WO2012161526A1 - Computing apparatus and automatic connection switching method of the computing apparatus - Google Patents

Computing apparatus and automatic connection switching method of the computing apparatus Download PDF

Info

Publication number
WO2012161526A1
WO2012161526A1 PCT/KR2012/004101 KR2012004101W WO2012161526A1 WO 2012161526 A1 WO2012161526 A1 WO 2012161526A1 KR 2012004101 W KR2012004101 W KR 2012004101W WO 2012161526 A1 WO2012161526 A1 WO 2012161526A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
address information
attempted
internal server
server
Prior art date
Application number
PCT/KR2012/004101
Other languages
English (en)
French (fr)
Inventor
Hee An Park
Kyung Wan Kang
Kwang Tae Kim
Original Assignee
Ahnlab, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ahnlab, Inc. filed Critical Ahnlab, Inc.
Publication of WO2012161526A1 publication Critical patent/WO2012161526A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • the present invention relates to a technology for controlling a network connection by separating operating environments of a process logically or physically within a client.
  • a technology that separates a virtual environment and a host environment within one client, so that for a process operated in the virtual environment, only the access to a server of an external network is allowed, and for a process operated in the host environment, only the access to a server of an internal network is allowed.
  • the user when it is desired to access a server of the external network, the user can access the server of the external network by driving the process in the virtual environment, and when it is desired to access a server of the internal network, the user can access the server of the internal network by driving the process in the host environment.
  • the user may not recognize whether he or she performs a task in the virtual environment or in the host environment. Thus, the user may attempt to access the server of the internal network in the virtual environment, or may attempt to access the server of the external network in the host environment.
  • the user When the user attempts to access the server of the internal network in the virtual environment, or attempts to access the server of the external network in the host network, the user may not be normally provided with a network service as the access is blocked.
  • An aspect of the present invention is to minimize the user’s inconveniences caused by blocking access to a server as well as to maintain network security, by blocking access of a first process, which is allowed to access only an external server, to an internal server, and at the same time, by supporting the access to the internal server through a second process, which is allowed to access only the internal server.
  • another aspect of the present invention is to minimize a user’s inconveniences caused by blocking access to a server as well as to maintain network security, by blocking the access of the second process to the external server, and at the same time by supporting the access to the external server through the first process.
  • a computing apparatus including: a determining unit for determining whether a first process, which is allowed to access only an external server, attempts to access an internal server; a blocking unit for blocking an access of the first process to the internal server when it is determined that the first process attempts to access the internal server; an extracting unit for extracting address information which the first process has attempted to access; and a connection control unit for executing a second process, which is allowed to access only the internal server, and connecting the second process to the internal server based on the address information which the first process has attempted to access.
  • an automatic connection switching method of a computing apparatus including: determining whether a first process, which is allowed to access only an external server, attempts to access an internal server; blocking an access of the first process to the internal server when it is determined that the first process attempts to access the internal server; extracting address information which the first process has attempted to access; and connecting a second process, which is allowed to access only the internal server, to the internal server based on the address information which the first process has attempted to access, by executing the second process.
  • Embodiments of the present invention are adapted to block access of a first process, which is allowed to access only an external server, to an internal server, and at the same time, to support the access to the internal server through a second process, which is allowed to access only the internal server, whereby the user’s inconveniences caused by blocking access to a server can be minimized while maintaining network security.
  • embodiments of the present invention are adapted to block the access of the second process to the external server, and at the same time, to support the access to the external server through the first process, whereby a user’s inconveniences caused by blocking access to server can be minimized while maintaining network security.
  • FIG. 1 shows a construction of a computing apparatus according to an embodiment of the present invention.
  • FIG. 2 shows a flowchart for an automatic connection switching method of a computing apparatus according to an embodiment of the present invention.
  • a component is “connected to” or “coupled to” another component, it shall be understood that a third component may exist between the components although the firstly referred-to component may be directly connected or coupled to the another embodiment. However, if it is described that a component is “directly connected to” or “directly coupled to” another component, it shall be understood that no other component exists between the components.
  • FIG. 1 shows a construction of a computing apparatus according to an embodiment of the present invention.
  • the computing apparatus 110 includes a determining unit 111, a blocking unit 112, an extracting unit 113, and a connection control unit 114.
  • the determining unit 111 determines whether a first process, which is allowed to access only an external server, attempts to access an internal server or not.
  • the blocking unit 112 blocks the access of the first process to the internal server.
  • the computing apparatus 110 may further include a display unit 115.
  • the display unit 115 may display an error message for informing that the access is not allowed.
  • the extracting unit 113 extracts address information that the first process has attempted to access.
  • connection control unit 114 executes a second process, which is allowed to access only the internal server, and connects the second process to the internal server on the basis of the address information that the first process has attempted to access.
  • the extracting unit 113 may extract only the address information input by the user through a browser window among the address information that the first process has attempted to access.
  • connection control unit 114 may connect the second process to the internal server on the basis of the address information input by the user.
  • the address information that the first process has attempted to access may include the access address information of the Internet site, the address information of a banner of the Internet site, or all the address information of images, dynamic images or the like forming the Internet site.
  • the extracting unit 113 can support the connection control unit 114 to connect the second process to the address of the internet site that the first process has attempted to access, rather than to any other address.
  • the extracting unit 13 can compare the address information that the first process has attempted to access and at least one information item that the user has recently attempted to access, and can extract address information matched to the at least one address information item among the address information that the first process has attempted to access.
  • connection control unit 114 can connect the second process to the internal server on the basis of the address information matched to the at least one address information item.
  • the address information that the first process has attempted to access may include an access address information item of the Internet site, an address information item of a banner that forms the Internet site, or all the address information items of images, dynamic images or the like that form the Internet site.
  • the extracting unit 113 can compare the address information item that the user has recently attempted to access and the information items that the first process has attempted to access, and can extract the address information matched to the address information item that the user has recently attempted to access.
  • the first process is a process executed in the virtual environment
  • the second process is a process executed in the host environment.
  • the first process may be a process, which is allowed to access only the external server while the process is being executed in the virtual environment
  • the second process may be a process which is allowed to access only the internal server while being executed in the host environment
  • the first process may be a process which is allowed to access only the external server while being executed in the host environment
  • the second process may be a process which is allowed to access only the internal server while being executed in the virtual environment
  • the computing apparatus 110 blocks the access of the first process, and extracts the address information that the first process has attempted to access, and then executes the second process, which is allowed to access only the internal server, and connects the second process to the internal server on the basis of the extracted address information.
  • the computing apparatus 110 can support the user to use a network service without blocking access even if the user executes the first process and attempts to access the internal server.
  • the computing apparatus 110 in accordance with an embodiment of the present invention supports access to the internal server through the second process simultaneously with blocking the access of the first process to the internal server, which can minimize the user’s inconveniences caused by blocking access while maintaining the network security.
  • the display unit 115 may display the driving screen of the second process within the driving screen of the first process.
  • the computing apparatus 110 may block the access of the second process to the external server, and execute the first process to control the access to the external server through the first process.
  • the determining unit 111 determines whether the second process attempts to access the external server.
  • the blocking unit 112 blocks the access of the second process to the external server.
  • the display unit 115 may display an error message for informing that the access is not allowed.
  • connection control unit 114 executes the first process and connects the first process to the external server on the basis of the address information that the second process has attempted to access.
  • the extracting unit 113 can extract only the address information that has been input by the user through the browser window among the address information that the second process has attempted to access.
  • connection control unit 114 can connect the first process to the external server on the basis of the address information that has been input by the user.
  • the extracting unit 113 can compare the address information that the second process has attempted to access and at least one address information item that the user has recently attempted to access, and can extract address information matched to the at least one address information item among the address information that the second process has attempted to access.
  • connection control unit 114 can connect the first process to the external server on the basis of the address information matched to the at least one address information item.
  • the inventive computing apparatus 110 blocks the access of the second process, and extracts the address information that the second process has attempted to access. Then, the inventive computing apparatus 110 executes the first process, which is allowed to access only the external server, and connects the first process to the external server on the basis of the extracted address information. As a result, the computing apparatus 110 can support the user to use a network service without blocking access even if the user executes the second process to attempt to access the external server.
  • inventive computing apparatus 100 blocks the access of the second process to the external server and at the same time, supports the access to the external server through the first process.
  • inventive computing apparatus 100 can minimize the user’s inconveniences caused by blocking access while maintaining the network security.
  • FIG. 2 is a flowchart showing the inventive automatic connection switching method of the computing apparatus.
  • step S210 it is determined whether the first process, which is allowed to access only the external server, attempts to access the internal server.
  • step S220 if it is determined that the first process attempts to access the internal server, the access of the first process to the internal server is blocked.
  • the automatic connection switching method of the computing apparatus may further include displaying an error message for informing that access is not allowed when it is determined that the first process attempts to access the internal server after the step S220.
  • step S230 the address information that the first process has attempted to access is extracted.
  • step S240 the second process, which is allowed to access only the internal server, is executed, and the second process is connected to the internal server on the basis of the address information that the first process has attempted to access.
  • step S230 only the address information input by the user through the browser can be extracted among the address information that the first process has attempted to access.
  • the second process can be connected to the internal server on the basis of the address information input by the user.
  • the address information that the first process has attempted to access and at least one address information that the user has recently attempted to access can be compared to each other, and address information matched to the at least one address information can be extracted among the address information that the first process has attempted to access.
  • the second process can be connected to the internal server on the basis of the address information matched to the at least one address information.
  • the first process is a process executed in the virtual environment
  • the second process is a process executed in the host environment.
  • the first process may be a process executed in the host environment
  • the second process may be a process executed in the virtual environment
  • the automatic connection switching method of the computing apparatus may further include displaying a driving screen of the second process in a driving screen of the first process when the second process has completed access to the internal server after the step S240.
  • the inventive automatic connection switching method of the computing apparatus can block the access to the external server through the second process, and executes the first process to control the access to the external server through the first process.
  • step 210 it can be determined whether the second process attempts to access the external server.
  • step S220 if it is determined that the second process attempts to access the external server, the access of the second process to the external server can be blocked.
  • step S230 the address information that the second process has attempted to access can be extracted.
  • the first process can be executed and the first process can be connected to the external server on the basis of the address information that the second process has attempted to access.
  • the inventive automatic connection switching method of a computing apparatus has been described above with reference to FIG. 2. Since the automatic connection switching method of the inventive computing apparatus may correspond to the construction of the computing apparatus 110 described with reference to FIG. 1, the automatic switching methods will not be described in further detail.
  • the inventive automatic connection switching method of a computing apparatus may be executed in a program command form that can be executed through various computer means, and be recorded in a computer-readable recording medium.
  • the computer-readable recoding medium may contain program commands, data files, data structures or the like individually or in combination.
  • the program commands recorded in the medium may be those specially designed for the present invention or those publicly known and used by a person skilled in the art of computer software.
  • Examples of such a computer-readable recording medium include a magnetic media, such as a hard disk, a floppy disk and a magnetic tape, an optical media, such as a CD-ROM and a DVD, a magneto-optical media, such as a floptical disk, and a hardware device specially configured to store and execute a program command, such as a ROM, a RAM and a flash memory.
  • Examples of such a program command include high-level language codes that can be executed by a computer using an interpreter or the like as well as mechanical language codes made by a compiler.
  • the above-mentioned hardware devices may be configured to be operated by one or more software modules to execute the inventive functions, and vice versa.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
PCT/KR2012/004101 2011-05-26 2012-05-24 Computing apparatus and automatic connection switching method of the computing apparatus WO2012161526A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2011-0050129 2011-05-26
KR1020110050129A KR101277620B1 (ko) 2011-05-26 2011-05-26 컴퓨팅 장치 및 상기 컴퓨팅 장치의 자동 접속 전환 방법

Publications (1)

Publication Number Publication Date
WO2012161526A1 true WO2012161526A1 (en) 2012-11-29

Family

ID=47217463

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/004101 WO2012161526A1 (en) 2011-05-26 2012-05-24 Computing apparatus and automatic connection switching method of the computing apparatus

Country Status (2)

Country Link
KR (1) KR101277620B1 (ko)
WO (1) WO2012161526A1 (ko)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10263992B2 (en) 2016-02-23 2019-04-16 Electronics And Telecommunications Research Institute Method for providing browser using browser processes separated for respective access privileges and apparatus using the same

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020073855A (ko) * 2001-03-16 2002-09-28 쌍용정보통신 주식회사 듀얼 아이피 스위치 허브 및 이를 이용한 네트워크시스템
KR100874409B1 (ko) * 2008-01-11 2008-12-17 (주)테크모아 이중 컴퓨터
KR20100030875A (ko) * 2008-09-11 2010-03-19 현대중공업 주식회사 개인 전산기 네트워크 및 하드디스크 가상 분리를 통한 보안 시스템

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020073855A (ko) * 2001-03-16 2002-09-28 쌍용정보통신 주식회사 듀얼 아이피 스위치 허브 및 이를 이용한 네트워크시스템
KR100874409B1 (ko) * 2008-01-11 2008-12-17 (주)테크모아 이중 컴퓨터
KR20100030875A (ko) * 2008-09-11 2010-03-19 현대중공업 주식회사 개인 전산기 네트워크 및 하드디스크 가상 분리를 통한 보안 시스템

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10263992B2 (en) 2016-02-23 2019-04-16 Electronics And Telecommunications Research Institute Method for providing browser using browser processes separated for respective access privileges and apparatus using the same

Also Published As

Publication number Publication date
KR101277620B1 (ko) 2013-07-30
KR20120131742A (ko) 2012-12-05

Similar Documents

Publication Publication Date Title
WO2020180013A1 (en) Apparatus for vision and language-assisted smartphone task automation and method thereof
WO2017030252A1 (ko) 컨테이너 이미지 보안 검사 방법 및 그 장치
WO2018026033A1 (ko) 문서의 동시 편집을 지원하는 문서 협업 지원 장치 및 그 동작 방법
WO2014027859A1 (en) Device and method for processing transaction request in processing environment of trust zone
WO2012108623A1 (ko) 이미지 데이터베이스에 신규 이미지 및 이에 대한 정보를 추가하기 위한 방법, 시스템 및 컴퓨터 판독 가능한 기록 매체
EP3172683A1 (en) Method for retrieving image and electronic device thereof
WO2020262788A1 (en) System and method for natural language understanding
WO2016099186A1 (en) Display apparatus and controlling method
WO2012108613A1 (en) Method and apparatus for controlling connection between devices
WO2013105716A1 (ko) 이미지 제공 시스템, 이를 위한 장치 및 이미지 제공 방법
WO2018004021A1 (ko) 전자 문서의 공동 편집을 위한 협업 지원 장치 및 그 동작 방법
WO2018080228A1 (ko) 번역을 위한 서버 및 번역 방법
WO2021112273A1 (ko) 딥러닝 기반 동영상에서 연속적으로 개인정보를 비식별화하기 위한 방법 및 장치
WO2017164510A2 (ko) 음성 데이터 기반 멀티미디어 콘텐츠 태깅 방법 및 이를 이용한 시스템
WO2018212485A1 (ko) 웹 문서 편집툴에서 지원하는 스타일 속성에 따라 웹 문서에 대한 외부 콘텐츠의 붙여넣기 처리가 가능한 클라이언트 단말 장치 및 그 동작 방법
WO2012108617A1 (en) Method and apparatus for managing content in a processing device
WO2012161526A1 (en) Computing apparatus and automatic connection switching method of the computing apparatus
WO2020166849A1 (en) Display system for sensing defect on large-size display
EP2820558A1 (en) Remote user interface providing apparatus and method
WO2023018150A1 (en) Method and device for personalized search of visual media
WO2018212486A1 (ko) 마크업 언어 기반 문서의 조합 글자 동기화 장치 및 그의 동작 방법
WO2017115976A1 (ko) 접근성 이벤트를 이용한 유해 사이트 차단 방법 및 장치
WO2020022645A1 (en) Method and electronic device for configuring touch screen keyboard
WO2017007131A1 (ko) 광고가 표시되는 컨텐츠 제공 서버, 그 방법 및 컨텐츠 내 광고 표시 방법이 프로그램으로 기록된 전자 장치에서 판독 가능한 기록매체
WO2012077966A1 (en) Apparatus and method for removing malicious code

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12789954

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12789954

Country of ref document: EP

Kind code of ref document: A1