[go: up one dir, main page]

TWI489310B - System for web browsing management at the client side and method of the same - Google Patents

System for web browsing management at the client side and method of the same Download PDF

Info

Publication number
TWI489310B
TWI489310B TW098120324A TW98120324A TWI489310B TW I489310 B TWI489310 B TW I489310B TW 098120324 A TW098120324 A TW 098120324A TW 98120324 A TW98120324 A TW 98120324A TW I489310 B TWI489310 B TW I489310B
Authority
TW
Taiwan
Prior art keywords
client
network interface
data packet
webpage
unit
Prior art date
Application number
TW098120324A
Other languages
Chinese (zh)
Other versions
TW201101092A (en
Inventor
Sung Chien Lai
Original Assignee
Fineart Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fineart Technology Co Ltd filed Critical Fineart Technology Co Ltd
Priority to TW098120324A priority Critical patent/TWI489310B/en
Publication of TW201101092A publication Critical patent/TW201101092A/en
Application granted granted Critical
Publication of TWI489310B publication Critical patent/TWI489310B/en

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Description

客戶端網頁瀏覽控管系統及方法Client web browsing control system and method

本發明大體上屬於一種網頁瀏覽控管系統。具體言之,其係關於一種可於客戶端進行網頁瀏覽控管之系統。The present invention generally pertains to a web browsing control system. Specifically, it relates to a system that can perform web browsing control on a client.

在現今資訊數位化的時代,電腦與網路已成為各行各業必備的工具,對於資訊之處理,大多已少不了電腦與網路。許多個人資訊與重要的企業資訊大多係藉由電腦加以處理並儲存成電子文件,再藉由網路加以流通,亦或是直接透過網路存取資料。然,電腦與網路之方便亦形成了資訊安全上的一大缺口。惡意的使用者可能會透過網路侵入企業內部之資訊系統,或竊取資料,或惡意破壞,進而對企業之正常運作造成威脅。因此大多數的企業均安裝有網路防火牆,以阻擋外來之入侵。然而企業所面臨之威脅並非僅僅來自外部,許多企業均曾因公司內部人員有意或無意之資訊洩漏事件而蒙受了重大的經濟損失。In today's era of digital information, computers and the Internet have become an indispensable tool for all walks of life. For the processing of information, computers and networks are indispensable. Many of the personal information and important corporate information are processed and stored as electronic files by computers, then circulated through the Internet, or accessed directly through the Internet. However, the convenience of computers and the Internet has also formed a big gap in information security. Malicious users may invade the internal information system, steal data, or maliciously destroy the network, thus threatening the normal operation of the enterprise. Therefore, most enterprises have a network firewall installed to block foreign invasions. However, the threats faced by enterprises are not only from the outside. Many companies have suffered significant economic losses due to intentional or unintentional information leakage incidents within the company.

為了杜絕內部人員經由網路洩漏公司之機密資訊,許多企業均在員工電腦(客戶端)與外部網路之連結間設有昂貴的網路閘道(network gateway)與機房,如第一圖所示。客戶端105欲連結至外部網路120之前均需透過網路閘道110加以過濾,並阻擋任何被禁止或需管制之網頁連結或動作(例如檔案傳輸協定(file transfer protocol,FTP)連結、網路上傳(web upload)、網路郵件(web-mail)之發送或網路硬碟(web hard disk)之存取等)方得以透過機房115將資料封包傳送至外部網路120。In order to prevent insiders from leaking confidential company information via the Internet, many companies have expensive network gateways and computer rooms between the employees' computers (clients) and external networks, as shown in the first figure. Show. Before the client 105 wants to connect to the external network 120, it needs to filter through the network gateway 110 and block any blocked or controlled web links or actions (such as file transfer protocol (FTP) links, networks). The web upload, the webmail (web-mail) or the web hard disk access, etc., can transmit the data packet to the external network 120 through the machine room 115.

然而,上述傳統之控管方式卻存在若干問題。如第二圖所示,此方式雖可藉由網路閘道110達到中央控管並過濾資料封包之目的,但當客戶端105並未處於公司內部(如將筆記型電腦帶出公司),亦或是處於公司內,但卻藉由非公司之網路介面125連上外部網路120時(例如透過熱點(Hot Spot)或手機(GPRS、EDGE、HSDPA等)上網),則上述方式即無法過濾傳送至外部網路120之資料封包,且亦無法留下任何紀錄。However, there are several problems with the above traditional control methods. As shown in the second figure, this method can achieve central control and filter data packets through the network gateway 110, but when the client 105 is not inside the company (such as taking a notebook computer out of the company), Or in the company, but when connected to the external network 120 by the non-company network interface 125 (for example, through hot spots (Hot Spot) or mobile phones (GPRS, EDGE, HSDPA, etc.), then the above method Data packets transmitted to the external network 120 cannot be filtered and no records can be left.

綜上所言,如何針對客戶端之網頁瀏覽加以控管,且無視其網際網路連結方式,實為目前業界一具實用性之思考方向,是以本發明提出了一種客戶端網頁瀏覽控管系統及方法,以杜絕任何客戶端之機密資訊經由網路外洩。In summary, how to control the web browsing of the client and ignore the way of connecting the Internet, it is a practical thinking direction in the industry, and the present invention proposes a client web browsing control. The system and method to prevent any client's confidential information from leaking through the network.

鑑於上述問題,本發明揭露了一種客戶端網頁瀏覽控管系統及方法。In view of the above problems, the present invention discloses a client webpage browsing control system and method.

於一觀點中,本發明之客戶端網頁瀏覽控管系統包含:至少一客戶端電腦,該客戶端電腦包含至少一應用程式、一通訊槽(socket)介面及至少一網路介面卡,其中上述應用程式可透過上述通訊槽介面將資料封包傳送至上述網路介面卡,並藉由網路介面卡與外部網路連結;以及一網頁控管模組,耦合至該客戶端電腦。上述網頁控管模組包含一掛接(hook)單元、一分層服務提供(layered service provider,LSP)單元及一分析單元,其中上述掛接單元係耦合至上述通訊槽介面,上述LSP單元係耦合至上述掛接單元,而上述分析單元係耦合至LSP單元。當通訊槽介面收到資料封包時,掛接單元將通知並載入LSP單元,以攔截資料封包,接著分析單元將分析資料封包之標頭(header),以辨識資料封包之目的,若上述資料封包之目的需加以管制,則阻擋此資料封包,反之,則將此資料封包傳送至網路介面卡。In one aspect, the client web browsing control system of the present invention includes: at least one client computer, wherein the client computer includes at least one application, a socket interface, and at least one network interface card, wherein the client computer The application can transmit the data packet to the network interface card through the communication slot interface, and connect to the external network through the network interface card, and a webpage control module coupled to the client computer. The webpage control module includes a hook unit, a layered service provider (LSP) unit, and an analysis unit, wherein the hook unit is coupled to the communication slot interface, and the LSP unit is Coupled to the hook unit described above, the analysis unit is coupled to the LSP unit. When the communication slot interface receives the data packet, the hook unit will notify and load the LSP unit to intercept the data packet, and then the analysis unit will analyze the header of the data packet to identify the purpose of the data packet. If the purpose of the packet needs to be controlled, the data packet is blocked. Otherwise, the data packet is transmitted to the network interface card.

於另一觀點中,本發明之客戶端網頁瀏覽控管方法包含下列步驟:首先,於一客戶端之通訊槽介面上安裝一掛接程式;接著,當上述通訊槽介面收到來自一應用程式欲傳送至一網路介面之資料封包時,上述掛接程式將通知並載入一分層服務提供(LSP)程式;之後,利用上述LSP程式攔截上述資料封包;接下來,利用一分析單元分析資料封包之標頭,以辨識資料封包之目的;最後,判斷上述資料封包之目的是否需要管制,若需加以管制,則阻擋資料封包,反之,則將資料封包傳送至上述網路介面。In another aspect, the client web browsing control method of the present invention includes the following steps: first, installing a hook program on a communication slot interface of a client; and then, when the communication slot interface receives an application from an application When the data packet is to be transmitted to a network interface, the above-mentioned hook program will notify and load a layered service provider (LSP) program; then, the above LSP program is used to intercept the data packet; and then, an analysis unit is used for analysis. The header of the data packet is used to identify the purpose of the data packet; finally, it is determined whether the purpose of the data packet needs to be controlled, and if it is controlled, the data packet is blocked, and vice versa, the data packet is transmitted to the above network interface.

本發明之一優點係可有效防止客戶端透過網際網路流出機密資訊。One of the advantages of the present invention is that it prevents the client from streaming confidential information through the Internet.

本發明之另一優點係可無視於客戶端之網路連結方式而控管客戶端之網頁瀏覽。Another advantage of the present invention is that the web browsing of the client can be controlled regardless of the way the client connects to the network.

關於本發明之優點與精神,可以藉由以下的發明實施例詳述及所附圖式得到進一步的瞭解。The advantages and spirit of the present invention will be further understood from the following detailed description of the embodiments of the invention.

下列描述係提供本發明特定的施行細節,俾使閱者徹底瞭解這些實施例之實行方式。然該領域之熟習技藝者須瞭解本發明亦可在不具備這些細節之條件下實行。此外,本發明特定實施例細節描述中使用之術語將以最廣義的合理方式解釋。The following description provides specific details of the implementation of the invention and is intended to provide a thorough understanding of the embodiments. Those skilled in the art will appreciate that the present invention may be practiced without these details. Furthermore, the terms used in the detailed description of the specific embodiments of the invention are to be construed in the

一般而言,Windows系統對外的所有通訊(如資料封包之傳輸)均需透過一通訊槽介面(socket interface)。通訊槽介面係一種應用程式(API)介面,其係介於應用程式與硬體之間,並提供標準的函式(function)以符合不同的網路硬體規格。參照第三圖,其顯示出一般客戶端(電腦)如何透過通訊槽介面與外部網路傳輸資料封包。簡略而言,當客戶端電腦200之使用者欲與外部網路進行互動(interaction)時,其需利用一應用程式205,例如Internet Explorer(IE)、Mozilla或Firefox等,將資料封包傳送至通訊槽介面210,透過通訊槽介面210之函式將其轉換成符合網路介面卡215之規格後,資料封包方得以抵達外部網路230。不論客戶端電腦200係透過何種網路介面卡(公司內部網路亦或是非公司之網路介面,例如外接乙太網路(Ethernet)、無線網路(wireless network)或行動網路(mobile network)之介面卡),資料封包在藉由網路介面卡215抵達外部網路230之前均需經過通訊槽介面210。In general, all external communications (such as the transmission of data packets) of the Windows system need to pass through a socket interface. The communication slot interface is an application (API) interface that is interposed between the application and the hardware and provides standard functions to conform to different network hardware specifications. Referring to the third figure, it shows how a general client (computer) transmits data packets through the communication slot interface to the external network. Briefly, when the user of the client computer 200 wants to interact with the external network, it needs to use an application 205, such as Internet Explorer (IE), Mozilla or Firefox, to transmit the data packet to the communication. After the slot interface 210 is converted into the conformity of the network interface card 215 by the function of the communication slot interface 210, the data packet can reach the external network 230. Regardless of the network interface card of the client computer 200 (internal network or non-company network interface, such as external Ethernet, wireless network or mobile network (mobile) The interface card of the network) needs to pass through the communication slot interface 210 before reaching the external network 230 by the network interface card 215.

參照第四圖,其係根據本發明一實施例之客戶端網頁瀏覽控管系統之示意圖。於此實施例中,客戶端電腦200包含至少一應用程式205、一通訊槽介面210及至少一網路介面卡215。其中,應用程式205可透過通訊槽介面210將資料封包傳送至網路介面卡215,並藉其與外部網路230連結。另外,一網頁控管模組250係耦合至客戶端電腦200。如圖所示,網頁控管模組250包含一掛接(hook)單元255、一分層服務提供(layered service provider,LSP)單元260及一分析單元265。掛接單元255係耦合至客戶端電腦200之通訊槽介面210,LSP單元260係耦合至掛接單元255,而分析單元265則係耦合至LSP單元260。Referring to the fourth figure, it is a schematic diagram of a client webpage browsing control system according to an embodiment of the present invention. In this embodiment, the client computer 200 includes at least one application 205, a communication slot interface 210, and at least one network interface card 215. The application 205 can transmit the data packet to the network interface card 215 through the communication slot interface 210 and connect to the external network 230 by using the communication slot interface 210. Additionally, a web page control module 250 is coupled to the client computer 200. As shown, the webpage control module 250 includes a hook unit 255, a layered service provider (LSP) unit 260, and an analysis unit 265. The hook unit 255 is coupled to the communication slot interface 210 of the client computer 200, the LSP unit 260 is coupled to the hook unit 255, and the analysis unit 265 is coupled to the LSP unit 260.

當客戶端電腦200欲與外部網路230產生互動時,其將透過應用程式205傳送資料封包至通訊槽介面210,而當通訊槽介面210收到資料封包時,掛接單元255將通知並載入LSP單元260,用以攔截資料封包。之後,資料封包將被傳送至分析單元265,以分析資料封包之標頭(header)。由於傳送之資料封包均為文字檔,可藉由標頭辨識出資料封包之目的,例如FTP連結、網路上傳、網路郵件之發送或網路硬碟之存取等。即使跟客戶端電腦200與外界之通訊係透過安全通訊協定(secure socket layer,SSL),由於SSL係於資料封包經過通訊槽介面210後方進行加密,故在通訊槽介面210時依然為明文檔,故仍可辨識出資料封包之目的。若其目的需加以管制,則阻擋資料封包,使其無法到達外部網路230,反之,則將資料封包傳送至網路介面卡215,藉以抵達外部網路230。When the client computer 200 wants to interact with the external network 230, it will transmit the data packet to the communication slot interface 210 through the application 205, and when the communication slot interface 210 receives the data packet, the hook unit 255 will notify and carry it. The LSP unit 260 is configured to intercept the data packet. The data packet will then be passed to analysis unit 265 to analyze the header of the data packet. Since the transmitted data packets are all text files, the header can be used to identify the purpose of the data packet, such as FTP connection, network upload, network mail transmission or network hard disk access. Even if the communication with the client computer 200 and the outside world is through a secure socket layer (SSL), since the SSL is encrypted after the data packet is encrypted through the communication slot interface 210, the communication slot interface 210 is still a clear document. Therefore, the purpose of the data packet can still be identified. If the purpose is to be controlled, the data packet is blocked from reaching the external network 230. Otherwise, the data packet is transmitted to the network interface card 215 to reach the external network 230.

於一較佳實施例中,分析單元265之目的管制條件為預先設置之條件,但亦可由被授權人員(authorized personnel),如企業之管理資訊系統(Management Information System,MIS)人員,亦或是公司主管視情況加以變更。In a preferred embodiment, the control condition of the analysis unit 265 is a pre-set condition, but may also be an authorized personnel, such as a management information system (MIS) personnel of the enterprise, or The company's supervisor changes it as appropriate.

參照第五圖,其係根據本發明另一實施例之客戶端網頁瀏覽控管系統之示意圖。在此實施例中,更加入了一紀錄單元270及一報表單元275。紀錄單元270係耦合至分析單元265,而報表單元275則係耦合至紀錄單元270以及客戶端電腦200。當分析單元265完成資料封包之辨識時,不論資料封包之目的是否需要加以管制,紀錄單元270將紀錄資料封包之網路活動(web activity)。而經紀錄之網路活動將透過報表單元275彙整成網頁瀏覽報表並傳送至客戶端電腦200,以利MIS人員或是主管檢視客戶端電腦200之網頁瀏覽紀錄。Referring to FIG. 5, it is a schematic diagram of a client webpage browsing control system according to another embodiment of the present invention. In this embodiment, a recording unit 270 and a reporting unit 275 are further added. Recording unit 270 is coupled to analysis unit 265, while reporting unit 275 is coupled to recording unit 270 and client computer 200. When the analysis unit 265 completes the identification of the data packet, the recording unit 270 encapsulates the web activity of the record data regardless of whether the purpose of the data packet needs to be controlled. The recorded network activity will be consolidated into a web browsing report through the reporting unit 275 and transmitted to the client computer 200 to facilitate the MIS personnel or the supervisor to view the web browsing history of the client computer 200.

於一實施例中,客戶端電腦200包含設置於公司辦公室內之桌機,以及方便攜帶之筆記型電腦。於較佳實施例中,客戶端電腦200外接之乙太網路介面卡包含10Mbps、100Mbps、1Gbps或10Gbps等乙太網路介面卡;外接之無線網路介面卡包含802.11a、802.11b、802.11g或802.11n等無線網路介面卡;而外接之行動網路介面卡則包含GPRS、EDGE、UMTS、HSDPA或HSUPA等行動網路介面卡。In one embodiment, the client computer 200 includes a desk machine disposed in a company office and a portable notebook computer. In the preferred embodiment, the Ethernet interface card external to the client computer 200 includes an Ethernet interface card such as 10 Mbps, 100 Mbps, 1 Gbps, or 10 Gbps; the external wireless network interface card includes 802.11a, 802.11b, and 802.11. g or 802.11n and other wireless network interface cards; and external mobile network interface cards include mobile network interface cards such as GPRS, EDGE, UMTS, HSDPA or HSUPA.

參照第六圖,其係根據本發明一實施例之客戶端網頁瀏覽控管方法之流程圖。如圖所示,欲於客戶端進行網頁瀏覽控管時,需先於客戶端之通訊槽介面上安裝一掛接程式(S302)。而當此通訊槽介面收到來自一應用程式欲傳送至一網路介面以抵達外部網路時,掛接程式將通知並載入一LSP程式(S304)。接著,利用LSP程式攔截資料封包(S306)。之後利用一分析單元分析資料封包之標頭,進而辨識其目的(S308)。最後,判斷資料封包之目的是否需要加以管制(S310),若需管制則阻擋資料封包,使其無法到達外部網路(S312),反之,則將資料封包傳送至網路介面,藉以抵達外部網路(S314)。Referring to a sixth figure, it is a flowchart of a client webpage browsing control method according to an embodiment of the present invention. As shown in the figure, when the web browser is controlled by the client, a hook program (S302) needs to be installed on the communication slot interface of the client. When the communication slot interface receives an application to be transmitted to a network interface to reach the external network, the hook program notifies and loads an LSP program (S304). Next, the data packet is intercepted by the LSP program (S306). Then, an analysis unit is used to analyze the header of the data packet to identify its purpose (S308). Finally, it is judged whether the purpose of the data packet needs to be regulated (S310), and if it is controlled, the data packet is blocked from being reachable to the external network (S312), and vice versa, the data packet is transmitted to the network interface, thereby reaching the external network. Road (S314).

綜上所言,本發明之客戶端網頁瀏覽控管系統與方法可無視於客戶端之網路連結方式有效控管客戶端之網路活動,進而有效防止客戶端流出企業之機密資訊。In summary, the client web browsing control system and method of the present invention can effectively control the network activity of the client regardless of the network connection mode of the client, thereby effectively preventing the client from flowing out the confidential information of the enterprise.

本發明並未侷限於此處所描述之特定細節特徵。在本發明之精神與範疇下,其與先前描述與圖式相關之許多不同的發明變更是可被允許的。因此,本發明將由下述之專利申請範圍來定義涵括其所可能之修改與變更,而非由上方之描述來界定本發明之範疇。The invention is not limited to the specific details described herein. Many different variations of the invention relating to the foregoing description and drawings are permitted in the spirit and scope of the invention. Therefore, the invention is intended to be limited by the scope of the appended claims.

105...客戶端電腦105. . . Client computer

110...網路閘道110. . . Network gateway

115...機房115. . . engine room

120...外部網路120. . . External network

125...非公司之網路介面125. . . Non-company web interface

200...客戶端電腦200. . . Client computer

205...應用程式205. . . application

210...通訊槽介面210. . . Communication slot interface

215...網路介面卡215. . . Network interface card

230...外部網路230. . . External network

250...網頁控管模組250. . . Web page control module

255...Hook單元255. . . Hook unit

260...LSP單元260. . . LSP unit

265...分析單元265. . . Analysis unit

270...紀錄單元270. . . Record unit

275...報表單元275. . . Report unit

S302...步驟S302. . . step

S304...步驟S304. . . step

S306...步驟S306. . . step

S308...步驟S308. . . step

S310...步驟S310. . . step

S312...步驟S312. . . step

S314...步驟S314. . . step

第一圖為常見之網頁瀏覽控管系統之示意圖;The first picture is a schematic diagram of a common web browsing control system;

第二圖為如何繞過第一圖之常見網頁瀏覽控管系統之示意圖;The second picture is a schematic diagram of how to bypass the common web browsing control system of the first figure;

第三圖為一般客戶端電腦如何與外部網路傳輸資料封包之示意圖;The third picture shows a schematic diagram of how a general client computer transmits data packets to an external network;

第四圖為根據本發明一實施例之客戶端網頁瀏覽控管系統之示意圖;The fourth figure is a schematic diagram of a client webpage browsing control system according to an embodiment of the invention;

第五圖為根據本發明另一實施例之客戶端網頁瀏覽控管系統之示意圖;FIG. 5 is a schematic diagram of a client webpage browsing control system according to another embodiment of the present invention; FIG.

第六圖為根據本發明一實施例之客戶端網頁瀏覽控管方法之流程圖。FIG. 6 is a flowchart of a method for controlling web browsing of a client according to an embodiment of the invention.

200...客戶端200. . . Client

205...應用程式205. . . application

210...通訊槽介面210. . . Communication slot interface

215...網路介面卡215. . . Network interface card

230...外部網路230. . . External network

250...網頁控管模組250. . . Web page control module

255...Hook單元255. . . Hook unit

260...LSP單元260. . . LSP unit

265...分析單元265. . . Analysis unit

Claims (18)

一種用以在客戶端電腦之通訊槽介面上安裝一掛接程式以控管網頁瀏覽之客戶端網頁瀏覽控管系統,包含:一網頁控管模組;其中該網頁控管模組包含,一掛接單元,該掛結單元係耦合至客戶端電腦之通訊操介面,以控管客戶端電腦之網頁瀏覽;一分層服務提供單元(layered service provider,LSP),該分層服務提供單元係耦合至該掛接單元;及一分析單元,該分析單元係耦合至該分層服務提供單元;其中該網頁控管模組及各該單元之間係以一階層方式組織運作,以使該網頁控管模組安裝於客戶端電腦之通訊操介面並控管資料封包之傳輸,其中當該通訊槽介面收到該資料封包時,該掛接單元將通知並載入該分層服務提供單元,以攔截該資料封包,接著該分析單元將分析該資料封包之標頭(header),以辨識該資料封包之目的,若該目的需加以管制,則阻擋該資料封包,反之,則將該資料封包傳送至該網路介面卡。 A client web browsing control system for installing a hooking program on a communication slot interface of a client computer to control web browsing, comprising: a webpage control module; wherein the webpage control module includes a hooking unit, the hooking unit is coupled to a communication interface of the client computer to control web browsing of the client computer; a layered service provider (LSP), the layered service providing unit And the analysis unit is coupled to the layered service providing unit; wherein the webpage control module and each of the units are organized in a hierarchical manner to enable the webpage The control module is installed on the communication interface of the client computer and controls the transmission of the data packet. When the communication slot interface receives the data packet, the connection unit notifies and loads the layered service providing unit. To intercept the data packet, the analysis unit will analyze the header of the data packet to identify the purpose of the data packet, and if the purpose is to be controlled, block the data. Packet, and vice versa, then transmits the data packet to the network interface card. 如請求項1所述之客戶端網頁瀏覽控管系統,其中該網頁控管模組更包含一紀錄單元,耦合至該分析單元,用以紀錄各個該資料封包之網路活動(web activity)。 The client webpage browsing control system of claim 1, wherein the webpage control module further comprises a recording unit coupled to the analyzing unit for recording web activity of each of the data packets. 如請求項2所述之客戶端網頁瀏覽控管系統,其中該網頁控管模組更包含一報表單元,耦合至該紀錄單元,用以將該各個該資料封包之該網路活動彙整成一報表並傳送至該客戶端電腦。 The client webpage browsing control system of claim 2, wherein the webpage control module further comprises a report unit coupled to the recording unit for collecting the network activity of each of the data packets into a report. And transferred to the client computer. 如請求項1所述之客戶端網頁瀏覽控管系統,其中該客戶端電腦包含桌機或筆記型電腦。 The client web browsing control system of claim 1, wherein the client computer comprises a desk machine or a notebook computer. 如請求項1所述之客戶端網頁瀏覽控管系統,其中該應用程式為一網頁瀏覽器,包含IE、Firefox或Mozilla。 The client web browsing control system of claim 1, wherein the application is a web browser, including IE, Firefox or Mozilla. 如請求項1所述之客戶端網頁瀏覽控管系統,其中該網路介面卡包含乙太網路(Ethernet)介面卡、無線網路(wireless network)介面卡或行動網路(mobile network)介面卡。 The client web browsing control system of claim 1, wherein the network interface card comprises an Ethernet interface card, a wireless network interface card or a mobile network interface. card. 如請求項6所述之客戶端網頁瀏覽控管系統,其中該乙太網路介面卡更包含10Mbps、100Mbps、1Gbps或10Gbps乙太網路介面卡。 The client web browsing control system of claim 6, wherein the Ethernet interface card further comprises a 10 Mbps, 100 Mbps, 1 Gbps or 10 Gbps Ethernet interface card. 如請求項6所述之客戶端網頁瀏覽控管系統,其中該無線網路介面卡更包含802.11a、802.11b、802.11g或802.11n無線網路介面卡。 The client web browsing control system of claim 6, wherein the wireless network interface card further comprises an 802.11a, 802.11b, 802.11g or 802.11n wireless network interface card. 如請求項6所述之客戶端網頁瀏覽控管系統,其中該行動網路介面卡更包含GPRS、EDGE、UMTS、HSDPA或HSUPA行動網路介面卡。 The client web browsing control system of claim 6, wherein the mobile network interface card further comprises a GPRS, EDGE, UMTS, HSDPA or HSUPA mobile network interface card. 一種電腦實施方法,該電腦實施方法用以於客戶端電腦之通訊槽介面控管網頁瀏覽,該電腦實施方法包含以下步驟:於一客戶端之通訊槽介面上安裝一掛接程式;當該通訊槽介面收到來自一應用程式欲傳送至一網路介面之資料封包時,該掛接程式將通知並載入一分層服務提供(LSP)程式;利用該分層服務提供程式攔截該資料封包;利用一分析單元分析該資料封包之標頭,以辨識該資料封包之目的;以及判斷該目的是否需要管制,若該目的需加以管制,則阻擋該資料封包,反之,則將該資料封包傳送至該網路介面。 A computer implementation method for controlling webpage browsing on a communication slot interface of a client computer, the computer implementation method comprising the steps of: installing a hook program on a communication slot interface of a client; When the slot interface receives a data packet from an application to be transmitted to a network interface, the hook program notifies and loads a layered service provider (LSP) program; the layer service provider intercepts the data packet Using an analysis unit to analyze the header of the data packet to identify the purpose of the data packet; and determining whether the purpose requires regulation, and if the purpose is to be controlled, blocking the data packet; otherwise, transmitting the data packet To the network interface. 如請求項10所述之客戶端網頁瀏覽控管方法,更包含利用一紀錄單元紀錄各個該資料封包之網路活動之步驟。 The client webpage browsing control method of claim 10 further includes the step of recording the network activity of each of the data packets by using a recording unit. 如請求項11所述之客戶端網頁瀏覽控管方法,更包含利用一報表單元將該各個該資料封包之該網路活動彙 整成一報表並傳送至該客戶端之步驟。 The client webpage browsing control method of claim 11, further comprising using the report unit to encapsulate the network activity of each of the data packets. The step of integrating a report and transmitting it to the client. 如請求項10所述之客戶端網頁瀏覽控管方法,其中該客戶端為桌機或筆記型電腦。 The client webpage browsing control method of claim 10, wherein the client is a desktop or a notebook computer. 如請求項10所述之客戶端網頁瀏覽控管方法,其中該應用程式為一網頁瀏覽器,包含IE、Firefox或Mozilla。 The client webpage browsing control method of claim 10, wherein the application is a web browser, including IE, Firefox or Mozilla. 如請求項10所述之客戶端網頁瀏覽控管方法,其中該網路介面包含乙太網路介面、無線網路介面或行動網路介面。 The client web browsing control method as claimed in claim 10, wherein the network interface comprises an Ethernet interface, a wireless network interface or a mobile network interface. 如請求項15所述之客戶端網頁瀏覽控管方法,其中該乙太網路介面更包含10Mbps、100Mbps、1Gbps或10Gbps乙太網路介面。 The client webpage browsing control method of claim 15, wherein the Ethernet interface further comprises a 10 Mbps, 100 Mbps, 1 Gbps or 10 Gbps Ethernet interface. 如請求項15所述之客戶端網頁瀏覽控管方法,其中該無線網路介面更包含802.11a、802.11b、802.11g或802.11n無線網路介面。 The client webpage browsing control method of claim 15, wherein the wireless network interface further comprises an 802.11a, 802.11b, 802.11g or 802.11n wireless network interface. 如請求項15所述之客戶端網頁瀏覽控管方法,其中該行動網路介面更包含GPRS、EDGE、UMTS、HSDPA或HSUPA行動網路介面。The client web browsing control method of claim 15, wherein the mobile network interface further comprises a GPRS, EDGE, UMTS, HSDPA or HSUPA mobile network interface.
TW098120324A 2009-06-17 2009-06-17 System for web browsing management at the client side and method of the same TWI489310B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW098120324A TWI489310B (en) 2009-06-17 2009-06-17 System for web browsing management at the client side and method of the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW098120324A TWI489310B (en) 2009-06-17 2009-06-17 System for web browsing management at the client side and method of the same

Publications (2)

Publication Number Publication Date
TW201101092A TW201101092A (en) 2011-01-01
TWI489310B true TWI489310B (en) 2015-06-21

Family

ID=44836885

Family Applications (1)

Application Number Title Priority Date Filing Date
TW098120324A TWI489310B (en) 2009-06-17 2009-06-17 System for web browsing management at the client side and method of the same

Country Status (1)

Country Link
TW (1) TWI489310B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE202012102878U1 (en) 2012-07-31 2012-08-22 Lagis Enterprise Co., Ltd. Surgical access device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI263914B (en) * 2004-06-25 2006-10-11 Fineart Technology Co Ltd An administering method for information processing devices of an enterprise
TWI288547B (en) * 2004-11-23 2007-10-11 Fineart Technology Co Ltd Method for controlling Internet access and machine-readable recorder
US20080147883A1 (en) * 1998-09-11 2008-06-19 Lv Partners, Lp Accessing a vendor web site using personal account information retrieved from a credit card company web site
TW200924475A (en) * 2007-11-28 2009-06-01 Inventec Corp System for intrusion protection system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080147883A1 (en) * 1998-09-11 2008-06-19 Lv Partners, Lp Accessing a vendor web site using personal account information retrieved from a credit card company web site
TWI263914B (en) * 2004-06-25 2006-10-11 Fineart Technology Co Ltd An administering method for information processing devices of an enterprise
TWI288547B (en) * 2004-11-23 2007-10-11 Fineart Technology Co Ltd Method for controlling Internet access and machine-readable recorder
TW200924475A (en) * 2007-11-28 2009-06-01 Inventec Corp System for intrusion protection system

Also Published As

Publication number Publication date
TW201101092A (en) 2011-01-01

Similar Documents

Publication Publication Date Title
US10212134B2 (en) Centralized management and enforcement of online privacy policies
JP4667359B2 (en) Digital asset usage accountability by journalizing events
US9838432B2 (en) System and method for automatic data protection in a computer network
CN111193698B (en) Data processing method, device, terminal and storage medium
US20100132041A1 (en) Interception-based client data network security system
EP2387746B1 (en) Methods and systems for securing and protecting repositories and directories
JP2008541273A5 (en)
JP2008541273A (en) Cascading security architecture
US20230114680A1 (en) Tunneled monitoring service and method
CN102158830B (en) Real time monitoring system for mobile network spam
US8930462B1 (en) Techniques for enforcing data sharing policies on a collaboration platform
TWI489310B (en) System for web browsing management at the client side and method of the same
Žgela et al. Security information and event management–capabilities, challenges and event analysis in the complex IT system
JP4660658B1 (en) Communication information analysis system
CN101945084A (en) Client web browsing control system and method
Gao et al. Operational security analysis and challenge for IoT solutions
KR102824098B1 (en) Method for detecting anomalous network traffic based on the rarity of packets and device performing the same
JP4571882B2 (en) E-mail filtering method and filtering system
CN203027275U (en) A client web browsing control router
TWI233014B (en) A method for examining abnormal situations of client computers in an enterprise
Tsai et al. Network Activity for Parental Monitoring
Scheffler et al. Privacy requirements for embedded sensor devices
CN114039762A (en) A method for monitoring system network communication security
Alnefaie et al. Secure Remote Mobile Screening (SRMS) Framework for Bring Your Own Device (BYOD)
CN101753522A (en) Interception security service system