[go: up one dir, main page]

WO2002077852A1 - Method and system for restricting access to specific internet sites and lan card for the same - Google Patents

Method and system for restricting access to specific internet sites and lan card for the same Download PDF

Info

Publication number
WO2002077852A1
WO2002077852A1 PCT/KR2002/000476 KR0200476W WO02077852A1 WO 2002077852 A1 WO2002077852 A1 WO 2002077852A1 KR 0200476 W KR0200476 W KR 0200476W WO 02077852 A1 WO02077852 A1 WO 02077852A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
harmful
packet
lan card
site
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2002/000476
Other languages
French (fr)
Inventor
Mookyung An
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SAFEI CO Ltd
Original Assignee
SAFEI CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SAFEI CO Ltd filed Critical SAFEI CO Ltd
Publication of WO2002077852A1 publication Critical patent/WO2002077852A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services

Definitions

  • the present invention relates generally to a method, system and local area network card for blocking access to harmful sites, and particularly to a method, system and local area network card for blocking access to harmful sites, which ' is capable of blocking access to harmful sites by installing a memory storing a harmful site list in the local area network card, examining whether all packets passing through the local area network card are packets transmitted/received to/from harmful sites on the basis of the harmful site list, and determining whether the addresses of the packets correspond to harmful sites by inquiring of a harmful site list providing server about harmful sites in the case of access to sites that are not present in the harmful site list.
  • the Internet is an open computer communication network in which companies, laboratories, libraries, schools, individuals or the like all over the world can search information and exchange information with one another using computers.
  • computer communication technology is developing and the popularization of computers is increasing, the use of the Internet is rapidly spreading.
  • Harmful sites on the Internet denote not only sites that provide lewd information such as lewd images, stories and chats, and antisocial information such as suicide methods and bomb manufacturing methods, but also various sites that incur the dereliction of duties through the provision of day trading and chats in duty hours.
  • an Internet Service Provider blocks access to harmful sites.
  • This method is implemented in such a way that an ISP 30 constructs a database 35 of a harmful site list, monitors Internet addresses inputted by users 10a to lOn accessing a Local Area Network (LAN) 20 or users 11 accessing the Internet through a Public Switched Telephone Network (PSTN) 25 using a modem, and prohibits access to addresses stored in the harmful site list database 35.
  • LAN Local Area Network
  • PSTN Public Switched Telephone Network
  • the method is problematic in that the method may give rise to a dispute that it is a kind of censorship on information. Additionally, the method is problematic in that since the prohibition against access to harmful sites cannot be accomplished to be suitable for the characteristics of a user group, access to harmful sites is prohibited collectively.
  • blocking software is installed in each computer 10.
  • the block software downloads a blocked site list at regular intervals from a server 50 for providing a blocked site list updating service, and constructs a database 35 of a blocked site list in the computer 1.
  • the computer 10 determines whether an Internet address of an Internet site corresponds to one of the site addresses stored in the blocked site list database 35 whenever a user accesses the Internet site, and blocks access to the sites registered in the blocked site list database 35.
  • this method is problematic in that this method is not operated properly while the server computer is shut off and is out of order, and the speed of the Internet is reduced by data packet examination in the server. Additionally, this method incurs great expense in that an operator of the server computer is required to be employed and the server computer must be purchased. Additionally, this conventional method is defective in that individual users not in a LAN environment cannot utilize this method.
  • an object of the present invention is to provide a method, system and LAN card for blocking access to harmful sites.
  • Another object of the present invention is to provide a method, system and LAN card for blocking access to harmful sites, which is capable of operating regardless of the reinstallation of an operating system and a system and a system registry.
  • a further object of the present invention is to provide a method, system and LAN card for blocking access to harmful sites, which is capable of minimizing a decrease in Internet speed due to the blocking of access to harmful sites.
  • a still further object of the present invention is to provide a method, system and LAN card for blocking access to harmful sites, in which each group, each company or the like can select harmful sites according to its purpose.
  • Another object of the present invention is to provide a method, system and LAN card for blocking access to harmful sites, which does not require a server and an operator.
  • the present invention provides a method, system and LAN for blocking access to harmful sites, which is capable of blocking access to harmful sites by installing a memory storing a harmful site list in the LAN card and examining whether all packets passing through the LAN card are packets transmitted/received to/from harmful sites.
  • a harmful site list and/or a valid site list are stored in the LAN card of the present invention.
  • An address distinguishing unit in the LAN card examines all packets passing through the LAN card and blocks packets transmitted/received to/from harmful sites.
  • information on whether recently accessed sites correspond to valid sites or harmful sites is stored in a buffer and it is determined whether an address corresponds to a harmful or harmful site.
  • a server for providing a harmful/valid site list updating service about whether the site is harmful or valid.
  • the packet relating to the site is stored in a queue until a response to the inquiry arrives.
  • new harmful and valid site lists are downloaded from harmful and valid site lists providing servers at regular intervals, and the harmful and valid site lists are updated.
  • FIGs. 1 to 3 are diagrams of networks showing conventional methods of blocking access to harmful sites
  • Fig. 4 is a diagram of a network showing a method of blocking access to harmful sites in accordance with the present invention
  • Fig. 5 is a schematic block diagram showing the internal structure of a LAN card having the function of blocking access to harmful sites;
  • Fig. 6 is a flowchart showing a method of examining a transmission packet and blocking access to harmful sites in an address distinguishing unit
  • Fig. 7 is a flowchart showing a method of examining a reception packet and blocking access to harmful sites in an address distinguishing unit; and Fig. 8 is a schematic diagram showing the construction of a harmful site list providing server.
  • Fig. 4 is a diagram of a network describing a method of blocking access to harmful sites.
  • Lists 200 of valid sites and harmful sites are furnished in a LAN card 100 installed in a computer 10 of a user. Packets received/transmitted from/to the computer 10 of the user must be passed through the LAN card 100.
  • the LAN card 100 extracts an Internet Protocol (IP) address or a Uniform Resource Locator (URL) from a packet passed therethrough, and compares it with the lists 200. Since there is a strong possibility of re-accessing recently accessed sites, a list of recently accessed sites can be stored in a separate buffer and separately searched to increase the speed of a search.
  • IP Internet Protocol
  • URL Uniform Resource Locator
  • the LAN card 100 sends a packet to a harmful site list providing server 300 to inquire whether the site corresponds to a harmful site.
  • the packet is stored in a queue until a response to the inquiry arrives from the harmful site list providing server 300.
  • a harmful site and valid site database 400 is connected to the harmful site list providing server 300.
  • the harmful site list providing server 300 determines whether the site corresponds to a harmful site in response to the inquiry from the LAN card 100 and transmits a determination result to the LAN card 100.
  • the LAN card 100 deletes the packet stored in the queue if the site corresponds to a harmful site on the basis of the response from the harmful site list providing server 300, while the LAN card 100 passes the packet stored in the queue therethrough if the site corresponds to a valid site.
  • the LAN card 100 is comprised of a Peripheral Component Interconnect
  • PCI bus 110 for accessing a PCI bus, that is, an internal bus of a computer, a Media Access
  • MAC processing unit 150 for processing media access control processed in a higher layer, a PHysical Layer device (PHY) for carrying out processing in a physical layer, a buffer for processing packets, a boot Read Only Memory (ROM) and a connector.
  • PHY Physical Layer device
  • ROM Read Only Memory
  • the LAN card 100 of the present invention is further comprised of an address distinguishing unit 130, a valid site list storage 141 and/or a harmful site list storage 142, a 0 packet transmission queue 143, a packet reception queue 144 and a server address storage
  • the LAN card 100 can be further comprised of a buffer for storing data about whether recently accessed sites are valid or harmful.
  • address distinguishing unit 130 is described as being positioned between the PCI interface 110 and the MAC processing unit 150 in Fig. 5, the address 5 distinguishing unit 130 can be positioned between the MAC processing unit 150 and the PHY
  • the valid site list storage 141 stores a valid site list provided by the harmful site list providing server 300, while the harmful site list storage 142 stores a harmful site list provided by the harmful site list providing server 300.
  • the LAN card 100 can be provided with both ft of the lists or one of them.
  • Non-volatile memories such as flash memories or Electrically Erasable and Programmable ROMs (EEPROMs) are employed as the valid site list storage 141 and the harmful site list storage 142.
  • EEPROMs Electrically Erasable and Programmable ROMs
  • Contents stored in the storages 141 and 142 are numerical values corresponding to 5 IP addresses and character values corresponding to URLs.
  • numerical and character values are not stored directly but preferably stored after being processed in a hash manner. The reason for this is that since a reversed function is not present in a hash algorithm, important data included in a packet cannot be read even though a packet transmitted from the LAN card 100 is intentionally intercepted. Additionally, contents stored in hash values require shorter search times than those for text type searches.
  • the packet transmission queue 143 is a place in which some of packets transmitted from the computer 10 to the Web site "A" are temporarily stored to wait for the determination of whether the packet are harmful performed by the server 300.
  • the packet reception queue 144 is a place, in which some of packets received from the Web site "A" are temporarily stored to wait for the determination of whether the packets relates to harmful sites, which is performed by the server 300.
  • Non-volatile memories such as flash memories or volatile memories such as RAMs can be employed as the queues 143 and 144.
  • queues are used to carry out buffering.
  • the buffering queues are used also as the transmission and reception queues.
  • the reception and transmission queues are provided separately from the buffering queues.
  • the server address storage 145 is comprised of a non-volatile memory such as an EEPROM or a flash memory, and stores the address of the harmful site list providing server 300.
  • the address distinguishing unit 130 uses the addresses stored in the server address storage 145 when determining whether the packets received from the server 300 are harmful, or transmitting an inquiry packet to the server 300 so as to inquire about an address when it is impossible to determine whether the address corresponds to that of a harmful site.
  • the buffer 120 stores data on whether recently accessed addresses sites are harmful.
  • the number of recently accessed sites stored in the buffer 120 can be randomly determined. As the number of recently accessed sites stored in the buffer 120 is increased, the size of the buffer 120 is increased and time required to search the buffer 120 is increased. In contrast, as the number of recently accessed sites is decreased, needs to search the valid site list storage 141 and the harmful site list storage 142 are increased, thus reducing the total speed of processing.
  • a non-volatile memory such as a flash memory can be employed as the buffer 120
  • a volatile memory providing a fast access speed is preferably employed as the buffer 120.
  • the address distinguishing unit 130 serves to determine whether a packet is passed therethrough by extracting an IP address or an URL from a packet passing therethrough and comparing the IP address or URL with addresses stored in the buffer 120 or list storages 141 and 142.
  • the address distinguishing unit 130 can examine all packets passing therethrough, it preferably examines packets in such a way as to first determine whether packets are liable for examination, passing packets not liable for examination therethrough and determining whether only packets liable for examination are passed therethrough.
  • the packets liable for examination are preferably limited to HTTP packets and telnet packets. The determination of whether packets are liable for examination can be carried out using the kinds of packets and port numbers.
  • the address distinguishing unit 130 determines whether addresses correspond to each other.
  • Fig. 6 is a flowchart showing a method of examining a transmission packet and blocking access to a harmful site.
  • Fig. 7 is a flowchart showing a method of examining a reception packet and blocking information transmitted from a harmful site in the address distinguishing unit 130.
  • the address distinguishing unit 130 can examine all packets passing therethrough. Alternatively, the address distinguishing unit 130 can examine packets in such a way as to first determine whether packets are liable for examination, passing packets not liable for examination therethrough and determining whether only packets liable for examination are passed therethrough. The following description is made for only packets liable for examination.
  • the address distinguishing unit 130 stops the packet transmission of the LAN card 100 for packets liable for examination and extracts a target address (an IP address or a URL information) at step SI 10.
  • the address distinguishing unit 130 stores a temporarily stopped packet in the packet transmission queue 143 at step SI 20, and compares the target address extracted from the packet with the addresses of recently accessed sites stored in the buffer 120 at step SI 30. If as the result of the comparison a corresponding address is present in the buffer
  • this corresponding packet is passed therethrough at step SI 80. This passed packet is deleted from the corresponding queue 143.
  • this corresponding packet is deleted from the packet transmission queue 143 and a message that the address of the corresponding packet is not present is transmitted to the computer 10 at step S170.
  • the transmission of the message that the address of the corresponding packet is not present is carried out by adjusting a HTTP state value. That is, a random state value is selected among a value range of 400 to 499 or another value range of 500 to 599.
  • a random state value is selected among a value range of 400 to 499 or another value range of 500 to 599.
  • the value range of 400 to 499 corresponds to state values for imperfect client requests
  • the value range of 500 to 599 corresponds to state values for server errors.
  • TTL Transfer Control Protocol
  • the address distinguishing unit 130 passes a packet therethrough after changing the address of a harmful site to the address of a valid site. In that case, although the user tried to access the harmful site, he accesses the valid site, thus preventing access to the harmful site.
  • step S130 If as the result of the determination at step S130 an address corresponding to the destination of the packet is not present in the buffer 120 (NO at step 130), the destination of the packet is stored as one of recently accessed addresses in the buffer 120, and the oldest address is deleted from the buffer 120. Then, it is determined whether an address corresponding to the destination of the packet is present in the harmful site list storage 142 at step S140.
  • step SI 70 the packet is deleted and a message that a corresponding address is not present is transmitted to the computer 10.
  • the computer 10 can be forcibly made to access a valid site.
  • step SI 50 it is determined whether an address corresponding to the destination of the packet is present in the valid site list storage 141 at step SI 50. If the address corresponding to the destination of the packet is present in the valid site list storage 142, the process proceeds to step SI 80 to pass the packet through the address distinguishing unit 130.
  • the destination address of the packet or the packet itself standing by in the packet transmission queue 143 is transmitted to the harmful site list providing server 300 to inquire whether the address of the packet corresponds to a harmful site at step SI 60.
  • the address distinguishing unit 130 reads the address of the harmful site list providing server 300 from the server address storage 145 and tries to access the server 300.
  • the address distinguishing unit 130 performs TCP flow control.
  • a separate block for performing TCP flow control must be provided in front of the MAC processing unit
  • the address distinguishing unit 130 transmits the address of a corresponding packet to the harmful site list providing server 300.
  • the address of the packet is processed in a hash manner, the address together with a hash value is transmitted.
  • the packet transmitted to the server 300 has the structure of table 1.
  • the hash designates a hash value corresponding to an extracted IP address or URL.
  • the serial number is a unique serial number of the LAN card 100. The serial number is different from a MAC address in type, and used to identify a packet as that transmitted from a computer in which the LAN card 100 of the present invention is installed.
  • the serial number can be comprised of a unique number assigned to each LAN card and a serial number that is assigned by the LAN card 100 to distinguish packets from one another.
  • the LAN card 100 can identify which response belongs to which packet using the serial number when the server 300 transmits a response message.
  • the URL is an address that is used to inquire whether the site of the address is harmful.
  • a packet standing by in the packet transmission queue 143 can be transmitted to the server 300 to inquire whether the site of the address is harmful instead of the transmission of the address.
  • the packet standing by in the packet transmission queue 143 enters the data field of a packet to be transmitted, and the destination of the packet must be the harmful site list providing server 300.
  • the address distinguishing unit 130 transmits the packet to the harmful site list providing server 300, a response to a corresponding query is received from the harmful site list providing server 300 and access to the harmful site list providing server 300 is terminated.
  • the address distinguishing unit 130 passes the packet therethrough or deletes it according to the response.
  • the address distinguishing unit 130 transmits a second access request. If no response is received from the server 300 for another certain period of time after the first access request is transmitted to the harmful site list providing server 300, a message that the corresponding page is not present is transmitted to the computer 10 and the corresponding packet is deleted. Alternatively, if a certain period of time elapses after a first access request is made, the corresponding packet is deleted; or if a certain period of time elapses after a third access request is made, the corresponding packet is deleted.
  • the present invention does not restrict the number of access requests.
  • the address distinguishing unit 130 If the address distinguishing unit 130 receives a packet, the address distinguishing unit 130 stores the received packet in the packet reception queue 144 and extracts the address of a starting location from the received packet at step S210. Additionally, the address distinguishing unit 130 determines whether the extracted address corresponds to one of addresses stored in the server address storage 145 at step S220. If the two addresses correspond to each other, that is, the received packet is a packet transmitted from the harmful site list providing server 300, it is determined whether the packet is a response to a query.
  • the packet transmitted from the server 300 at least includes a field representing whether the packet is the response to the query or a packet for updating a list, an item representing which response belongs to which inquiry, an item representing whether a site is harmful and the contents of updating of the list.
  • step 240 determines whether an inquired-about address is an address of a harmful site. If the inquired-about address is an address of a harmful site, the address distinguishing unit 130 transmits a message that a corresponding address is not present is transmitted to the computer of a user and deletes the corresponding packet from the queue 143 or 144 at step S242. Additionally, since the corresponding address is not an address entered in the harmful site list storage 142, the address distinguishing unit 130 stores the corresponding address in the harmful site list storage 142 at step S244. Furthermore, it is recorded in the buffer 120 having recently accessed addresses that the corresponding address corresponds to a harmful site.
  • the address distinguishing unit 130 passes the corresponding packet therethrough and deletes the corresponding packet from the queue 143 and 144 at step S246. Additionally, since the corresponding address is an address entered in the valid site list storage 141, the address distinguishing unit 130 stores the corresponding address in the valid site list storage 141 at step S248. Furthermore, it is recorded in the buffer 120 having recently accessed addresses that the corresponding address corresponds to a valid site. If as the result of the determination at step S230 the received packet does not correspond to a response to the inquiry, it is determined whether the packet is information on the updating of the list at step S250.
  • the address distinguishing unit 130 updates the valid site list storage 141 or harmful site list storage 142 according to the contents of the packet at step S252. In the meantime, if the received packet is not a packet transmitted from the server
  • the address distinguishing unit 130 determines whether the address of the received packet corresponds to one of the recently accessed addresses stored in the buffer 120 at step S260. If an address corresponding to the address of the received packet is present, it is determined whether the address corresponds to a harmful site at step S261. If the address corresponds to the harmful site, the packet is deleted from the packet reception queue 144 and a message that the address is not present is transmitted to the computer 10 at step S270. If the address corresponds to a valid site, the packet is passed therethrough to the computer 10 at step S280.
  • the address distinguishing unit 130 searches the harmful site list storage 142 to determine whether an address corresponding to the address of the received packet is present in the harmful site list storage 142 at step S262. If an address corresponding to the address of the received packet is present in the harmful site list storage 142, the process proceeds to step S270 to delete the packet from the packet reception queue 144 and transmits a message that there is no address to the computer 10.
  • step S264 If ah address corresponding to the address of the received packet is not present in the harmful site list storage 142, it is determined whether an address corresponding to the address of the received packet is present in the valid site list storage 141 at step S264. If the address corresponding to the address of the received packet is present in the valid site list storage 141, the process proceeds to step S280 to pass the packet therethrough to the computer 10.
  • the address distinguishing unit 130 transmits a packet to inquire of the harmful site list providing server 300 whether the address of the received packet corresponds to the harmful site at step S266. This procedure is previously described in conjunction with step S160 of Fig. 6, so the detailed description thereof is omitted here.
  • the harmful site list providing server 300 includes a Web server 310 for accessing the Internet, a LAN card management module 320 for responding to an inquiry from the LAN card 100, updating a harmful site list stored and/or a valid site list stored in the LAN card 100, a DataBase (DB) server for managing a LAN card DB 370, a harmful site DB 350 and a valid site DB 360, and a harmful site search engine 340 for updating the valid site DB 360 and the harmful site DB 350 while performing Web surfing.
  • DB DataBase
  • the LAN card management module 320 When the LAN card management module 320 receives an inquiry about whether a certain address corresponds to a harmful site, the LAN card management module 320 examines whether an address corresponding to the address is present in the harmful site DB 5 350 and the valid site DB 360 through the DB server, the result of the examination is transmitted to the LAN card 100. In this case, a serial number in the packet received from the LAN card 100 is copied and the copied serial number is transmitted to the LAN card 100, so the LAN card can identify which response belongs to which packet.
  • a LAN card is an authorized user's one l ⁇ by the serial number in the packet received from the LAN card 100. That is, at the time of manufacturing the LAN card 100, a unique number is assigned to and stored in the LAN card 100. Additionally, it is possible that when an inquiry about whether the address of a packet corresponds to a harmful site is transmitted from the LAN card 100, a response is made only to an inquiry transmitted from an authorized user's LAN card 100 by determining whether a
  • the LAN card management module 320 produces and transmits a packet to update the harmful site list and/or the valid site list in the LAN card 100.
  • the list updating packet can be transmitted at regular intervals, or frequently transmitted whenever a
  • the harmful site search engine 340 updates the harmful site DB 350 and the valid site DB 360 while performing Web surfing frequently or at regular intervals. Since Web sites frequently appear or disappear, the Web sites are searched and the DBs 350 and 360 are continuously updated. Additionally, in conjunction with the LAN card management module
  • a user can determine the kinds of harmful sites to be blocked. For example, general homes may desire to register a stock trading site as a valid site, whereas companies may desire to register the stock trading site as a harmful site. Accordingly, information on the kinds of harmful sites is made to be stored in the LAN card DB 370. Additionally, information on the specific kind of a site, for example, an adult site, a violent site, a chat site or the like, can be stored together.
  • the LAN card management module 320 determines whether the address corresponds to the harmful site according to the information on the kinds of harmful sites stored in the LAN card DB 370 and the specific kind of a site stored in the harmful site DB 350.
  • the LAN card management module 320 is constructed to activate or deactivate the function of blocking access to harmful sites of each LAN card 100. That is, the function of blocking access to harmful sites of the LAN card 100 is activated or deactivated by providing a field for activating or deactivating the function of blocking access to harmful sites of the LAN card 100 in a packet transmitted to the LAN card 100 and transmitting a packet for activating or deactivating the function of blocking access to harmful sites.
  • the process of Fig. 6 is omitted. For the process of Fig. 7, it is only determined whether a packet has been transmitted from the server.
  • the list is updated according to the contents of the packet or the step of activating the function of blocking access to harmful sites. Furthermore, a user can register the fact that the function of blocking access to harmful sites is activated at a specific time interval. In such a case, data are stored in the LAN card DB 370 to activate the function of blocking access to harmful sites at which time interval or which date interval.
  • the LAN card management module 320 can implement the function of blocking access to harmful sites at the interval by transmitting a packet for 7) activating or deactivating the function of blocking access to harmful sites according to the data stored in the LAN card DB 370.
  • access to harmful sites is blocked by 5 installing the LAN card of the present invention, so access to harmful sites can be blocked regardless of the reinstallation of an operating system or a system and a system registry.
  • the harmful site list can be stored in the LAN card and the kinds of harmful sites for each LAN card can be set in the harmful site list providing server, so each individual, each group, each company or the like can select harmful sites according to its purpose.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Human Resources & Organizations (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Primary Health Care (AREA)
  • Marketing (AREA)
  • General Health & Medical Sciences (AREA)
  • Economics (AREA)
  • Health & Medical Sciences (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

There is provided a method, system and Local Area Network (LAN) card for blocking access to harmful sites, which is capable of blocking access to harmful sites by installing a memory storing a harmful site list in the LAN card and examining whether all packets passing through the LAN card are packets transmitted/received to/from harmful sites. A harmful site list and/or a valid site list are sotred in the LAN card of the present invention. An address distinguishing unit in the LAN card examines all packets passing through the LAN card and blocks packets trnasmitted/received to/from harmful sites. Additionally, in order to perform rapid searches, information on whether recently accessed sites correspond to valid sites or harmful sites is stored in a buffer and it is determined whether an address corresponds to a harmful or harmful site. For a site that is not presentin the valid site list and the harmful site list, it is inquired of a server for providing a harmful/valid site list updating service about whether the site is harmful or valid. The packet relating to the site is stored in a queue until a response to the inquiry arrives. Additionally, new harmful and valid site lists are downloaded from harful and valid site lists providing servers at regular intervals, and the harmful and valid site lists are updated.

Description

METHOD AND SYSTEM FOR RESTRICTING ACCESS TO SPECIFIC INTERNET SITES AND LAN CARD FOR THE SAME
Technical Field
The present invention relates generally to a method, system and local area network card for blocking access to harmful sites, and particularly to a method, system and local area network card for blocking access to harmful sites, which' is capable of blocking access to harmful sites by installing a memory storing a harmful site list in the local area network card, examining whether all packets passing through the local area network card are packets transmitted/received to/from harmful sites on the basis of the harmful site list, and determining whether the addresses of the packets correspond to harmful sites by inquiring of a harmful site list providing server about harmful sites in the case of access to sites that are not present in the harmful site list.
Background Art
The Internet is an open computer communication network in which companies, laboratories, libraries, schools, individuals or the like all over the world can search information and exchange information with one another using computers. As computer communication technology is developing and the popularization of computers is increasing, the use of the Internet is rapidly spreading.
In the meantime, while the Internet is spreading and the number of users of the
Internet is explosively increasing as described above, there occurs a problem in that serious social side effects are caused by various harmful information provided from a server to clients on the Internet.
Harmful sites on the Internet denote not only sites that provide lewd information such as lewd images, stories and chats, and antisocial information such as suicide methods and bomb manufacturing methods, but also various sites that incur the dereliction of duties through the provision of day trading and chats in duty hours.
By the accessing of such harmful sites, study is hindered, and crime, violence, and sexual and suicide urges are excited for youths. For companies, a problem occurs in that employees' work efficiencies are reduced.
Accordingly, various methods of blocking access to harmful information on the Internet have been introduced.
For one of the various methods, there is a method in which an Internet Service Provider (ISP) blocks access to harmful sites. This method, as shown in Fig. 1, is implemented in such a way that an ISP 30 constructs a database 35 of a harmful site list, monitors Internet addresses inputted by users 10a to lOn accessing a Local Area Network (LAN) 20 or users 11 accessing the Internet through a Public Switched Telephone Network (PSTN) 25 using a modem, and prohibits access to addresses stored in the harmful site list database 35.
However, the method is problematic in that the method may give rise to a dispute that it is a kind of censorship on information. Additionally, the method is problematic in that since the prohibition against access to harmful sites cannot be accomplished to be suitable for the characteristics of a user group, access to harmful sites is prohibited collectively.
Accordingly, there is a tendency worldwide toward self-regulation according to the judgment of user groups (schools, companies, and homes) rather than regulation by an ISP.
In order to solve such problems, there may be employed another method in which blocking software is installed in each computer 10. As shown in Fig. 2, in accordance with this method, if the blocking software is installed in the computer 10, the block software downloads a blocked site list at regular intervals from a server 50 for providing a blocked site list updating service, and constructs a database 35 of a blocked site list in the computer 1. In that case, the computer 10 determines whether an Internet address of an Internet site corresponds to one of the site addresses stored in the blocked site list database 35 whenever a user accesses the Internet site, and blocks access to the sites registered in the blocked site list database 35.
However, this method is problematic in that this method is not operated properly while the server computer is shut off and is out of order, and the speed of the Internet is reduced by data packet examination in the server. Additionally, this method incurs great expense in that an operator of the server computer is required to be employed and the server computer must be purchased. Additionally, this conventional method is defective in that individual users not in a LAN environment cannot utilize this method.
Alternatively, there is another access blocking method that utilizes a firewall. However, this conventional method is also defective in that the purchase costs of the firewall and a filtering system are excessively high and individual users cannot utilize this method.
Disclosure of the Invention
Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and an object of the present invention is to provide a method, system and LAN card for blocking access to harmful sites.
Another object of the present invention is to provide a method, system and LAN card for blocking access to harmful sites, which is capable of operating regardless of the reinstallation of an operating system and a system and a system registry. A further object of the present invention is to provide a method, system and LAN card for blocking access to harmful sites, which is capable of minimizing a decrease in Internet speed due to the blocking of access to harmful sites.
A still further object of the present invention is to provide a method, system and LAN card for blocking access to harmful sites, in which each group, each company or the like can select harmful sites according to its purpose.
Another object of the present invention is to provide a method, system and LAN card for blocking access to harmful sites, which does not require a server and an operator.
In order to accomplish the above object, the present invention provides a method, system and LAN for blocking access to harmful sites, which is capable of blocking access to harmful sites by installing a memory storing a harmful site list in the LAN card and examining whether all packets passing through the LAN card are packets transmitted/received to/from harmful sites. A harmful site list and/or a valid site list are stored in the LAN card of the present invention. An address distinguishing unit in the LAN card examines all packets passing through the LAN card and blocks packets transmitted/received to/from harmful sites.
Additionally, in order to perform rapid searches, information on whether recently accessed sites correspond to valid sites or harmful sites is stored in a buffer and it is determined whether an address corresponds to a harmful or harmful site. For a site that is not present in the valid site list and the harmful site list, it is inquired of a server for providing a harmful/valid site list updating service about whether the site is harmful or valid. The packet relating to the site is stored in a queue until a response to the inquiry arrives. Additionally, new harmful and valid site lists are downloaded from harmful and valid site lists providing servers at regular intervals, and the harmful and valid site lists are updated.
Brief Description of the Drawings The above and other objects, features and other advantages of the present invention will be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings, in which: Figs. 1 to 3 are diagrams of networks showing conventional methods of blocking access to harmful sites;
Fig. 4 is a diagram of a network showing a method of blocking access to harmful sites in accordance with the present invention;
Fig. 5 is a schematic block diagram showing the internal structure of a LAN card having the function of blocking access to harmful sites;
Fig. 6 is a flowchart showing a method of examining a transmission packet and blocking access to harmful sites in an address distinguishing unit;
Fig. 7 is a flowchart showing a method of examining a reception packet and blocking access to harmful sites in an address distinguishing unit; and Fig. 8 is a schematic diagram showing the construction of a harmful site list providing server.
Best Mode for Carrying Out the Invention
A preferred embodiment of the present invention is described in detail with reference to the accompanying drawings hereinafter.
Fig. 4 is a diagram of a network describing a method of blocking access to harmful sites.
Lists 200 of valid sites and harmful sites are furnished in a LAN card 100 installed in a computer 10 of a user. Packets received/transmitted from/to the computer 10 of the user must be passed through the LAN card 100. The LAN card 100 extracts an Internet Protocol (IP) address or a Uniform Resource Locator (URL) from a packet passed therethrough, and compares it with the lists 200. Since there is a strong possibility of re-accessing recently accessed sites, a list of recently accessed sites can be stored in a separate buffer and separately searched to increase the speed of a search.
As the result of the comparison, a packet having an address corresponding to a valid site is passed through the LAN card 100, whereas a packet hading an address corresponding to a harmful site is deleted by the LAN card 100.
Meanwhile, if the address of a packet corresponds to no entry in the lists 200, the LAN card 100 sends a packet to a harmful site list providing server 300 to inquire whether the site corresponds to a harmful site. The packet is stored in a queue until a response to the inquiry arrives from the harmful site list providing server 300.
A harmful site and valid site database 400 is connected to the harmful site list providing server 300. The harmful site list providing server 300 determines whether the site corresponds to a harmful site in response to the inquiry from the LAN card 100 and transmits a determination result to the LAN card 100.
The LAN card 100 deletes the packet stored in the queue if the site corresponds to a harmful site on the basis of the response from the harmful site list providing server 300, while the LAN card 100 passes the packet stored in the queue therethrough if the site corresponds to a valid site.
For example, if a certain Web site "A" is a harmful site, a packet is deleted and is not transmitted to the harmful site even though a user tries to access the Web site "A".
Additionally, even though a user tries to access a harmful site through a valid site, a packet transmitted from the harmful site is blocked in the LAN card 100, so the user cannot receive information from the harmful site. Thereafter, the internal structure of the LAN card of the present invention is described with reference to Fig. 5.
In general, the LAN card 100 is comprised of a Peripheral Component Interconnect
(PCI) bus 110 for accessing a PCI bus, that is, an internal bus of a computer, a Media Access
5 Control (MAC) processing unit 150 for processing media access control processed in a higher layer, a PHysical Layer device (PHY) for carrying out processing in a physical layer, a buffer for processing packets, a boot Read Only Memory (ROM) and a connector.
The LAN card 100 of the present invention is further comprised of an address distinguishing unit 130, a valid site list storage 141 and/or a harmful site list storage 142, a 0 packet transmission queue 143, a packet reception queue 144 and a server address storage
145. Additionally, the LAN card 100 can be further comprised of a buffer for storing data about whether recently accessed sites are valid or harmful.
Although the address distinguishing unit 130 is described as being positioned between the PCI interface 110 and the MAC processing unit 150 in Fig. 5, the address 5 distinguishing unit 130 can be positioned between the MAC processing unit 150 and the PHY
160, or behind the PHY 160.
The valid site list storage 141 stores a valid site list provided by the harmful site list providing server 300, while the harmful site list storage 142 stores a harmful site list provided by the harmful site list providing server 300. The LAN card 100 can be provided with both ft of the lists or one of them.
Non-volatile memories such as flash memories or Electrically Erasable and Programmable ROMs (EEPROMs) are employed as the valid site list storage 141 and the harmful site list storage 142.
Contents stored in the storages 141 and 142 are numerical values corresponding to 5 IP addresses and character values corresponding to URLs. Alternatively, numerical and character values are not stored directly but preferably stored after being processed in a hash manner. The reason for this is that since a reversed function is not present in a hash algorithm, important data included in a packet cannot be read even though a packet transmitted from the LAN card 100 is intentionally intercepted. Additionally, contents stored in hash values require shorter search times than those for text type searches.
The packet transmission queue 143 is a place in which some of packets transmitted from the computer 10 to the Web site "A" are temporarily stored to wait for the determination of whether the packet are harmful performed by the server 300. Similarly, the packet reception queue 144 is a place, in which some of packets received from the Web site "A" are temporarily stored to wait for the determination of whether the packets relates to harmful sites, which is performed by the server 300. Non-volatile memories such as flash memories or volatile memories such as RAMs can be employed as the queues 143 and 144. In an existing LAN card, when packets are transmitted and received, queues are used to carry out buffering. The buffering queues are used also as the transmission and reception queues. The reception and transmission queues are provided separately from the buffering queues.
The server address storage 145 is comprised of a non-volatile memory such as an EEPROM or a flash memory, and stores the address of the harmful site list providing server 300. The address distinguishing unit 130 uses the addresses stored in the server address storage 145 when determining whether the packets received from the server 300 are harmful, or transmitting an inquiry packet to the server 300 so as to inquire about an address when it is impossible to determine whether the address corresponds to that of a harmful site.
The buffer 120 stores data on whether recently accessed addresses sites are harmful. The number of recently accessed sites stored in the buffer 120 can be randomly determined. As the number of recently accessed sites stored in the buffer 120 is increased, the size of the buffer 120 is increased and time required to search the buffer 120 is increased. In contrast, as the number of recently accessed sites is decreased, needs to search the valid site list storage 141 and the harmful site list storage 142 are increased, thus reducing the total speed of processing.
Even though a non-volatile memory such as a flash memory can be employed as the buffer 120, a volatile memory providing a fast access speed is preferably employed as the buffer 120.
The address distinguishing unit 130 serves to determine whether a packet is passed therethrough by extracting an IP address or an URL from a packet passing therethrough and comparing the IP address or URL with addresses stored in the buffer 120 or list storages 141 and 142. Although the address distinguishing unit 130 can examine all packets passing therethrough, it preferably examines packets in such a way as to first determine whether packets are liable for examination, passing packets not liable for examination therethrough and determining whether only packets liable for examination are passed therethrough. The packets liable for examination are preferably limited to HTTP packets and telnet packets. The determination of whether packets are liable for examination can be carried out using the kinds of packets and port numbers.
In the meantime, in the case where addresses are stored in a storage in hash values, the address distinguishing unit 130 determines whether addresses correspond to each other.
Hereinafter, an algorithm of determining whether a packet can be passed through the LAN card 100 in the address distinguishing unit 130 is described with reference to Figs. 6 and 7. Fig. 6 is a flowchart showing a method of examining a transmission packet and blocking access to a harmful site. Fig. 7 is a flowchart showing a method of examining a reception packet and blocking information transmitted from a harmful site in the address distinguishing unit 130. First, with reference to Fig. 6, the algorithm of determining whether a packet transmitted from the computer 100 can be passed through the address distinguishing unit 130 is described.
As described above, the address distinguishing unit 130 can examine all packets passing therethrough. Alternatively, the address distinguishing unit 130 can examine packets in such a way as to first determine whether packets are liable for examination, passing packets not liable for examination therethrough and determining whether only packets liable for examination are passed therethrough. The following description is made for only packets liable for examination.
The address distinguishing unit 130 stops the packet transmission of the LAN card 100 for packets liable for examination and extracts a target address (an IP address or a URL information) at step SI 10.
The address distinguishing unit 130 stores a temporarily stopped packet in the packet transmission queue 143 at step SI 20, and compares the target address extracted from the packet with the addresses of recently accessed sites stored in the buffer 120 at step SI 30. If as the result of the comparison a corresponding address is present in the buffer
120 and this corresponding address is an address of a valid site (NO at step S135), this corresponding packet is passed therethrough at step SI 80. This passed packet is deleted from the corresponding queue 143.
On the other hand, if a corresponding address is present in the buffer 120 and this corresponding address is an address of a harmful site (Yes at step S135), this corresponding packet is deleted from the packet transmission queue 143 and a message that the address of the corresponding packet is not present is transmitted to the computer 10 at step S170.
The transmission of the message that the address of the corresponding packet is not present is carried out by adjusting a HTTP state value. That is, a random state value is selected among a value range of 400 to 499 or another value range of 500 to 599. Of the HTTP state values, the value range of 400 to 499 corresponds to state values for imperfect client requests, whereas the value range of 500 to 599 corresponds to state values for server errors.
Additionally, in the case of not HTTP but Transfer Control Protocol (TCP)/TP, when Time To Live (TTL) is set to zero, a packet cannot pass through any gateway, so a user cannot access a harmful site.
When a user tries to access a harmful site, forcible access to a valid site is possible instead of the transmission of an error message. That is, when a user tries to access a harmful site, the address distinguishing unit 130 passes a packet therethrough after changing the address of a harmful site to the address of a valid site. In that case, although the user tried to access the harmful site, he accesses the valid site, thus preventing access to the harmful site.
If as the result of the determination at step S130 an address corresponding to the destination of the packet is not present in the buffer 120 (NO at step 130), the destination of the packet is stored as one of recently accessed addresses in the buffer 120, and the oldest address is deleted from the buffer 120. Then, it is determined whether an address corresponding to the destination of the packet is present in the harmful site list storage 142 at step S140.
If the address corresponding to the destination of the packet is present in the harmful site list storage 142, the process proceeds to step SI 70 where the packet is deleted and a message that a corresponding address is not present is transmitted to the computer 10.
Alternatively, as described above, the computer 10 can be forcibly made to access a valid site.
If the address corresponding to the destination of the packet is not present in the harmful site list storage 142, it is determined whether an address corresponding to the destination of the packet is present in the valid site list storage 141 at step SI 50. If the address corresponding to the destination of the packet is present in the valid site list storage 142, the process proceeds to step SI 80 to pass the packet through the address distinguishing unit 130.
If the address corresponding to the destination of the packet is not also present in the valid site list storage 141, the destination address of the packet or the packet itself standing by in the packet transmission queue 143 is transmitted to the harmful site list providing server 300 to inquire whether the address of the packet corresponds to a harmful site at step SI 60. The address distinguishing unit 130 reads the address of the harmful site list providing server 300 from the server address storage 145 and tries to access the server 300.
In this case, since new access to the harmful site list server 300 is required, the address distinguishing unit 130 performs TCP flow control. In the case where the address distinguishing unit 130 is not positioned in front of the MAC processing unit 150, a separate block for performing TCP flow control must be provided in front of the MAC processing unit
150.
If access to the harmful site list providing server 300 is established, the address distinguishing unit 130 transmits the address of a corresponding packet to the harmful site list providing server 300. In the case where the address of the packet is processed in a hash manner, the address together with a hash value is transmitted. In such a case, the packet transmitted to the server 300 has the structure of table 1.
Table 1
Figure imgf000013_0001
Since the IP header and the TCP are used in general packet transmission, the detailed description of them is omitted. The hash designates a hash value corresponding to an extracted IP address or URL. The serial number is a unique serial number of the LAN card 100. The serial number is different from a MAC address in type, and used to identify a packet as that transmitted from a computer in which the LAN card 100 of the present invention is installed.
The serial number can be comprised of a unique number assigned to each LAN card and a serial number that is assigned by the LAN card 100 to distinguish packets from one another. The LAN card 100 can identify which response belongs to which packet using the serial number when the server 300 transmits a response message. The URL is an address that is used to inquire whether the site of the address is harmful.
A packet standing by in the packet transmission queue 143 can be transmitted to the server 300 to inquire whether the site of the address is harmful instead of the transmission of the address. In this case, the packet standing by in the packet transmission queue 143 enters the data field of a packet to be transmitted, and the destination of the packet must be the harmful site list providing server 300.
After the address distinguishing unit 130 transmits the packet to the harmful site list providing server 300, a response to a corresponding query is received from the harmful site list providing server 300 and access to the harmful site list providing server 300 is terminated.
If the response is received from the harmful site list providing server 300, the address distinguishing unit 130 passes the packet therethrough or deletes it according to the response.
This is described in detail with reference to Fig. 7.
Meanwhile, if no response is received from the server 300 for a certain period of time, for example, 300 seconds, after a first access request is transmitted to the harmful site list providing server 300, the address distinguishing unit 130 transmits a second access request. If no response is received from the server 300 for another certain period of time after the first access request is transmitted to the harmful site list providing server 300, a message that the corresponding page is not present is transmitted to the computer 10 and the corresponding packet is deleted. Alternatively, if a certain period of time elapses after a first access request is made, the corresponding packet is deleted; or if a certain period of time elapses after a third access request is made, the corresponding packet is deleted. The present invention does not restrict the number of access requests.
Thereafter, with reference to Fig. 7, a process carried out when the address distinguishing unit 130 receives a packet is described in detail.
If the address distinguishing unit 130 receives a packet, the address distinguishing unit 130 stores the received packet in the packet reception queue 144 and extracts the address of a starting location from the received packet at step S210. Additionally, the address distinguishing unit 130 determines whether the extracted address corresponds to one of addresses stored in the server address storage 145 at step S220. If the two addresses correspond to each other, that is, the received packet is a packet transmitted from the harmful site list providing server 300, it is determined whether the packet is a response to a query.
The packet transmitted from the server 300 at least includes a field representing whether the packet is the response to the query or a packet for updating a list, an item representing which response belongs to which inquiry, an item representing whether a site is harmful and the contents of updating of the list.
If a packet transmitted from the server 300 is a response to a query, the process proceeds to step 240 to determine whether an inquired-about address is an address of a harmful site. If the inquired-about address is an address of a harmful site, the address distinguishing unit 130 transmits a message that a corresponding address is not present is transmitted to the computer of a user and deletes the corresponding packet from the queue 143 or 144 at step S242. Additionally, since the corresponding address is not an address entered in the harmful site list storage 142, the address distinguishing unit 130 stores the corresponding address in the harmful site list storage 142 at step S244. Furthermore, it is recorded in the buffer 120 having recently accessed addresses that the corresponding address corresponds to a harmful site.
If the address inquired about by the LAN card 100 corresponds to a valid site, the address distinguishing unit 130 passes the corresponding packet therethrough and deletes the corresponding packet from the queue 143 and 144 at step S246. Additionally, since the corresponding address is an address entered in the valid site list storage 141, the address distinguishing unit 130 stores the corresponding address in the valid site list storage 141 at step S248. Furthermore, it is recorded in the buffer 120 having recently accessed addresses that the corresponding address corresponds to a valid site. If as the result of the determination at step S230 the received packet does not correspond to a response to the inquiry, it is determined whether the packet is information on the updating of the list at step S250. If the packet is the information on the updating of the list, the address distinguishing unit 130 updates the valid site list storage 141 or harmful site list storage 142 according to the contents of the packet at step S252. In the meantime, if the received packet is not a packet transmitted from the server
300, it is determined whether the packet is transmitted from a harmful site.
First, the address distinguishing unit 130 determines whether the address of the received packet corresponds to one of the recently accessed addresses stored in the buffer 120 at step S260. If an address corresponding to the address of the received packet is present, it is determined whether the address corresponds to a harmful site at step S261. If the address corresponds to the harmful site, the packet is deleted from the packet reception queue 144 and a message that the address is not present is transmitted to the computer 10 at step S270. If the address corresponds to a valid site, the packet is passed therethrough to the computer 10 at step S280. If as the result of the determination at step S260 an address corresponding to the address of the received packet is not present in the buffer 120, the address distinguishing unit 130 searches the harmful site list storage 142 to determine whether an address corresponding to the address of the received packet is present in the harmful site list storage 142 at step S262. If an address corresponding to the address of the received packet is present in the harmful site list storage 142, the process proceeds to step S270 to delete the packet from the packet reception queue 144 and transmits a message that there is no address to the computer 10.
If ah address corresponding to the address of the received packet is not present in the harmful site list storage 142, it is determined whether an address corresponding to the address of the received packet is present in the valid site list storage 141 at step S264. If the address corresponding to the address of the received packet is present in the valid site list storage 141, the process proceeds to step S280 to pass the packet therethrough to the computer 10.
If the address corresponding to the address of the received packet is present in both the harmful site list storage 142 and the valid site list storage 141, the address distinguishing unit 130 transmits a packet to inquire of the harmful site list providing server 300 whether the address of the received packet corresponds to the harmful site at step S266. This procedure is previously described in conjunction with step S160 of Fig. 6, so the detailed description thereof is omitted here.
Thereafter, the construction and operation of the harmful site list providing server 300 are described with reference to Fig. 8.
The harmful site list providing server 300 includes a Web server 310 for accessing the Internet, a LAN card management module 320 for responding to an inquiry from the LAN card 100, updating a harmful site list stored and/or a valid site list stored in the LAN card 100, a DataBase (DB) server for managing a LAN card DB 370, a harmful site DB 350 and a valid site DB 360, and a harmful site search engine 340 for updating the valid site DB 360 and the harmful site DB 350 while performing Web surfing.
When the LAN card management module 320 receives an inquiry about whether a certain address corresponds to a harmful site, the LAN card management module 320 examines whether an address corresponding to the address is present in the harmful site DB 5 350 and the valid site DB 360 through the DB server, the result of the examination is transmitted to the LAN card 100. In this case, a serial number in the packet received from the LAN card 100 is copied and the copied serial number is transmitted to the LAN card 100, so the LAN card can identify which response belongs to which packet.
Additionally, it can be determined whether a LAN card is an authorized user's one lΩ by the serial number in the packet received from the LAN card 100. That is, at the time of manufacturing the LAN card 100, a unique number is assigned to and stored in the LAN card 100. Additionally, it is possible that when an inquiry about whether the address of a packet corresponds to a harmful site is transmitted from the LAN card 100, a response is made only to an inquiry transmitted from an authorized user's LAN card 100 by determining whether a
15 number corresponding to a serial number included in the packet of the inquiry is present in the LAN card DB 370.
Additionally, the LAN card management module 320 produces and transmits a packet to update the harmful site list and/or the valid site list in the LAN card 100. The list updating packet can be transmitted at regular intervals, or frequently transmitted whenever a
20 harmful site causing social trouble appears.
The harmful site search engine 340 updates the harmful site DB 350 and the valid site DB 360 while performing Web surfing frequently or at regular intervals. Since Web sites frequently appear or disappear, the Web sites are searched and the DBs 350 and 360 are continuously updated. Additionally, in conjunction with the LAN card management module
25 320, information on newly appearing and disappearing sites can be transmitted at regular or irregular intervals.
A user can determine the kinds of harmful sites to be blocked. For example, general homes may desire to register a stock trading site as a valid site, whereas companies may desire to register the stock trading site as a harmful site. Accordingly, information on the kinds of harmful sites is made to be stored in the LAN card DB 370. Additionally, information on the specific kind of a site, for example, an adult site, a violent site, a chat site or the like, can be stored together. In that case, when the LAN card management module 320 responds to an inquiry about whether an address corresponds to a harmful site made by the LAN card 100, or the harmful site list in the LAN card 100 is updated, the LAN card management module 320 determines whether the address corresponds to the harmful site according to the information on the kinds of harmful sites stored in the LAN card DB 370 and the specific kind of a site stored in the harmful site DB 350.
Additionally, it is preferable that the LAN card management module 320 is constructed to activate or deactivate the function of blocking access to harmful sites of each LAN card 100. That is, the function of blocking access to harmful sites of the LAN card 100 is activated or deactivated by providing a field for activating or deactivating the function of blocking access to harmful sites of the LAN card 100 in a packet transmitted to the LAN card 100 and transmitting a packet for activating or deactivating the function of blocking access to harmful sites. When the LAN card 100 receives the packet for deactivating the function of blocking access to harmful sites, the process of Fig. 6 is omitted. For the process of Fig. 7, it is only determined whether a packet has been transmitted from the server. If the packet has been transmitted from the server, the list is updated according to the contents of the packet or the step of activating the function of blocking access to harmful sites. Furthermore, a user can register the fact that the function of blocking access to harmful sites is activated at a specific time interval. In such a case, data are stored in the LAN card DB 370 to activate the function of blocking access to harmful sites at which time interval or which date interval. The LAN card management module 320 can implement the function of blocking access to harmful sites at the interval by transmitting a packet for 7) activating or deactivating the function of blocking access to harmful sites according to the data stored in the LAN card DB 370.
Although the preferred embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the 0 invention as disclosed in the accompanying claims.
Industrial Applicability
In accordance with the present invention, access to harmful sites is blocked by 5 installing the LAN card of the present invention, so access to harmful sites can be blocked regardless of the reinstallation of an operating system or a system and a system registry.
Additionally, an operation of blocking access to harmful sites is performed in the
LAN card itself and a system resource is not used to do it, so a decrease in Internet speed due to the blocking of access to harmful sites is minimized. 0 Additionally, the harmful site list can be stored in the LAN card and the kinds of harmful sites for each LAN card can be set in the harmful site list providing server, so each individual, each group, each company or the like can select harmful sites according to its purpose.

Claims

Claims
1. A method of blocking access to harmful sites in a Local Area Network (LAN) card having a valid site list, comprising the steps of: storing a transmitted or received packet in a certain storage and extracting an address from the packet; determining whether an address corresponding to the extracted address is present in the valid site list in the LAN card; and if the address corresponding to the extracted address is present in the valid site list in the LAN card, passing the packet stored in the storage through the LAN card.
2. A method of blocking access to harmful sites in a LAN card having a harmful site list, comprising the steps of: storing a transmitted or received packet in a certain storage and extracting an address ι from the packet; determining whether an address corresponding to the extracted address is present in the harmful site list in the LAN card; and if the address corresponding to the extracted address is present in the harmful site list in the LAN card, deleting the packet stored in the storage and transmitting a message that an address corresponding to an address of the packet is not present.
3. A method of blocking access to harmful sites in a LAN card having a harmful site list, comprising the steps of: storing a transmitted or received packet in a certain storage and extracting an address from the packet; determining whether an address corresponding to the extracted address is present in the harmful site list in the LAN card; and changing a destination address of the received packet to an address of a predetermined valid site and passing the packet through the LAN card if the address corresponding to the extracted address is present in the harmful site list in the LAN card.
4. The method according to claim 2 or 3, wherein the LAN card further comprises a valid site list; further comprising the steps of, storing a transmitted or received packet in a certain storage and extracting an address from the packet, determining whether an address corresponding to the extracted address is present in the valid site list in the LAN card, and if the address corresponding to the extracted address is present in the valid site list in the LAN card, passing the packet stored in the storage through the LAN card.
5. The method according to claim 4, further comprising the steps of: after the step of extracting the address from the packet, determining whether an address corresponding to the extracted address is present in a buffer for storing addresses of recently accessed sites and information on whether the addresses of the recently accessed sites correspond to harmful sites and valid sites; deleting the packet stored in the certain storage and transmitting to the computer a message for indication that the address does not exist if the address corresponding to the extracted address is present and the address corresponds to a harmful site; and passing the packet through the LAN card if the address corresponding to the extracted address is present and the address corresponds to a valid site.
6. The method according to claim 4, further comprising the steps of: transmitting to the address of the server stored in the LAN card a packet for inquiring of the server about whether the address corresponds to a harmful site if the address 5 is not present in the harmful site list and the valid site list in the LAN card; deleting the packet stored in the certain storage and transmitting to a computer a message for indicating that the address does not exist if a packet for indicating that the address corresponds to a harmful site is received; and passing the packet stored in the certain storage through the LAN card if a packet for ϋ indicating that the address corresponds to a valid site is received.
7. The method according to claim 6, further comprising the steps of: storing the address in the harmful site list if a packet for indicating that the address corresponds to the harmful site is received from the server; and 5 storing the address in the valid site list if a packet for indicating that the address corresponds to the valid site is received from the server,
8. The method according to claim 7, further comprising the steps of: not performing the function of blocking access to harmful sites by passing 0 therethrough all transmitted and received packets except for packets transmitted from the
LAN card if the packet for deactivating the function of blocking access to harmful sites is received from the server; and performing the function of blocking access to harmful sites if the packet for activating the function of blocking access to harmful sites is received from the server while 5 the function of blocking access to harmful sites is deactivated.
9. The method according to claim 6, further comprising the steps of: updating the harmful site list in the LAN card according to contents of a harmful site list updating packet when the harmful site list updating packet is received from the server; and updating the valid site list in the LAN card according to contents of a valid site list updating packet when the valid site list updating packet is received from the server.
10. A system for blocking access to harmful sites, comprising: a harmful site database for storing a harmful site list; a valid site database for storing a valid site list; a database server for managing the databases; a harmful site list providing server provided with a LAN card management module for searching the harmful site database and the valid site database through the database server, determining whether an address corresponds to a harmful site and transmitting a response to the LAN card; a server address storage for storing an address of the harmful site list providing server; a packet transmission queue for temporarily storing a transmission packet; a packet reception queue for temporarily storing a reception packet; a harmful site list storage for storing addresses of harmful sites; a valid site list storage for storing addresses of valid sites; and a LAN card equipped with an address distinguishing unit for extracting an address from a transmitted/received packet, determining whether the extracted address corresponds to a harmful site with reference to the harmful site list storage and the valid site list storage, determining whether the extracted address corresponds to a harmful site by inquiring of the harmful site list providing server about it if the address is not present in the harmful site list storage and the valid site list storage, and deleting the packet if as the result of the determination the extracted address corresponds to the harmful site and passing the packet through the address distinguishing unit if as the result of the determination the extracted address corresponds to a valid site.
11. The system according to claim 10, wherein: the harmful site list providing server includes a LAN card database storing an identification number of the LAN card and information on the kinds of harmful sites to determine whether the extracted address corresponds to the harmful site; the harmful site database stores addresses of harmful sites and the kind of each harmful site; and , the LAN card management module updates the harmful site list storage of the LAN card according to information on the kinds of harmful sites and responds to the inquiry about whether the address corresponds to a harmful site from the LAN card.
12. The system according to claim 11, wherein: the LAN card database includes information on time intervals to activate a function of blocking access to harmful sites for the LAN card; the LAN card management module transmits a packet for activating or deactivating the function of blocking access to harmful sites to the LAN card according to the information on the time intervals of the LAN card database; and the address distinguishing unit omits an operation of extracting the address from the packet and determining whether the extracted address corresponds to a harmful site if the packet for deactivating the function of blocking access to harmful sites is received, and performs the operation of extracting the address from the packet and determining whether the extracted address corresponds to a harmful site if the packet for activating the function of blocking access to harmful sites is received.
13. The system according to claim 11, wherein when a packet of the inquiry about whether the address corresponds to a harmful site is received from the LAN card, the LAN card management module transmits a determination result packet only when a LAN card identification number included in the packet of the inquiry corresponds to the identification number stored in the LAN card database.
14. The system according to claim 10, wherein: the LAN card further comprises a buffer for storing addresses of recently accessed sites and information on whether the addresses of the recently accessed sites correspond to harmful sites; and before determining whether the extracted address corresponds to a harmful site with reference to the harmful site list storage and the valid site list storage, the address distinguishing unit determines whether an address corresponding to the address extracted from the packet is present in the buffer, deletes the packet according to the information on whether the addresses of the recently accessed sites correspond to harmful sites if the address corresponding to the address extracted from the packet is present in the buffer, and passes the packet therethrough if the address corresponds to a valid site.
15. A LAN card having a Peripheral Component Interconnect (PCI) interface for interfacing with a personal computer, a Media Access Control (MAC) processing unit for MAC processing packets and a physical layer interface for accessing the Internet, comprising: a server address storage for storing an address of a harmful site list providing server; a packet transmission queue for temporarily storing a transmission packet; a packet reception queue for temporarily storing a reception packet; a harmful site list storage for storing addresses of harmful sites; a valid site list storage for storing addresses of valid sites; and a LAN card equipped with an address distinguishing unit for extracting an address from a transmitted/received packet, determining whether the extracted address corresponds to a harmful site with reference to the harmful site list storage and the valid site list storage, determining whether the extracted address corresponds to a harmful site by reading the address of the harmful site list providing server and inquiring of the harmful site list providing server about whether the extracted address corresponds to the harmful site if the extracted address is not present in the harmful site list storage and the valid site list storage, and deleting the packet if as the result of the determination the extracted address corresponds to a harmful site and passing the packet through the address distinguishing unit if as the result of the determination the extracted address corresponds to a valid site.
16. The LAN card according to claim 15, further comprising a buffer for storing addresses of recently accessed sites and information on whether the addresses of the recently accessed sites correspond to harmful sites; wherein, before determining whether the extracted address corresponds to a harmful site with reference to the harmful site list storage and the valid site list storage, the address distinguishing unit determines whether an address corresponding to the address extracted from the packet is present in the buffer, deletes the packet according to the information on whether the addresses of the recently accessed sites correspond to harmful sites if the address corresponding to the address extracted from the packet is present in the buffer, and passes the packet therethrough if the address corresponds to a valid site.
17. The LAN card according to claim 15, wherein the address distinguishing unit changes a destination address of the packet to an address of a predetermined valid site and passes the packet therethrough.
18. The LAN card according to claim 15, wherein the information stored in the harmful site list storage and the valid site list storage is coded using a hash function.
19. The LAN card according to claim 15, wherein the address distinguishing unit is positioned between the PCI interface and the MAC processing unit.
20. The LAN card according to claim 15, wherein the address distinguishing unit updates the valid site list storage and the harmful site list storage according to the response to the inquiry about whether the address corresponds to the harmful site if the response is received from the harmful site list providing server.
PCT/KR2002/000476 2001-03-20 2002-03-20 Method and system for restricting access to specific internet sites and lan card for the same Ceased WO2002077852A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR2001/14349 2001-03-20
KR10-2001-0014349A KR100418446B1 (en) 2001-03-20 2001-03-20 Method and system for restricting access to specific internet sites and LAN card for the same

Publications (1)

Publication Number Publication Date
WO2002077852A1 true WO2002077852A1 (en) 2002-10-03

Family

ID=19707148

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2002/000476 Ceased WO2002077852A1 (en) 2001-03-20 2002-03-20 Method and system for restricting access to specific internet sites and lan card for the same

Country Status (2)

Country Link
KR (1) KR100418446B1 (en)
WO (1) WO2002077852A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100396131C (en) * 2004-10-28 2008-06-18 株式会社泛泰 Method and apparatus for restricting data access
WO2008088101A1 (en) * 2007-01-19 2008-07-24 Planty-Net Co., Ltd. System and method for blocking the connection to the harmful information in a internet service provider network
US8291065B2 (en) 2004-12-02 2012-10-16 Microsoft Corporation Phishing detection, prevention, and notification
WO2017091291A1 (en) * 2015-11-23 2017-06-01 Intel Corporation Network interface device facilitating transaction assurance

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040032461A (en) * 2002-10-09 2004-04-17 이영희 Positive contact list firewall and the operating method
KR100453408B1 (en) * 2003-05-23 2004-10-20 이영희 The web-access managing system and the web-access managing method through packet checking interval
KR100930529B1 (en) * 2007-08-08 2009-12-09 주식회사 코난테크놀로지 Harmful video screening system and method through video identification
KR100921712B1 (en) * 2007-08-30 2009-10-15 주식회사 제이니스 Harmful Site Blocking Method and System
KR20150066686A (en) * 2013-12-09 2015-06-17 주식회사 시큐아이 Security device selectively performing security test and operating method thereof
KR101662530B1 (en) * 2015-05-28 2016-10-05 한국전자통신연구원 System for detecting and blocking host access to the malicious domain, and method thereof
KR101808033B1 (en) * 2015-12-28 2017-12-12 주식회사 수산아이앤티 Method for Protecting Harmful Sites Using Accessibility Event and Apparatus Therefor

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000050216A (en) * 2000-04-15 2000-08-05 이대섭 Internet access apparatus and method using an ID card
KR20000074864A (en) * 1999-05-26 2000-12-15 박명순 Method and apparatus for blocking access to illegal and harmful internet contents on the distributed environment
KR20010002535A (en) * 1999-06-15 2001-01-15 홍창표 Contact Prevention System and Method of Internet harmfulness Site

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100287625B1 (en) * 1998-05-12 2001-04-16 박성득 How to block harmful information on your personal computer
KR20000012713A (en) * 1999-12-20 2000-03-06 이문자 Method and apparatus for intercepting harmful information

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000074864A (en) * 1999-05-26 2000-12-15 박명순 Method and apparatus for blocking access to illegal and harmful internet contents on the distributed environment
KR20010002535A (en) * 1999-06-15 2001-01-15 홍창표 Contact Prevention System and Method of Internet harmfulness Site
KR20000050216A (en) * 2000-04-15 2000-08-05 이대섭 Internet access apparatus and method using an ID card

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100396131C (en) * 2004-10-28 2008-06-18 株式会社泛泰 Method and apparatus for restricting data access
US8291065B2 (en) 2004-12-02 2012-10-16 Microsoft Corporation Phishing detection, prevention, and notification
WO2008088101A1 (en) * 2007-01-19 2008-07-24 Planty-Net Co., Ltd. System and method for blocking the connection to the harmful information in a internet service provider network
CN101611396B (en) * 2007-01-19 2012-01-18 普兰蒂网络有限公司 System and method for blocking the connection to the harmful information in a internet service provider network
WO2017091291A1 (en) * 2015-11-23 2017-06-01 Intel Corporation Network interface device facilitating transaction assurance
US10334041B2 (en) 2015-11-23 2019-06-25 Intel Corporation Network interface device facilitating transaction assurance

Also Published As

Publication number Publication date
KR100418446B1 (en) 2004-02-14
KR20020074344A (en) 2002-09-30

Similar Documents

Publication Publication Date Title
EP1008087B1 (en) Method and apparatus for remote network access logging and reporting
US8584240B1 (en) Community scan for web threat protection
EP2408166B1 (en) Filtering method, system and network device therefor
US7620974B2 (en) Distributed traffic scanning through data stream security tagging
US8661522B2 (en) Method and apparatus for probabilistic matching to authenticate hosts during distributed denial of service attack
US7552478B2 (en) Network unauthorized access preventing system and network unauthorized access preventing apparatus
US11956251B2 (en) System, method and computer readable medium for determining users of an internet service
US11343275B2 (en) Detecting potential domain name system (DNS) hijacking by identifying anomalous changes to DNS records
US20100154058A1 (en) Method and systems for collecting addresses for remotely accessible information sources
JP2013098880A (en) Filtering system and filtering method
KR20000054538A (en) System and method for intrusion detection in network and it's readable record medium by computer
KR20070103502A (en) Communication control device
CN106330849A (en) Method and device for preventing domain name hijacking
CN100476771C (en) Communication control device
EP4167524B1 (en) Local network device connection control
WO2002077852A1 (en) Method and system for restricting access to specific internet sites and lan card for the same
US7987255B2 (en) Distributed denial of service congestion recovery using split horizon DNS
WO2002091213A1 (en) Cracker tracing system and method, and authentification system and method using the same
JP2004535096A (en) Method and system for regulating external access
US11706222B1 (en) Systems and methods for facilitating malicious site detection
KR20180051806A (en) System for preventing pharming attack using whitelist database of domain name system and method of the same
CN101589376A (en) communication control device
JP2003309607A (en) Anti-profiling equipment and anti-profiling program
US20030070094A1 (en) Data transfer across firewalls
KR100494243B1 (en) Method for controlling internet site access of mobile communication terminal

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP