by connecting a plurality of terminals using a method such as using the equipment.
- the terminal classification system includes a management server for analyzing the traffic of subscribers to detect router users, a charging server for determining the number of router users and the number of users, a central server for providing marketing data, and a central authentication G / for managing and interworking authentication information. It consists of W server, proxy server that manages and interlocks with customer DB.
- the configuration for detecting the router user of the management server includes a subscriber line authentication unit for identification of all subscribers using the Internet, a packet collection unit for detecting a GET packet of HTTP, and a header of a GET packet for requesting a web page.
- a secondary packet analyzer an identification packet transmitter for generating and transmitting a response packet for a GET packet requesting a web page so that an identification value can be inserted into a terminal, and a secondary packet for analyzing a GET packet requesting an element of a web page Analysis unit, element packet transmission unit for generating and transmitting response packet for GET packet requesting element of web page, subscriber authentication data for analyzing / dividing / managing terminal, IP and URL ,
- a data management unit for managing all data including a terminal identification value, a terminal and a terminal using a plurality of terminals connected to one line
- the shared terminal sorting system comprising: a terminal configured to determine to determine the number is provided.
- the subscriber line authentication unit, IP-ID, IP-Mac, IP in real-time interworking with the integrated authentication system that manages IP-ID, IP-Mac information that can know who the IP in the case of the network subscriber of the authentication section -Collect / manage CMMac to centralized G / W server and periodically collect IP-Mac and Port-Mac managed by specific equipment such as router, switch, L3, L2, DHCP for network subscribers Collect / manage the central authentication G / W server in the form of equipment name-Mac so that it can be used as authentication data, classify the authentication data stored in the central authentication G / W server into IP bands
- the authentication information is divided and transmitted to the authentication processing engine of the management server, and the received authentication data is managed in real time in the memory managed by the authentication processing engine of the management server. It prepares to respond authentication information in real time when pick is entered, and extracts IP by analyzing user's packet through traffic through mirroring, and authenticates in real time by using authentication information of authentication
- the packet collecting unit collects only the GET packets necessary for analysis among all the monitored traffic.
- the first packet analyzing unit is a section for analyzing a header of a GET packet requesting a web page, and compares / analyzes authentication information of the subscriber line authentication unit with data managed by the data management unit for the collected packet. It is determined whether the terminal has inserted the identification value, and passes the process to the identification packet transmitter to insert the identification value according to the result, extracts the header of the GET packet collected by the packet collector, and analyzes the terminal identification value. The process is terminated according to the result, and the terminal may be processed by the secondary packet analyzer which analyzes the GET packet for the element request in the web page requested by the terminal.
- the identification packet transmission unit is a section for generating and transmitting a response packet to a GET packet so that the identification value can be inserted into the terminal.
- the identification packet transmitter inserts the terminal identification value into a cookie of a packet header to be generated, and the terminal is inherently Inserting client script and HTML-syntax that can be interpreted by web browser into packet body to be re-requested to destination address (Destination IP or URL) to request, or identifying terminal by script of client or server side
- Destination IP or URL destination address
- the terminal which added the information for managing the identification value, the web browser of the terminal receiving the response packet analyzes the packet, inserts the terminal identification value into the location where the cookie information of the OS referred to by the web browser is stored, and then originally requests the server. Re-requesting or accessing the URL of the created web page in the step of inserting the terminal identification value into the cookie and inserting the terminal identification value into the cookie.
- the data management unit to manage the authentication information, the original request destination server or IP and URL information about the specific web page address and the terminal identification value in a set,
- the secondary packet analyzer is a section for analyzing a GET packet for requesting an element of a web page.
- the secondary packet analyzer analyzes whether the terminal is analyzed by the primary packet analyzer, and analyzes whether the packet is a GET packet by the element packet transmitter. Accordingly, the process passes the process to the element packet transmitter for requesting a specific element from the terminal, and analyzes the packet header, and passes the process to the identification packet transmitter for inserting the terminal identification value according to the analysis result. It is done.
- the element packet transmission unit is a section for generating a response packet for a GET packet for requesting elements of a web page including an image, a client script, a CSS, and a flash that constitutes a web page. Analyzing whether the packet is a packet, generating a response packet according to the analysis result, and generating a syntax written in a language that can be interpreted by a web browser together with a syntax for allowing a corresponding terminal to re-request an element originally requested.
- the terminal determiner, by analyzing the information managed by the data management unit, characterized in that for determining the number of each terminal and the number of terminals in the network environment using a plurality of terminals in one Internet line.
- the management server may be configured to include a terminal identification value in the HTTP header or packet when the terminal uses the Internet for extraction and analysis of cookie values of HTTP headers when the terminal connected to the Internet is connected to the Internet.
- the terminal inserts the terminal identification value into all media that the OS refers to, including the registry value or configuration file of the OS referred to by the web browser, or the location where other cookie information is stored.
- an insertion / analysis technique firstly, when accessing a site having a specific domain, a technology of inserting a terminal identification value into the cookie of the terminal and re-reading and analyzing the same as if inserted at the corresponding site, and secondly, a domain without a domain setting, Even if a connection is made, the terminal inserts the terminal identification value as if it was inserted from the corresponding unspecified site which the user wanted to access, and reads and analyzes the third time. Even if the system is connected, the system uses a technique of reading and analyzing the cookies planted on the site for the first time.
- the method for processing a shared terminal includes detecting a sharer user by determining whether a sharer is used through a share terminal classification system, selecting a share target by examining the average number of use terminals of the detected sharer users for a predetermined period of time, and selecting the share target. Transmitting a three-stage notification requesting to subscribe to an additional terminal service, receiving a request for subscription to an additional terminal service if the person sharing the request for additional terminal service subscription, or if the target party refuses to subscribe to the additional terminal service. Include steps to block the Internet for shared lines And it characterized in that.
- the step of selecting the share targets by examining the detected average number of users of the router user for a predetermined period of time, such as the case of more than 10 by calculating the average number of shared terminals for a period of the past one month based on the recent line usage date. Characterized by selecting a user to be shared by establishing a reference policy for screening the target,
- the step of transmitting a three-step notification requesting to subscribe to the additional terminal service the first step in the public announcement step to send a notification informing the use of the additional shared terminal in accordance with the violation of the terms and conditions, and to subscribe to the additional terminal service, and the second step Notification of the blocking date and a notice to recommend additional terminal service subscription within the relevant period, and the notification of blocking information to all other shared terminals except the basic subscription line and one additional line provided in the third step.
- the blocking notification is provided in the sharing terminal processing method, characterized in that configured to transmit the notification during the notification transmission policy reference day of each step.
- the present invention it is possible to easily grasp the usage status and the sharing amount of the line, and it is possible to enable the Internet service provider to equally provide the right to use the line to all subscribers.
- IP information of the detected user is databased, the unauthorized user can be tracked, the web can be blocked, or the user can be charged. Therefore, from an economic point of view, by billing for the amount of traffic caused by a plurality of hosts in each subscriber, Internet service providers can cover the cost of loss due to moral use, and it is also possible to return the right service to service subscribers.
- FIG. 1 is a block diagram showing the overall configuration of a shared terminal classification system according to the present invention.
- FIG. 2 is a diagram illustrating a configuration according to a local node and a center node of the shared terminal classification system.
- FIG. 3 is a flowchart illustrating an entire process of performing a terminal authentication method.
- FIG. 4 is a flowchart illustrating a process of inserting a terminal identification value in the form of a cookie into a terminal in a terminal authentication method.
- FIG. 5 is a flowchart illustrating a process of reading and analyzing a terminal identification value of a cookie type inserted into a terminal in the terminal authentication method.
- FIG. 6 is a flowchart illustrating an example of inserting a cookie type terminal identification value into a terminal and a process of reading and analyzing a terminal type identification value of a cookie type inserted into the terminal. to be.
- FIG. 7 is a configuration diagram showing a schematic configuration of a shared terminal classification system.
- FIG. 8 is a diagram illustrating a procedure of performing a terminal management method of a shared terminal classification system.
- FIG. 9 is a configuration diagram illustrating a configuration in which a wired / wireless router and a hub are connected and used.
- FIGS. 10 and 11 are diagrams illustrating a configuration of connecting using a VPN device with a sharing function.
- FIG. 12 is a diagram illustrating an example of a web block notification screen when an additional line is blocked.
- FIG. 13 is a diagram illustrating a format of an HTTP request message including a terminal identification value in the form of a cookie.
- FIG. 14 is a diagram illustrating a format of an HTTP response message for inserting a terminal identification value in the form of a cookie into a terminal.
- Shared terminal classification system is a network environment that can monitor and analyze the traffic of all the line subscribers using the Internet connected to the broadband network, to identify and manage terminals sharing multiple terminals on one Internet line
- the shared terminal classification system for analyzing the traffic of the subscriber, the management server for detecting router users, the charging server for determining the number of router users and the number of users, the central server for providing marketing data, centralized to manage and interwork authentication information It consists of an authentication G / W server and a proxy server that manages and cooperates with a customer DB.
- the configuration for detecting a router user of the management server includes a subscriber line authentication unit for identifying all subscribers using the Internet and a GET of HTTP.
- Packet collector for detecting packets, primary for analyzing headers of GET packets requesting web pages
- Packet analysis unit identification packet transmission unit for generating and transmitting response packet for GET packet requesting web page so that identification value can be inserted into terminal
- secondary packet analysis for analyzing GET packet requesting element of web page Part
- an element packet transmitter for generating and transmitting a response packet for a GET packet requesting an element of a web page to request a specific element
- subscriber authentication data for analyzing / dividing / managing a terminal, IP and URL
- terminal identification It comprises a data management unit for managing all data including the value, a terminal to connect the terminal to a plurality of terminals in a single line, and a terminal determination unit for determining the number of terminals.
- the shared terminal processing method for managing terminals sharing multiple terminals on one Internet line includes: Determining the use of the router through the terminal classification system to detect the user of the router, selecting a share target by surveying the average number of used terminals of the detected router users for a certain period of time, and registering additional terminal services for the selected share target. Transmitting the requested three-stage notification, receiving an additional terminal service subscription request if the sharing party requests subscription of the additional terminal service, and blocking the Internet for the corresponding shared line if the sharing party refuses to subscribe to the additional terminal service. It includes a step.
- FIG. 1 is a block diagram showing the overall configuration of a shared terminal classification system according to the present invention.
- the system of the present invention is a center capable of managing and controlling local nodes configured at various locations through a network and a local node analyzing traffic at a location capable of monitoring the total traffic of Internet subscribers. It can be configured as a node, the regional node is composed of a billing server and L2 switch, including the management server, the center node is composed of L4, L2 switch and central authentication G / W server, central server, proxy server, etc.
- the management server billing server, central authentication G / W server, the central server and proxy server may further include a storage, a management console standby server, the management server is generated by the Internet subscribers of the region Since one or more can be configured according to the traffic amount, the shared terminal classification system of the present invention is limited thereto. It is not.
- FIG. 2 is a diagram illustrating a configuration according to a local node and a center node of the shared terminal classification system, and illustrates a configuration of a server for each node.
- the local node is specifically an Internet Service Provider (ISP), a Multiple System Operator (MSO), or a General Cable Operator.
- ISP Internet Service Provider
- MSO Multiple System Operator
- SO-System Operator A unit that divides the entire area into several units so that a company that sells Internet lines to subscribers can receive traffic from all subscribers.
- Yeoksam-dong, Samsung-dong, Yangjae-dong Gangnam node that receives the traffic of subscribers living in the region can be designated as one regional node.
- the proxy server receives the Internet subscriber information, that is, the customer information DB, and the subscriber IP band for each local node from the ISP.
- the proxy server subscribes to the Internet line, terminates the Internet line, subscribes to additional terminal services, and additional terminals. It is a function to receive the history of service cancellation etc. in real time and to transfer the router user history information collected from the billing server to the ISP company.
- the central authentication G / W server interlocks with the ISP company's authentication system and receives the authentication information of Internet subscribers and sends them to the management server of each local node.
- the central server uses the router user's history based on the router user history information collected from the billing server.
- the customer DB management and CRM pages are provided to the ISP, and the notification policy is selected by selecting the target of sharing, that is, the notification transmission target.
- the billing server receives the customer information DB of the subscriber in the local node from the proxy server, updates the local node customer DB, collects the notification policy from the central server, and collects the router user history information from the management server.
- the management server collects Internet subscriber's authentication information from the central authentication G / W server, collects the notification policy from the charging server, monitors and analyzes the subscriber's traffic, detects the router user, and based on the notification policy collected from the charging server. The router user is notified of the transmission, and the detected router user history information is transmitted to the charging server.
- the notification policy is a policy regarding notification transmission for subscribers determined as the user of the router.
- the notification policy includes information about which notifications are sent to which subscribers and how many times a day for a specific period of time.
- Information for identifying the subscriber is composed of the Internet subscription ID, IP address, when monitoring the traffic can determine the ID of the subscriber by matching the IP of the traffic and IP of the authentication information.
- the CRM page is mainly used when the router user recognizes the notification sent from the additional terminal system and inquires the ISP customer service, and inquires the subscriber's ID, the daily router usage for the subscriber, the average number of terminals, You can check the information related to the router usage history, such as the maximum number of terminals and whether or not you are currently notified of the notification.
- the above-mentioned subscriber IP bands for each regional node are information by dividing available IP bands of all Internet subscribers by region. When interworking with the line authentication information, the authentication information is transmitted to the management server of which region.
- FIG. 3 is a flowchart illustrating a process of a terminal authentication method, which illustrates a process of a terminal authentication method for determining a user configuring a router or a NAT and determining the number of shared terminals.
- the traffic of the terminal using the Internet is mirrored to identify the subscriber by verifying subscriber line authentication, that is, the Internet subscription ID of the IP being used through the subscriber line authentication unit (step S21).
- the GET packet is collected from the packets collected by the packet collecting unit (step S22).
- the collected GET packet is analyzed to determine whether a page element is requested and classified into a primary packet analyzer and a secondary packet analyzer according to the type (step S23), where Element is an image constituting a web page and a client script. It refers to the components that users can recognize by composing web pages such as CSS, Cascading Style Sheets, and Flash.
- the first packet analyzer is a section that analyzes the header of the GET packet requesting a web page.
- the collected packet compares the authentication information of the subscriber line authentication unit with the data managed by the data manager and the corresponding terminal has already analyzed the data manager. If it is determined whether the terminal is managed in the terminal, that is, whether or not the terminal has previously inserted the terminal identification value, if the terminal has not inserted the identification value transfer the processing step to the identification packet transmitter to insert the identification value to the terminal. If the terminal has inserted the identification value, the process proceeds to the step of analyzing the terminal identification value (step S24), and extracts the header of the GET packet collected by the packet collector to determine the terminal identification value if the terminal identification value is included. Analyze and update the data managed by the data management department. If the identification value is not included, the process is Rather than proceeding further, the secondary packet analyzer is processed when the element of the web page is requested to the terminal (steps S25, S26, S27).
- the secondary packet analyzer is a section for analyzing a GET packet requesting an element of a web page.
- the secondary packet analyzer determines whether the terminal is analyzed by the primary packet analyzer for the corresponding packet, and terminates the process if the terminal is not analyzed (step S28). If the terminal is analyzed, it analyzes whether it is a GET packet by the element packet transmitter, and if it is not a GET packet by the element packet transmitter, passes the processing to the element packet transmitter to request an element of a specific URL (step S29).
- the packet header is extracted and the identification value is analyzed. If the identification value exists, the data management unit updates the data managed. If not, the process is processed by the identification packet transmitter. It is then possible to insert the terminal identification value to the terminal (steps S30 and S31).
- the identification packet transmitter generates and transmits a response packet to the request packet to insert a cookie type terminal identification value into the terminal, and inserts the information on the terminal and inserted into the terminal so that the data manager can manage the corresponding packet.
- the identification value is stored (step S32).
- the element packet transmitter is inserted into the cookie store of the terminal by the identification packet transmitter to read a terminal identification value accessible only from a specific domain (URL or IP), and includes a response for requesting an element of the specific domain.
- a packet is generated and transmitted (step S33).
- FIG. 4 illustrates a process of inserting a terminal identification value in the form of a cookie into a terminal in a terminal authentication method, and proceeding to insert the terminal identification value into a corresponding terminal among processing contents of each analyzer and the transmitter. Indicated.
- the terminal authentication system when an access request is made to a specific site, the terminal authentication system mirrors and analyzes the corresponding packet, and generates and transmits a response packet in which the identification value of the terminal is inserted. Is stored / managed through the management unit, and the response packet thus prepared is transmitted to the terminal, and the terminal inserts the terminal identification value included in the response packet into the cookie storage of the OS.
- FIG. 5 illustrates a process of reading and analyzing a terminal identification value of a cookie type inserted into a terminal in a terminal authentication method, and illustrating a process of extracting an identification value inserted into a terminal.
- FIG. 6 illustrates an example of a terminal authentication method
- the process (A) is a process of inserting a terminal identification value accessible only from A.com to the cookie storage of the terminal when the terminal accesses A.com.
- FIG. 7 illustrates a configuration of adding a tap and aggregation switch to an internet connection line connected to a user and a router as a schematic configuration of a shared terminal classification system
- FIG. 8 illustrates a router detection and configuration according to the configuration of FIG. 7. It shows a service processing process for the additional terminal.
- the aggregation switch is added to the Internet line connected to the broadband network according to the network environment and the amount of traffic used by the Internet subscriber station. Collects all traffic from devices that can mirror other traffic, sends this collected traffic to the management server, and analyzes all packets received from the aggregation switch at the management server to form a cookie for Internet subscribers
- the charging server determines the router user based on the received terminal identification value information and detects the correct number of shared terminals.
- the management server analyzes the HTTP GET packets of all terminals connected to the Internet, generates a response packet in which a terminal identification value in the form of a cookie is inserted, and transmits the response packet to the corresponding terminal.
- authenticating the terminal and analyzing the data according to the terminal it is possible to check the router user information such as whether the router is used or not.
- the billing server is a router user determination function, the number of shared terminal detection function, the function of transmitting the router user information to the central server and the proxy server, IP router service promotion notification sending function, IP router service sanction notification sending function, IP router The service blocking notice sending function, the unsubscribed line user web blocking function, and the web router unblocking function when joining the IP router service are performed.
- the billing server transmits router user detection information to the central server and the proxy server regularly, for example, once a day, and includes related charges such as the amount of packets transmitted, the total amount of traffic used, and the number of shared terminals. It may also be provided with a function for storing information and charging based on them, and terminating the charging when the corresponding shared terminal releases the Internet connection.
- the central server and the proxy server separately store the IP router detection results in a database and store them in the DB server.
- the stored data is used by the central server to provide a link to the router detection history in the proxy server.
- FIG. 8 illustrates an example of a procedure for performing a method of managing a terminal of a system for identifying a shared terminal, and analyzes packets by mirroring traffic of a broadband network from a tap, inserts a terminal identification value in the form of a cookie into an Internet subscriber terminal, By analyzing the identification value, the share judges the user, analyzes the number of shared terminals of the user determined as the sharer user, and transmits router user detection information such as whether the sharer is used and the number of share terminals to the proxy server and the central server once a day.
- Providing CRM for marketing data at the central server promoting additional terminal services and joining notices, sending sanctions notices, blocking notices, and blocking the web of unsubscribed line users. The following describes a procedure for releasing web blocking when subscribing to a terminal service.
- FIG. 9 is a diagram illustrating a configuration in which a wired / wireless router and a hub are connected to each other.
- the method of connecting the router and the hub is in the form of a general router and means that a plurality of users access the Internet through a wired / wireless router.
- the router can be detected and the number of additional terminals can be confirmed.
- FIGS. 10 and 11 are diagrams illustrating a configuration of connecting using a VPN device with a sharing function.
- the method of connecting using a VPN device including a sharing function is a form of using a VPN device including a sharing function.
- the main office access traffic is connected to the encrypted traffic through the VPN device.
- General Internet traffic can be directly connected to the Internet through a modem or the like without using the main office, and it can detect whether a VPN is used.
- the method of using a VPN-only equipment is as shown in Figure 11 to access the encrypted traffic from the branch to the main office, in the Internet use point, the Internet traffic also passes through the encryption section to use the Internet through the headquarters access traffic, It is possible to detect the partial use of each VPN device.
- FIG. 12 is a diagram illustrating an example of a web block notification screen when blocking an additional line.
- a central server provides CRM for providing marketing data, and provides additional terminal services. If you send out notices, sanction guides, block notifications, and block the web of unsubscribed line users, if the user wants to subscribe to additional terminal services, you will receive a request for subscription through the corresponding notice web page. When you're done, you'll unblock your Internet connection.
- FIG. 13 is a diagram illustrating a format of an HTTP request message including a terminal identification value in a cookie form
- FIG. 14 is a diagram illustrating a format of an HTTP response message injecting a terminal identification value in a cookie form into the terminal.
- the stored cookie value is read from the traffic through an HTTP request message, and if the terminal identification value does not exist, the terminal identification in the form of a cookie
- the configuration of generating a value and inserting it into a terminal is illustrated.
- the present invention it is possible to easily grasp the usage status and the sharing amount of the line, and it is possible to enable the Internet service provider to equally provide the right to use the line to all subscribers.
- IP information of the detected user is databased, the unauthorized user can be tracked, the web can be blocked, or the user can be charged. Therefore, from an economic point of view, by billing for the amount of traffic caused by a plurality of hosts in each subscriber, Internet service providers can cover the cost of loss due to moral use, and it is also possible to return the right service to service subscribers.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims (15)
- 광대역 망에 연결되어 인터넷을 사용하는 모든 회선 가입자의 트래픽을 모니터링 및 분석할 수 있는 네트워크 환경에 있어서, 하나의 인터넷 회선에 여러 단말을 공유하는 단말을 구분하고 관리하기 위한 공유 단말 구분 시스템은,가입자의 트래픽을 분석하여 공유기 사용자를 검출하는 관리 서버,공유기 사용자와 사용 대수를 판단하는 과금 서버,마케팅 데이터를 제공하는 중앙 서버,인증정보를 관리하고, 연동하는 중앙 인증 G/W 서버,고객 DB를 관리하고, 연동하는 프락시 서버로 구성되며,상기 관리 서버의 공유기 사용자 검출을 위한 구성은,인터넷을 사용하는 모든 가입자의 식별을 위한 가입자 회선 인증부,HTTP의 GET 패킷을 검출하는 패킷 수집부,웹 페이지를 요청하는 GET 패킷의 헤더를 분석하는 1차 패킷 분석부,단말에 식별 값을 삽입할 수 있도록 웹 페이지를 요청하는 GET 패킷에 대한 응답 패킷을 생성하여 전송하는 식별 패킷 전송부,웹 페이지의 Element를 요청하는 GET 패킷을 분석하는 2차 패킷 분석부,특정 Element를 요청할 수 있게끔 웹 페이지의 Element를 요청하는 GET 패킷에 대한 응답 패킷을 생성하여 전송하는 Element 패킷 전송부,단말을 분석/구분/관리하기 위한 가입자 인증 데이터, IP 및 URL, 단말 식별 값을 포함하는 모든 데이터를 관리하는 데이터 관리부,하나의 회선에 여러 단말을 연결하여 사용하는 단말 및 단말 대수를 판단하기 위한 단말 판단부를 포함하여 구성된 것을 특징으로 하는 공유 단말 구분 시스템.
- 제 1항에 있어서,상기 가입자 회선 인증부는,인증구간의 망가입자의 경우 해당IP가 누구인지 알 수 있는 IP-ID, IP-Mac 정보를 관리하는 통합인증 시스템과 실시간으로 연동하여 IP-ID, IP-Mac, IP-CMMac를 중앙 인증 G/W 서버에 수집/관리하고,미인증구간의 망가입자의 경우 라우터, 스위치, L3, L2, DHCP의 특정장비에 관리되고 있는 IP-Mac, Port-Mac을 주기적으로 수집하여 인증 데이터로 사용할 수 있도록 장비명-Mac의 형태로 중앙 인증 G/W 서버에 수집/관리하고,중앙 인증 G/W 서버에 저장된 인증데이터를 IP 대역으로 분류, 특정 단말의 트래픽이 해당 백본망에 설치된 관리 서버로 미러링되는 환경에서 인증정보를 구분하여 해당 관리 서버의 인증 처리 엔진에 전송하고,전송받은 인증데이터를 관리 서버의 인증처리엔진에서 관리하는 메모리에 실시간으로 관리하고 해당 트래픽이 들어왔을 때 실시간으로 인증정보를 응답할 수 있도록 준비하며,미러링을 통해 트래픽이 들어온 사용자의 패킷을 분석하여 IP를 추출, 관리 서버의 인증처리엔진의 인증정보를 활용하여 실시간으로 인증하도록 하는 것을 특징으로 하는 공유 단말 구분 시스템.
- 제 1항에 있어서,상기 패킷 수집부는,모니터링 되고 있는 모든 트래픽 중 분석에 필요한 GET 패킷만을 수집하는 것을 특징으로 하는 공유 단말 구분 시스템.
- 제 1항에 있어서,상기 1차 패킷 분석부는,웹 페이지를 요청하는 GET 패킷의 헤더를 분석하는 섹션으로,a) 수집된 패킷에 대해 상기 가입자 회선 인증부의 인증정보와 상기 데이터 관리부가 관리하는 데이터를 비교/분석하여 이전에 단말 식별 값을 삽입했던 단말인지 판단하여 결과에 따라 식별 값을 삽입할 수 있도록 식별 패킷 전송부로 처리 과정을 넘기고,b) 상기 패킷 수집부에 의해 수집된 GET 패킷의 헤더를 추출하여, 단말 식별 값을 분석하고, 결과에 따라 본 처리 과정을 종료하며, 단말이 요청한 웹 페이지 내의 Element 요청에 대한 GET 패킷을 분석하는 2차 패킷 분석부에서 처리될 수 있도록 하는 것을 특징으로 하는 공유 단말 구분 시스템.
- 제 1항에 있어서,상기 식별 패킷 전송부는,단말에 식별 값을 삽입할 수 있도록 GET 패킷에 대한 응답 패킷을 생성하여 전송하는 섹션으로,a) 생성할 패킷 헤더의 쿠키(Cookie)에 단말 식별 값을 삽입하고, 해당 단말이 본래 요청하고자 하는 목적지 주소(Destination IP 혹은 URL)로 재요청될 수 있도록 패킷 Body에 웹 브라우저가 해석할 수 있는 클라이언트 스크립트 및 HTML로 작성한 구문을 삽입하는 단계,b) 상기 a 단계와는 달리, 클라이언트 혹은 서버 쪽의 스크립트에 의해 단말 식별 값을 쿠키로 삽입하도록 작성한 웹 페이지의 URL를 호출할 수 있도록, 생성할 패킷 Body에 웹 브라우저가 해석할 수 있는 언어로 작성한 구문을 삽입하는 단계,c) 상기 a 혹은 b 단계를 거쳐 생성된 응답 패킷을 해당 단말에 전송하는 단계,d) 이후 해당 단말 관리를 위해 상기 데이터 관리부에서 관리되는 데이터에 해당 단말에 대한 인증정보, 단말 식별 값 관리를 위한 정보를 추가하는 단계,e) 응답 패킷을 수신한 단말의 웹 브라우저가 패킷을 분석하여, 단말 식별 값을 웹 브라우저가 참조하는 OS의 쿠키 정보가 저장된 위치에 삽입한 후 본래 요청하고자 했던 서버로 재요청하거나 혹은, 상기 b 단계의 작성된 웹 페이지의 URL로 접속한 후 단말 식별 값을 쿠키로 삽입하는 단계를 포함하는 전송 방법을 이용하는 공유 단말 구분 시스템.
- 제 1항에 있어서,상기 데이터 관리부는,인증정보와, 본래 요청한 목적지 서버 혹은 특정 웹 페이지 주소에 대한 IP 및 URL 정보, 단말 식별 값을 하나의 셋(Set)으로 엮어 관리하는 것을 특징으로 하는 공유 단말 구분 시스템.
- 제 1항에 있어서,상기 2차 패킷 분석부는,웹 페이지의 Element를 요청하는 GET 패킷을 분석하는 섹션으로,a) 1차 패킷 분석부에서 분석된 단말인지 분석하고,b) Element 패킷 전송부에 의한 GET 패킷인지 분석하여, 분석 결과에 따라 단말에서 특정 Element가 요청되어질 수 있도록 하는 Element 패킷 전송부로 처리 과정을 넘기고,c) 패킷 헤더를 분석하여, 분석 결과에 따라, 단말 식별 값을 삽입할 수 있도록 하는 식별 패킷 전송부로 처리 과정을 넘기는 것을 특징으로 하는 공유 단말 구분 시스템.
- 제 1항에 있어서,상기 Element 패킷 전송부는,웹 페이지를 구성하는 이미지, 클라이언트 스크립트, CSS, 플래시(Flash)를 포함하는 웹 페이지의 Element들을 요청하는 GET 패킷에 대한 응답 패킷을 생성하는 섹션으로,a) 어떤 Element를 요청하는 GET 패킷인지 분석하는 단계,b) 상기 a 단계의 분석 결과에 따라 응답 패킷을 생성하며, 해당 단말이 본래 요청하고자 하는 Element를 재요청할 수 있도록 하는 구문과 함께, 특정 URL의 Element를 요청할 수 있도록, 웹 브라우저가 해석할 수 있는 언어로 작성한 구문을 생성하여 응답 패킷의 Body에 삽입하는 단계,c) 생성된 응답 패킷을 해당 단말에 전송하는 단계,d) 응답 패킷을 수신한 단말의 웹 브라우저가 패킷을 분석하여, 본래 요청하고자 했던 Element와 특정 URL의 Element를 재요청하는 단계를 포함하는 전송 방법을 이용하는 공유 단말 구분 시스템.
- 제 1항에 있어서,상기 단말 판단부는,상기 데이터 관리부에서 관리되는 정보를 분석하여, 하나의 인터넷 회선에 여러 단말을 사용하는 네트워크 환경 내의 각 단말과 사용 중인 단말의 수를 판단하는 것을 특징으로 하는 공유 단말 구분 시스템.
- 제 1항에 있어서,공유기 사용자를 검출하기 위한 상기 관리 서버는,인터넷에 연결된 단말이 인터넷 접속시 HTTP 헤더의 쿠키(Cookie) 값의 추출 및 분석을 위해, 단말이 인터넷을 사용할 때, 단말 식별 값이 HTTP의 헤더 또는 패킷의 내부에 포함될 수 있도록 웹 브라우저가 참조하는 OS의 레지스트리 값 또는 설정 파일 또는 그 외 쿠키 정보가 저장된 위치를 포함하여 OS가 쿠키 값을 참조하는 모든 매체에 단말 식별 값을 삽입하며,삽입/분석 기술로는 첫째, 특정 도메인을 가지는 사이트에 접속시 해당 사이트에서 삽입한 것처럼 상기 단말의 쿠키에 단말 식별 값을 삽입하고 이를 다시 읽어 들여 분석하는 기술,둘째, 도메인 설정이 없고 불특정 도메인에 접속을 하여도 상기 단말이 접속하고자 했던 해당 불특정 사이트에서 삽입한 것처럼 단말 식별 값을 삽입하고 이를 다시 읽어 들여 분석하는 기술,셋째, 특정/불특정 사이트이든 간에 처음에 한번 심어 놓은 사이트가 있다면, 다른 사이트를 접속해도 상기 시스템에서는 처음 사이트에 심어놓은 쿠키를 읽어들이고 분석하는 기술을 이용하는 것을 특징으로 하는 공유 단말 구분 시스템.
- 제 1항에 있어서,상기 관리 서버와 과금 서버는 트래픽을 분석하기 위한 지역 노드로 구성되며,상기 중앙 서버, 중앙 인증 G/W 서버, 그리고 프락시 서버는 네트워크 망을 통해 여러 위치에 구성된 각 지역 노드를 관리 및 제어할 수 있는 센터 노드로 구성되고,상기 관리 서버는 해당 지역의 인터넷 가입자가 발생시킨 트래픽 양에 따라 1대 이상으로 구성할 수 있는 것을 특징으로 하는 공유 단말 구분 시스템.
- 제 1항에 있어서,상기 프락시 서버는 ISP로부터 인터넷 가입자 정보 즉, 고객정보 DB와 지역 노드별 가입자 IP 대역을 연동 받으며, 가입자에 대해 인터넷 회선 가입, 인터넷 회선 해지, 추가 단말 서비스 가입, 추가 단말 서비스 해지 등의 이력을 실시간으로 연동 받는 것과 과금 서버로부터 수집한 공유기 사용자 이력 정보를 ISP 업체로 전달하고,상기 중앙 인증 G/W 서버는 ISP 업체의 인증 시스템과 연동하여 인터넷 가입자의 인증정보를 연동 받아 각 지역 노드의 관리 서버로 전송하고,상기 중앙 서버는 과금 서버로부터 수집한 공유기 사용자 이력 정보를 바탕으로 공유기 사용자 고객 DB 관리, CRM 페이지를 ISP 측에 제공하며, 공유 대상자 즉, 공지전송 대상자를 선정하여 공지정책을 책정하고,상기 과금 서버는 해당 지역 노드에서 관할하는 가입자의 고객정보 DB를 프락시 서버로부터 연동 받아, 지역 노드 고객 DB를 업데이트하며, 중앙 서버로부터 공지정책을 수집, 관리 서버로부터 공유기 사용자 이력 정보를 수집하고,상기 관리 서버는 중앙 인증 G/W 서버로부터 인터넷 가입자의 인증정보를 수집, 과금 서버로부터 공지정책 수집하고, 가입자의 트래픽을 모니터링하고 분석하여 공유기 사용자를 검출하고, 과금 서버로부터 수집한 공지정책을 기준으로 공유기 사용자에 대해 공지전송을 하며, 검출한 공유기 사용자 이력 정보를 과금 서버로 전송하도록 하는 것을 특징으로 하는 공유 단말 구분 시스템.
- 광대역 망에 연결되어 인터넷을 사용하는 모든 회선 가입자의 트래픽을 모니터링 및 분석할 수 있는 네트워크 환경에 있어서, 하나의 인터넷 회선에 여러 단말을 공유하는 단말을 관리하기 위한 공유 단말 처리 방법은,공유 단말 구분 시스템을 통해 공유기 사용 유무를 판단하여 공유기 사용자를 검출하는 단계,검출된 공유기 사용자들의 평균 사용 단말 대수를 일정 기간 조사하여 공유 대상자를 선별하는 단계,선별된 공유 대상자에 대해 추가 단말 서비스 가입을 요청하는 3단계의 공지를 전송하는 단계,공유 대상자가 추가 단말 서비스 가입을 요청하는 경우 추가 단말 서비스 가입 신청을 받는 단계,공유 대상자가 추가 단말 서비스 가입을 거부하는 경우 해당 공유 회선에 대해 인터넷을 차단하는 단계를 포함하는 것을 특징으로 하는 공유 단말 처리 방법.
- 제 13항에 있어서,상기 검출된 공유기 사용자들의 평균 사용 단말 대수를 일정 기간 조사하여 공유 대상자를 선별하는 단계는,최근 회선 사용일을 기준으로 과거 일정 기간 동안 평균 공유 단말 대수를 산출하여 대상자 선별을 위한 기준 정책을 수립하여 해당 사용자를 공유 대상자로 선별하는 것을 특징으로 하는 공유 단말 처리 방법.
- 제 13항에 있어서,상기 추가 단말 서비스 가입을 요청하는 3단계의 공지를 전송하는 단계는,1단계, 약관 위배에 따른 추가 공유 단말 사용을 알리고 추가 단말 서비스 가입을 권유하는 공지를 발송하는 홍보 공지 단계와,2단계, 인터넷 차단 일자를 고지하고 해당 기간 내 추가 단말 서비스 가입을 권유하는 공지를 발송하는 제제 공지 단계와,3단계, 기본 가입 회선 및 기본 추가 제공되는 1회선을 제외한 나머지 공유 단말에 대해 차단 안내 공지를 발송하는 차단 공지 단계로 구성된 것을 특징으로 하는 공유 단말 처리 방법.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2820720A CA2820720C (en) | 2010-12-07 | 2011-12-05 | Shared terminal identification system using a network packet and processing method thereof |
US13/992,631 US9270567B2 (en) | 2010-12-07 | 2011-12-05 | Shared terminal identification system using a network packet and processing method thereof |
CN201180067015.4A CN103493435B (zh) | 2010-12-07 | 2011-12-05 | 使用网络分组的共享终端标识系统及其处理方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2010-0124205 | 2010-12-07 | ||
KR1020100124205A KR101047997B1 (ko) | 2010-12-07 | 2010-12-07 | 네트워크 패킷을 이용한 공유 단말 구분 시스템 및 처리 방법 |
Publications (3)
Publication Number | Publication Date |
---|---|
WO2012077944A2 WO2012077944A2 (ko) | 2012-06-14 |
WO2012077944A9 true WO2012077944A9 (ko) | 2012-09-13 |
WO2012077944A3 WO2012077944A3 (ko) | 2013-01-03 |
Family
ID=44923377
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2011/009351 WO2012077944A2 (ko) | 2010-12-07 | 2011-12-05 | 네트워크 패킷을 이용한 공유 단말 구분 시스템 및 처리 방법 |
Country Status (5)
Country | Link |
---|---|
US (1) | US9270567B2 (ko) |
KR (1) | KR101047997B1 (ko) |
CN (1) | CN103493435B (ko) |
CA (1) | CA2820720C (ko) |
WO (1) | WO2012077944A2 (ko) |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101127246B1 (ko) * | 2011-08-03 | 2012-07-02 | 플러스기술주식회사 | Ip 주소를 공유하는 단말을 검출하는 방법 및 그 장치 |
WO2013162262A1 (ko) * | 2012-04-23 | 2013-10-31 | 줌인터넷 주식회사 | 패킷미러링을 이용한 검색대상 식별정보 수집 방법 및 그 시스템 |
CN102984163B (zh) * | 2012-12-06 | 2015-09-30 | 华为技术有限公司 | 控制同一ip地址的多个主机访问网络的方法及系统 |
US10742601B2 (en) * | 2013-03-14 | 2020-08-11 | Fortinet, Inc. | Notifying users within a protected network regarding events and information |
CN104580074B (zh) * | 2013-10-14 | 2018-08-24 | 阿里巴巴集团控股有限公司 | 客户端应用的登录方法及其相应的服务器 |
KR101550015B1 (ko) * | 2013-11-25 | 2015-09-07 | 플러스기술주식회사 | 픽셀태그를 이용한 공유단말 검출 방법 및 그 장치 |
CN103763125A (zh) * | 2013-12-27 | 2014-04-30 | 北京集奥聚合科技有限公司 | 运营商网络实际用户数的统计方法和装置 |
KR101459641B1 (ko) * | 2014-02-27 | 2014-11-13 | (주)컨피테크 | 무선통신 이용자의 가상인격분석에 따른 맞춤형 식별콘텐츠표시시스템 및 맞춤형 식별콘텐츠표시방법 |
CN104933058B (zh) * | 2014-03-18 | 2018-09-11 | 北京学之途网络科技有限公司 | 一种监测网络访问活动的方法和系统 |
KR101591934B1 (ko) * | 2014-03-27 | 2016-02-18 | 플러스기술주식회사 | 인터넷 주소를 이용한 단말 식별 장치 및 그 방법 |
KR101755612B1 (ko) * | 2014-04-30 | 2017-07-26 | 주식회사 수산아이앤티 | 브라우저 종류를 이용한 공유 단말 검출 방법 및 그 장치 |
KR101518468B1 (ko) * | 2014-05-14 | 2015-05-15 | 주식회사 플랜티넷 | 인터넷 접속 요청을 하는 클라이언트 단말의 인터넷 접속 요청 트래픽으로부터 동일한 공인 ip를 이용하는 사설 네트워크상의 복수개의 클라이언트 단말의 디바이스 대수를 검출하는 방법 및 공인 ip 공유 상태 검출 시스템 |
US10504148B2 (en) | 2014-05-23 | 2019-12-10 | Qualcomm Incorporated | Peer-to-peer relaying of discovery information |
US10142847B2 (en) | 2014-05-23 | 2018-11-27 | Qualcomm Incorporated | Secure relay of discovery information in wireless networks |
CN105228126B (zh) | 2014-05-30 | 2019-10-22 | 华为技术有限公司 | 一种网络接入点托管的方法及系统 |
KR101518472B1 (ko) * | 2014-06-16 | 2015-05-07 | 주식회사 플랜티넷 | 인터넷 접속 요청을 하는 클라이언트 단말의 인터넷 접속 요청 트래픽으로부터 동일한 공인 ip를 이용하는 사설 네트워크상의 복수개의 클라이언트 단말 중에서 추가 비지정 도메인 네임을 구비한 웹서버에 의해 선별된 디바이스의 대수를 검출하는 방법 및 공인 ip 공유 상태의 디바이스의 선별적인 검출 시스템 |
KR101616402B1 (ko) | 2015-03-23 | 2016-04-28 | 주식회사 제이넷 | 회선공유단말 구별 장치 |
KR102303984B1 (ko) * | 2015-06-22 | 2021-09-23 | 삼성전자 주식회사 | 이동 통신 시스템에서 전자 기기의 가입 방법 및 장치 |
CN105050069B (zh) * | 2015-06-30 | 2019-03-01 | 北京奇虎科技有限公司 | 一种用于智能汽车的网络监控方法及智能汽车 |
CN104954488B (zh) * | 2015-06-30 | 2018-12-25 | 北京奇虎科技有限公司 | 一种网络访问控制方法、分发服务器及网络访问系统 |
CN104954489B (zh) * | 2015-06-30 | 2019-02-12 | 北京奇虎科技有限公司 | 一种访问网络的方法、代理服务器及网络访问系统 |
KR20160113959A (ko) | 2015-09-25 | 2016-10-04 | 주식회사 제이넷 | 회선 공유 단말 구별 장치 |
US10819639B2 (en) * | 2015-11-05 | 2020-10-27 | Soosan Int Co., Ltd. | Method for managing shared terminal and device therefor |
CN105897829A (zh) * | 2015-11-30 | 2016-08-24 | 乐视网信息技术(北京)股份有限公司 | 信息共享、信息推送的方法及装置 |
CN106230874A (zh) * | 2016-04-01 | 2016-12-14 | 深圳市联软科技股份有限公司 | 一种业务访问方法、装置及系统 |
CN106790383B (zh) * | 2016-11-23 | 2019-09-27 | 广州酷狗计算机科技有限公司 | 访问人数确定方法及装置 |
KR101891706B1 (ko) * | 2016-12-16 | 2018-08-24 | 주식회사 수산아이앤티 | 단말의 식별 방법 및 그 장치 |
US11876798B2 (en) * | 2019-05-20 | 2024-01-16 | Citrix Systems, Inc. | Virtual delivery appliance and system with remote authentication and related methods |
CN111787025B (zh) * | 2020-07-23 | 2022-02-22 | 迈普通信技术股份有限公司 | 加解密处理方法、装置、系统以及数据保护网关 |
CN114070707A (zh) * | 2020-11-10 | 2022-02-18 | 北京市天元网络技术股份有限公司 | 一种互联网性能监控方法及系统 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100643215B1 (ko) * | 2004-06-02 | 2006-11-10 | 플러스기술주식회사 | 네트워크장치 분석시스템 |
KR100588352B1 (ko) | 2004-12-28 | 2006-06-09 | 주식회사 케이티 | 아이피 공유기 감시 시스템 및 그 방법 |
JP2007013684A (ja) * | 2005-06-30 | 2007-01-18 | Toshiba Corp | 通信システム、サーバ装置及びデータ端末装置 |
KR100724731B1 (ko) * | 2005-08-23 | 2007-06-04 | 주식회사 네이블커뮤니케이션즈 | Ip 주소를 공유하는 통신 단말들을 검출하는 가입자 관리시스템 및 방법 |
KR100692762B1 (ko) | 2005-08-23 | 2007-03-09 | 현대자동차주식회사 | 자동차용 콤비네이션 스위치 및 그 제어방법 |
KR20070114917A (ko) | 2006-05-30 | 2007-12-05 | 박영환 | 금박이 부착된 도기타일의 제조 방법 및 그 도기타일 |
KR100960152B1 (ko) | 2007-10-24 | 2010-05-28 | 플러스기술주식회사 | 네트워크상의 복수 단말을 검출하여 인터넷을 허용 및차단하는 방법 |
-
2010
- 2010-12-07 KR KR1020100124205A patent/KR101047997B1/ko active IP Right Grant
-
2011
- 2011-12-05 CA CA2820720A patent/CA2820720C/en not_active Expired - Fee Related
- 2011-12-05 CN CN201180067015.4A patent/CN103493435B/zh not_active Expired - Fee Related
- 2011-12-05 US US13/992,631 patent/US9270567B2/en not_active Expired - Fee Related
- 2011-12-05 WO PCT/KR2011/009351 patent/WO2012077944A2/ko active Application Filing
Also Published As
Publication number | Publication date |
---|---|
CN103493435A (zh) | 2014-01-01 |
CA2820720A1 (en) | 2012-06-14 |
KR101047997B1 (ko) | 2011-07-13 |
US20130254394A1 (en) | 2013-09-26 |
WO2012077944A2 (ko) | 2012-06-14 |
CN103493435B (zh) | 2017-04-19 |
US9270567B2 (en) | 2016-02-23 |
CA2820720C (en) | 2017-05-23 |
WO2012077944A3 (ko) | 2013-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2012077944A9 (ko) | 네트워크 패킷을 이용한 공유 단말 구분 시스템 및 처리 방법 | |
US11399288B2 (en) | Method for HTTP-based access point fingerprint and classification using machine learning | |
US9204293B2 (en) | Apparatuses, methods, and computer program products for data retention and lawful intercept for law enforcement agencies | |
KR100960152B1 (ko) | 네트워크상의 복수 단말을 검출하여 인터넷을 허용 및차단하는 방법 | |
WO2013002538A2 (en) | Method and apparatus for preventing distributed denial of service attack | |
US20150281176A1 (en) | Method And Technique for Automated Collection, Analysis, and Distribution of Network Security Threat Information | |
KR20100075043A (ko) | Irc 및 http 봇넷 보안 관제를 위한 관리 시스템 및 그 방법 | |
WO2015102446A1 (ko) | 왕복 시간 변화를 이용하여 익명 네트워크를 통한 우회 접속을 탐지하는 방법 | |
CN1460355A (zh) | 提供通信服务的方法和装置 | |
WO2013012278A2 (ko) | 통신 시스템에서 ip 어드레스를 이용한 디바이스 컨텍스트 관리 방법 및 장치 | |
WO2014038737A1 (ko) | 모니터링 및 필터링 정책을 이용한 네트워크 트래픽 관리 시스템 및 그 방법 | |
KR100724731B1 (ko) | Ip 주소를 공유하는 통신 단말들을 검출하는 가입자 관리시스템 및 방법 | |
KR100723657B1 (ko) | 사설 아이피 사용자가 동시에 인터넷에 접속할 경우티씨피/아이피 기반에서 선별적으로 허용 및 차단하는 방법 | |
KR101087291B1 (ko) | 인터넷을 사용하는 모든 단말을 구분하는 방법 및 시스템 | |
WO2015102356A1 (ko) | 현재 시간 기준으로 공인 아이피를 공유하는 인터넷 접속 요청 트래픽을 선별적 허용 또는 차단하는 방법 및 그 방법을 실행하기 위한 공인 아이피 공유의 현재 상태 검출 및 차단 시스템 | |
US11979374B2 (en) | Local network device connection control | |
WO2012144723A1 (ko) | 웹서버보호장치 | |
WO2017131265A1 (ko) | 다중객체 영상분석 및 그 결과 제공을 위한 영상분석 시스템 | |
WO2015080378A1 (ko) | 공유 단말 식별 방법 및 그 시스템 | |
KR20030057269A (ko) | 아이피 공유기 검출 시스템 및 그 방법 | |
WO2015076497A1 (ko) | 웹개체를 이용한 공유단말 검출 방법 및 그 장치 | |
KR101424504B1 (ko) | 포지티브 방식을 이용한 통합보안관제시스템 | |
WO2014058158A1 (ko) | 온라인 서비스로 제공되는 저작 콘텐츠의 보호를 위한 콘텐츠 유통 로그 에이전트 및 운영방법 | |
KR20100096461A (ko) | 개선된 인터넷 서비스 시스템 | |
KR101257067B1 (ko) | 인터넷 서비스 감청 방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11846650 Country of ref document: EP Kind code of ref document: A2 |
|
ENP | Entry into the national phase |
Ref document number: 2820720 Country of ref document: CA |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13992631 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11846650 Country of ref document: EP Kind code of ref document: A2 |