[go: up one dir, main page]

WO2020251166A1 - Internet use method in network separation environment and device therefor - Google Patents

Internet use method in network separation environment and device therefor Download PDF

Info

Publication number
WO2020251166A1
WO2020251166A1 PCT/KR2020/005940 KR2020005940W WO2020251166A1 WO 2020251166 A1 WO2020251166 A1 WO 2020251166A1 KR 2020005940 W KR2020005940 W KR 2020005940W WO 2020251166 A1 WO2020251166 A1 WO 2020251166A1
Authority
WO
WIPO (PCT)
Prior art keywords
internet
network
network terminal
address
data
Prior art date
Application number
PCT/KR2020/005940
Other languages
French (fr)
Korean (ko)
Inventor
정원치
박남제
Original Assignee
제주대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 제주대학교 산학협력단 filed Critical 제주대학교 산학협력단
Publication of WO2020251166A1 publication Critical patent/WO2020251166A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Definitions

  • An embodiment of the present invention relates to a method and apparatus for using the Internet in a network separation environment in which a business network and an Internet network are separated from each other, and more particularly, to a method and apparatus for using the Internet in a business network.
  • the internal business network is separated from the Internet to fundamentally block attacks such as hacking or malicious code.
  • the business network and the Internet network are separated, so the business network terminal cannot directly access the Internet.
  • the person in charge has the inconvenience of having to retrieve the Internet data using an Internet network terminal and then put it in a storage medium (eg, USB) and transmit it to the work network terminal.
  • a storage medium eg, USB
  • a technical problem to be achieved by an embodiment of the present invention is to provide a method and an apparatus for using the Internet in a network separation environment.
  • An example of an Internet use method in a network separation environment according to an embodiment of the present invention for achieving the above technical problem is, in the Internet use method in a network separation environment in which a business network and an Internet network are separated, the business network terminal Transmitting an Internet address to an Internet network terminal through an inter-network data transmission method; Scraping, by the internet network terminal, a website corresponding to the internet address; The Internet network terminal converting the scraped data into an electronic document; And transmitting, by the Internet terminal, the electronic document to the business network terminal through the network data transmission method.
  • An example of an Internet network terminal in a network separation environment for achieving the above technical problem is a method for transmitting data between networks in a network separation environment by transmitting an Internet address transmitted by a business network terminal located in a business network.
  • An address receiver to receive through;
  • a scraping unit for scraping a website corresponding to the internet address;
  • a document generator for converting the scraped data into an electronic document;
  • a transmission unit for transmitting the electronic document to the business network terminal through the network data transmission method.
  • an example of a business network terminal in a network separation environment is an address transmission unit that transmits an Internet address to an Internet network terminal through an inter-network data transmission method in a network separation environment. ; A document receiving unit for receiving data scraped from a site corresponding to the Internet address in an electronic document form through the data transmission method from the Internet network terminal; And a document display unit for displaying the received document.
  • data of an external Internet network can be easily obtained while adhering to the principle of the basic environment of network separation in a business network terminal.
  • FIG. 1 is a diagram showing an example of a network separation environment according to an embodiment of the present invention.
  • FIGS. 2 and 3 are diagrams showing an example of a data transmission system in a network separation environment according to an embodiment of the present invention
  • FIG. 4 is a diagram showing an example of a method of using the Internet in a network separation environment according to an embodiment of the present invention
  • FIG. 5 is a diagram showing an example of a method for converting an electronic document according to an embodiment of the present invention
  • FIG. 6 is a diagram showing an example configuration of an Internet network terminal in a network separation environment according to an embodiment of the present invention.
  • FIG. 7 is a diagram illustrating an example configuration of a business terminal in a network separation environment according to an embodiment of the present invention.
  • FIG. 1 is a diagram illustrating an example of a network separation environment according to an embodiment of the present invention.
  • the business network 100 and the Internet network 130 are separated from each other, and the business network terminal 110 located in the business network 100 and the Internet network terminal 140 located in the Internet network 130 Exchanges data with each other through the data transmission system 120 through a predefined inter-network data transmission method. Separation of the business network 100 and the Internet network 130 may be physical or logical. In a network separation environment, the business network terminal 110 cannot directly access the Internet.
  • the business network terminal 110 and the Internet network terminal 140 are computing devices and may be implemented as a general computer or server. In the present embodiment, for convenience of explanation, one terminal 110 and 140 are respectively shown in the business network 100 and the Internet network 130, but a plurality of terminals may be located in each network 100 and 130 according to the embodiment. have.
  • a data transmission system 120 exists between the two networks for data exchange between the business network 100 and the Internet network 130.
  • the data transmission system 120 may physically or logically connect the business network 100 and the Internet network 130 as necessary. It can connect and exchange data between the two networks 100 and 130 according to a predefined security policy.
  • An example of the data transmission system 120 is shown in FIGS. 2 and 3.
  • FIGS. 2 and 3 are diagrams showing an example of a data transmission system in a network separation environment according to an embodiment of the present invention.
  • the data transmission system 120 includes a first control server 200, a shared storage 210 and a second control server 220.
  • the business network 100 and the Internet network 130 are logically separated by a first control server 200 and a second control server 220.
  • the first control server 200 and the second control server 220 are servers to which a security policy or data transmission policy for implementing a network separation environment between the business network 100 and the Internet network 130 is applied.
  • the first control server 200 is connected to the business network 100, and stores data received from the business network terminal 110 in the shared storage 210 or reads data stored in the shared storage 210 100).
  • the second control server 220 is connected to the Internet network 130 and stores the data received from the Internet network terminal 140 in the shared storage 210 or reads the data stored in the shared storage 210 to the Internet network terminal. send.
  • the Internet network terminal 140 When the Internet network terminal 140 wants to transmit data to the business network terminal, the Internet network terminal 140 transmits the data to the second control server 220, and the second control server 220 is an Internet network terminal ( 140) is stored in the shared storage 210 according to a predefined security policy or data transmission policy.
  • the business network terminal 110 reads data stored in the shared storage 210 by the Internet network terminal 140 through the first control server 200. The same method using the shared storage 210 is applied even when the business network terminal 110 wants to transmit data to the Internet network terminal 140.
  • the data transmission system 120 includes a first control server 300, a relay server 310, and a second control server 320.
  • the relay server 310 is not connected to the first control server 300 and the second control server 320 at the same time, but through the automatic switching switch 330, among the first control server 300 and the second control server 320 It is connected with either. That is, when the relay server 310 is connected to the first control server 300, the connection with the second control server 320 is disconnected, and conversely, when the relay server 310 is connected to the second control server 320, the connection with the first control server 300 The connection is broken.
  • the relay server 310 controls the automatic switching switch 330 to be connected to the second control server 320 and the second control server 320 provides the data received from the Internet network terminal 140 to the relay server 310. And the relay server 310 controls the automatic switching switch 330 to disconnect from the second control server 320 and connects with the first control server 300. Thereafter, the business network terminal 110 may receive the data transmitted by the Internet network terminal 140 from the relay server 310. When the business network terminal 110 wants to transmit data to the Internet network terminal 140, the procedure is reversed.
  • the data transmission system 120 is only an example for helping understanding of a data transmission method in a network separation environment to which an embodiment of the present invention is applied. It is not limited to the transmission system 120. There are various conventional techniques for data transmission between networks in a network separation environment, and an embodiment of the present invention can use various conventional data transmission methods between networks.
  • FIG. 4 is a diagram illustrating an example of a method of using the Internet in a network separation environment according to an embodiment of the present invention.
  • the business network terminal 110 transmits the Internet address of a site to be accessed to the Internet network terminal 140 through a predefined inter-network data transmission method (S400, S410). For example, since direct communication between the business network terminal 110 and the Internet network terminal 140 is impossible, the business network terminal 110 uses the data transmission system 120 as shown in FIG. 2 or 3 to provide an Internet address. Is transmitted to the Internet network terminal 140.
  • the Internet address refers to all types of addresses that can be used for Internet access, such as a URL (Uniform Resource Locator) address or an IP (Internet Protocol) address.
  • the Internet network terminal 140 accesses the corresponding site based on the Internet address received through the data transmission system 120 and scrapes the data (S420). For example, if your internet address is'www.google.com'.
  • the Internet network terminal 140 accesses the corresponding site and scrapes data using an Internet browser such as Explorer or Chrome. As another example, the Internet network terminal 140 may scrape data of an Internet site using a headless mode of an Internet browser.
  • the Internet network terminal 140 converts the scraped data into an electronic document form in which malicious codes or the like cannot exist (S430). As an example, the Internet network terminal 140 may convert the scraped data into a PDF file or an image file. In another embodiment, if the format of the data exchanged between the two networks is determined according to the policy of the inter-network data transmission method applied to the data transmission system 120, the Internet network terminal 140 uses the scraped data in a predefined data format. It can be converted to an electronic document.
  • the Internet network terminal 140 provides the electronic document to the business network terminal 110 through the network data transmission method of the data transmission system 120 (S440, S450).
  • the business network terminal 110 receives the electronic document (S450), it displays it on the screen (S460). Therefore, while adhering to the basic principle of the network separation environment, the user of the business network terminal 110 can obtain the same effect as having directly connected to the Internet.
  • FIG. 5 is a diagram illustrating an example of a method for converting an electronic document according to an embodiment of the present invention.
  • data scraped by accessing the Internet network terminal 140 to an Internet site is Internet data such as an HTML document 500.
  • the Internet network terminal 140 converts the HTML document 500 into an electronic document 510 such as a PDF document or an image document.
  • the Internet network terminal 140 may generate an Internet site screen displayed on an Internet browser as a PDF document or an image document.
  • the Internet network terminal 140 may directly generate the content of the site as an electronic document 510 such as an image without the need to display the Internet site on the Internet browser.
  • Internet sites may contain links.
  • the user can click various links on the'Naver' site to move to other sites or view other web pages.
  • the business network terminal 110 cannot access another web page through a link connected to a specific word or button in the Internet site, like a general Internet connection.
  • the Internet network terminal 140 identifies link information (eg, Internet address, etc.) 520 included in the scraped data, and then creates and adds it as an electronic document such as a PDF file or an image file.
  • link information eg, Internet address, etc.
  • the Internet network terminal 140 uses the data scraped from the Internet site A to the first electronic document 510 such as an image.
  • the link information of the Internet site B included in the Internet site A that is, the Internet address of the Internet site B
  • is generated as a second electronic document such as an image and provided to the business network terminal 110 together. I can.
  • the Internet network terminal 140 may generate a first electronic document and a second electronic document as one electronic document.
  • the Internet network terminal 140 may generate an electronic document 510 in which link information 520 such as a URL address is additionally displayed in a portion where a link exists in data of an Internet site. That is, if there is a link in the word'shopping', the internet network terminal may display the internet address of the link in overlap with or around the'shopping'.
  • the user of the business network terminal 110 may provide the Internet address of the link to the Internet network terminal 140 to receive the data of the Internet site indicated by the link again.
  • FIG. 6 is a diagram illustrating an example configuration of an Internet network terminal in a network separation environment according to an embodiment of the present invention.
  • the Internet network terminal 140 includes an address receiving unit 600, a scraping unit 610, a document generating unit 620 and a transmitting unit 630.
  • Each component of the present embodiment may be implemented as an agent that is a program operable on a computing device.
  • the address receiver 600 receives the Internet address transmitted by the business network terminal 110 through a data transmission method between networks in a network separation environment.
  • the scraping unit 610 accesses an Internet site based on an Internet address and scrapes data.
  • the scraping unit 610 may access an Internet site and scrap data through the headless mode of the Internet browser.
  • the document generation unit 620 converts the scraped data into an electronic document such as a PDF document or an image document.
  • the document generator 620 may generate the screen itself displayed on the Internet browser as an image document.
  • the document generator 620 may create an electronic document with link information included in the scraped data.
  • the document generating unit 620 may add link information to the electronic document when converting the scraped data into an electronic document.
  • FIG. 7 is a diagram illustrating an example configuration of a business terminal in a network separation environment according to an embodiment of the present invention.
  • the business terminal 110 includes an address transmission unit 700, a document receiving unit 710, and a document display unit 720.
  • Each component of the present embodiment may be implemented as a program operable on a computing device.
  • the address transmission unit 700 transmits the Internet address input from the user to the Internet network terminal 140 through an inter-network data transmission method.
  • the address transmission unit 700 may receive an Internet address input through a conventional Internet browser for user convenience.
  • the user may input an Internet address in an address input window of an Internet browser displayed on the business terminal 100.
  • the document receiving unit 710 receives an electronic document provided by the Internet network terminal 140 through a data transmission method between networks.
  • the electronic document is a document in which a screen of an Internet site corresponding to an Internet address provided by the address transmission unit 700 is included as a PDF or an image.
  • link information included in the corresponding Internet site may be additionally displayed as a URL or the like.
  • the document display unit 720 displays the received electronic document on the screen.
  • the document display unit 720 may display the received electronic document on the screen of the Internet browser.
  • the user of the business terminal 110 inputs an Internet address through an Internet browser and a screen for this is displayed on the Internet browser, he or she can feel as if they have directly connected to the Internet.
  • the user of the business terminal 110 inputs the Internet address corresponding to the link information through the address transmission unit 700
  • the electronic document of the Internet site corresponding to the Internet address can be received and viewed. That is, it is possible to achieve the same effect as pressing a link of a corresponding site by accessing the Internet from the business terminal 110.
  • the present invention can also be implemented as a computer-readable code on a computer-readable recording medium.
  • the computer-readable recording medium includes all types of recording devices that store data that can be read by a computer system. Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tapes, floppy disks, and optical data storage devices.
  • the computer-readable recording medium can be distributed over a computer system connected through a network to store and execute computer-readable codes in a distributed manner.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

An Internet use method in a network separation environment and a device therefor are disclosed. A business network terminal transmits an Internet address to an Internet network terminal through an inter-network data transmission method, and the Internet network terminal scraps a website corresponding to the Internet address, converts the scraped website into an electronic document, and transmits the electronic document to the business network terminal.

Description

망 분리 환경의 인터넷 이용 방법 및 그 장치Internet usage method and device in network separation environment
본 발명의 실시 예는 업무망 및 인터넷망이 서로 분리된 망 분리 환경에서 인터넷을 이용하는 방법 및 그 장치에 관한 것으로, 보다 상세하게는 업무망에서 인터넷을 이용하는 방법 및 그 장치에 관한 것이다.An embodiment of the present invention relates to a method and apparatus for using the Internet in a network separation environment in which a business network and an Internet network are separated from each other, and more particularly, to a method and apparatus for using the Internet in a business network.
금융권, 공공기관 또는 국가기관 등 보안이 필요한 곳은 내부 업무망을 인터넷망을 분리하여 해킹이나 악성코드 등의 공격을 원천적으로 차단한다. 망 분리 환경에서 업무망과 인터넷망은 분리되어 있으므로, 업무망 단말은 인터넷에 직접 접속할 수 없다. 인터넷 자료가 필요한 경우 담당자는 인터넷망 단말을 이용하여 인터넷 자료를 검색한 후 이를 저장매체(예를 들어, USB)에 담아 업무망 단말에 전달하여야 하는 불편함이 존재한다.In places where security is required, such as financial institutions, public institutions, or state institutions, the internal business network is separated from the Internet to fundamentally block attacks such as hacking or malicious code. In the network separation environment, the business network and the Internet network are separated, so the business network terminal cannot directly access the Internet. When Internet data are needed, the person in charge has the inconvenience of having to retrieve the Internet data using an Internet network terminal and then put it in a storage medium (eg, USB) and transmit it to the work network terminal.
본 발명의 실시 예가 이루고자 하는 기술적 과제는, 망 분리 환경에서 인터넷을 이용하는 방법 및 그 장치를 제공하는 데 있다.A technical problem to be achieved by an embodiment of the present invention is to provide a method and an apparatus for using the Internet in a network separation environment.
상기의 기술적 과제를 달성하기 위한, 본 발명의 실시 예에 따른 망 분리 환경의 인터넷 이용 방법의 일 예는, 업무망과 인터넷망이 분리된 망 분리 환경의 인터넷 이용 방법에 있어서, 업무망 단말은 인터넷주소를 망간자료전송 방법을 통해 인터넷망 단말로 전송하는 단계; 상기 인터넷망 단말은 상기 인터넷주소에 해당하는 웹사이트를 스크래핑하는 단계; 상기 인터넷망 단말은 스크래핑한 데이터를 전자문서로 변환하는 단계; 및 상기 인터넷 단말은 상기 전자문서를 상기 망간자료전송 방법을 통해 상기 업무망 단말로 전송하는 단계;를 포함한다.An example of an Internet use method in a network separation environment according to an embodiment of the present invention for achieving the above technical problem is, in the Internet use method in a network separation environment in which a business network and an Internet network are separated, the business network terminal Transmitting an Internet address to an Internet network terminal through an inter-network data transmission method; Scraping, by the internet network terminal, a website corresponding to the internet address; The Internet network terminal converting the scraped data into an electronic document; And transmitting, by the Internet terminal, the electronic document to the business network terminal through the network data transmission method.
상기의 기술적 과제를 달성하기 위한, 본 발명의 실시 예에 따른 망 분리 환경의 인터넷망 단말의 일 예는, 업무망에 위치한 업무망 단말이 전송한 인터넷 주소를 망 분리 환경의 망간자료전송방법을 통해 수신하는 주소수신부; 상기 인터넷주소에 해당하는 웹사이트를 스크래핑하는 스크랩핑부; 상기 스크래핑한 데이터를 전자문서로 변환하는 문서생성부; 및 상기 전자문서를 상기 망간자료전송 방법을 통해 상기 업무망 단말로 전송하는 전송부;를 포함한다.An example of an Internet network terminal in a network separation environment according to an embodiment of the present invention for achieving the above technical problem is a method for transmitting data between networks in a network separation environment by transmitting an Internet address transmitted by a business network terminal located in a business network. An address receiver to receive through; A scraping unit for scraping a website corresponding to the internet address; A document generator for converting the scraped data into an electronic document; And a transmission unit for transmitting the electronic document to the business network terminal through the network data transmission method.
상기의 기술적 과제를 달성하기 위한, 본 발명의 실시 예에 따른 망 분리 환경의 업무망 단말의 일 예는, 인터넷 주소를 망 분리 환경의 망간 자료전송방법을 통해 인터넷망 단말로 전송하는 주소전송부; 상기 인터넷망 단말로부터 상기 자료전송방법을 통해, 상기 인터넷 주소에 해당하는 사이트에서 스크랩핑한 데이터를 전자문서 형태로 수신하는 문서수신부; 및 상기 수신한 문서를 표시하는 문서표시부;를 포함한다.In order to achieve the above technical problem, an example of a business network terminal in a network separation environment according to an embodiment of the present invention is an address transmission unit that transmits an Internet address to an Internet network terminal through an inter-network data transmission method in a network separation environment. ; A document receiving unit for receiving data scraped from a site corresponding to the Internet address in an electronic document form through the data transmission method from the Internet network terminal; And a document display unit for displaying the received document.
본 발명의 실시 예에 따르면, 업무망 단말에서 망 분리의 기본환경의 원칙을 준수하면서 외부 인터넷망의 자료를 용이하게 획득할 수 있다. According to an embodiment of the present invention, data of an external Internet network can be easily obtained while adhering to the principle of the basic environment of network separation in a business network terminal.
도 1은 본 발명의 실시 예에 따른 망 분리 환경의 일 예를 도시한 도면,1 is a diagram showing an example of a network separation environment according to an embodiment of the present invention;
도 2 및 도 3은 본 발명의 실시 예에 따른 망 분리 환경의 자료전송시스템의 일 예를 도시한 도면, 2 and 3 are diagrams showing an example of a data transmission system in a network separation environment according to an embodiment of the present invention;
도 4는 본 발명의 실시 예에 따른 망 분리 환경에서 인터넷을 이용하는 방법의 일 예를 도시한 도면,4 is a diagram showing an example of a method of using the Internet in a network separation environment according to an embodiment of the present invention;
도 5는 본 발명의 실시 예에 따른 전자문서의 변환 방법의 일 예를 도시한 도면, 5 is a diagram showing an example of a method for converting an electronic document according to an embodiment of the present invention;
도 6은 본 발명의 실시 예에 따른 망 분리 환경의 인터넷망 단말의 일 예의 구성을 도시한 도면, 그리고,6 is a diagram showing an example configuration of an Internet network terminal in a network separation environment according to an embodiment of the present invention, and,
도 7은 본 발명의 실시 예에 따른 망 분리 환경의 업무용 단말의 일 예의 구성을 도시한 도면이다.7 is a diagram illustrating an example configuration of a business terminal in a network separation environment according to an embodiment of the present invention.
이하에서, 첨부된 도면들을 참조하여 본 발명의 실시 예에 따른 망 분리 환경의 인터넷 이용 방법 및 그 장치에 대해 상세히 살펴본다,Hereinafter, a method and apparatus for using the Internet in a network separation environment according to an embodiment of the present invention will be described in detail with reference to the accompanying drawings.
도 1은 본 발명의 실시 예에 따른 망 분리 환경의 일 예를 도시한 도면이다.1 is a diagram illustrating an example of a network separation environment according to an embodiment of the present invention.
도 1을 참조하면, 업무망(100)과 인터넷망(130)은 서로 분리되어 있으며, 업무망(100)에 위치한 업무망 단말(110)과 인터넷망(130)에 위치한 인터넷망 단말(140)은 자료전송시스템(120)을 통해 기 정의된 망간 자료전송방법으로 서로 데이터를 교환한다. 업무망(100)과 인터넷망(130)의 분리는 물리적 또는 논리적일 수 있다. 망 분리 환경에서 업무망 단말(110)은 인터넷에 직접 접속할 수 없다.Referring to FIG. 1, the business network 100 and the Internet network 130 are separated from each other, and the business network terminal 110 located in the business network 100 and the Internet network terminal 140 located in the Internet network 130 Exchanges data with each other through the data transmission system 120 through a predefined inter-network data transmission method. Separation of the business network 100 and the Internet network 130 may be physical or logical. In a network separation environment, the business network terminal 110 cannot directly access the Internet.
업무망 단말(110)과 인터넷망 단말(140)은 컴퓨팅 장치로서, 일반적인 컴퓨터 또는 서버 등으로 구현될 수 있다. 본 실시 예는 설명의 편의를 위하여 업무망(100)과 인터넷망(130)에 각각 하나의 단말(110,140)을 도시하고 있으나, 실시 예에 따라 각 망(100,130)에 복수의 단말이 위치할 수 있다. The business network terminal 110 and the Internet network terminal 140 are computing devices and may be implemented as a general computer or server. In the present embodiment, for convenience of explanation, one terminal 110 and 140 are respectively shown in the business network 100 and the Internet network 130, but a plurality of terminals may be located in each network 100 and 130 according to the embodiment. have.
업무망(100)과 인터넷망(130) 사이의 자료교환을 위해 두 망 사이에 자료전송시스템(120)이 존재한다. 예를 들어, 업무망(100)과 인터넷망(130)이 물리적 또는 논리적으로 분리되어 있다면, 자료전송시스템(120)은 필요에 따라 업무망(100)과 인터넷망(130)을 물리적 또는 논리적으로 연결하고 두 망(100,130) 사이에 기 정의된 보안 정책에 따라 자료를 교환할 수 있다. 자료전송시스템(120)의 일 예가 도 2 및 도 3에 도시되어 있다. A data transmission system 120 exists between the two networks for data exchange between the business network 100 and the Internet network 130. For example, if the business network 100 and the Internet network 130 are physically or logically separated, the data transmission system 120 may physically or logically connect the business network 100 and the Internet network 130 as necessary. It can connect and exchange data between the two networks 100 and 130 according to a predefined security policy. An example of the data transmission system 120 is shown in FIGS. 2 and 3.
도 2 및 도 3은 본 발명의 실시 예에 따른 망 분리 환경의 자료전송시스템의 일 예를 도시한 도면이다.2 and 3 are diagrams showing an example of a data transmission system in a network separation environment according to an embodiment of the present invention.
도 2를 참조하면, 자료전송시스템(120)은 제1통제서버(200), 공유스토리지(210) 및 제2통제서버(220)를 포함한다. 업무망(100)과 인터넷망(130)은 제1 통제서버(200) 및 제2 통제서버(220)에 의해 논리적으로 분리되어 있다.Referring to FIG. 2, the data transmission system 120 includes a first control server 200, a shared storage 210 and a second control server 220. The business network 100 and the Internet network 130 are logically separated by a first control server 200 and a second control server 220.
제1 통제서버(200) 및 제2 통제서버(220)는 업무망(100)과 인터넷망(130)의 망 분리 환경을 구현하기 위한 보안 정책이나 자료전송정책 등이 적용되는 서버이다. 제1 통제서버(200)는 업무망(100)에 연결되며, 업무망 단말(110)로부터 수신한 데이터를 공유스토리지(210)에 저장하거나 공유스토리지(210)에 저장된 데이터를 읽어 업무망 단말(100)로 전송한다. 제2 통제서버(220)는 인터넷망(130)에 연결되며, 인터넷망 단말(140)로부터 수신한 데이터를 공유스토리지(210)에 저장하거나 공유스토리지(210)에 저장된 데이터를 읽어 인터넷망 단말로 전송한다.The first control server 200 and the second control server 220 are servers to which a security policy or data transmission policy for implementing a network separation environment between the business network 100 and the Internet network 130 is applied. The first control server 200 is connected to the business network 100, and stores data received from the business network terminal 110 in the shared storage 210 or reads data stored in the shared storage 210 100). The second control server 220 is connected to the Internet network 130 and stores the data received from the Internet network terminal 140 in the shared storage 210 or reads the data stored in the shared storage 210 to the Internet network terminal. send.
인터넷망 단말(140)이 업무망 단말에 데이터를 전달하고자 하는 경우, 인터넷망 단말(140)은 데이터를 제2 통제서버(220)에 전송하고, 제2 통제서버(220)는 인터넷망 단말(140)로부터 수신한 데이터를 기 정의된 보안정책이나 자료전송정책 등에 따라 공유스토리지(210)에 저장한다. 업무망 단말(110)은 제1 통제서버(200)를 통해 인터넷망 단말(140)이 공유스토리지(210)에 저장한 데이터를 읽어 온다. 업무망 단말(110)이 인터넷망 단말(140)에 데이터를 전달하고자 하는 경우에도 공유스토리지(210)를 이용한 동일한 방법이 적용된다.When the Internet network terminal 140 wants to transmit data to the business network terminal, the Internet network terminal 140 transmits the data to the second control server 220, and the second control server 220 is an Internet network terminal ( 140) is stored in the shared storage 210 according to a predefined security policy or data transmission policy. The business network terminal 110 reads data stored in the shared storage 210 by the Internet network terminal 140 through the first control server 200. The same method using the shared storage 210 is applied even when the business network terminal 110 wants to transmit data to the Internet network terminal 140.
도 3을 참조하면, 자료전송시스템(120)은 제1 통제서버(300), 중계서버(310) 및 제2 통제서버(320)를 포함한다. 중계서버(310)는 제1 통제서버(300) 및 제2 통제서버(320)에 동시에 연결되지 않고 자동전환스위치(330)를 통해 제1 통제서버(300) 및 제2 통제서버(320) 중 어느 하나와 연결된다. 즉, 중계서버(310)가 제1 통제서버(300)와 연결될 때 제2 통제서버(320)와의 연결은 끊어지고, 반대로 제2 통제서버(320)와 연결될 때 제1 통제서버(300)와의 연결은 끊어진다.Referring to FIG. 3, the data transmission system 120 includes a first control server 300, a relay server 310, and a second control server 320. The relay server 310 is not connected to the first control server 300 and the second control server 320 at the same time, but through the automatic switching switch 330, among the first control server 300 and the second control server 320 It is connected with either. That is, when the relay server 310 is connected to the first control server 300, the connection with the second control server 320 is disconnected, and conversely, when the relay server 310 is connected to the second control server 320, the connection with the first control server 300 The connection is broken.
인터넷망 단말(140)이 업무망 단말(110)에 데이터를 전달하고자 하는 경우, 중계서버(310)는 자동전환스위치(330)를 제어하여 제2 통제서버(320)와 연결되고 제2 통제서버(320)는 인터넷망 단말(140)로부터 전달받은 데이터를 중계서버(310)에 제공한다. 그리고 중계서버(310)는 자동전환스위치(330)를 제어하여 제2 통제서버(320)와의 연결을 끊고 제1 통제서버(300)와 연결한다. 이후 업무망 단말(110)은 중계서버(310)로부터 인터넷망 단말(140)이 전달한 데이터를 수신할 수 있다. 업무망 단말(110)이 인터넷망 단말(140)에 데이터를 전달하고자 하는 경우는 반대의 순서로 진행된다.When the Internet network terminal 140 wants to transmit data to the business network terminal 110, the relay server 310 controls the automatic switching switch 330 to be connected to the second control server 320 and the second control server 320 provides the data received from the Internet network terminal 140 to the relay server 310. And the relay server 310 controls the automatic switching switch 330 to disconnect from the second control server 320 and connects with the first control server 300. Thereafter, the business network terminal 110 may receive the data transmitted by the Internet network terminal 140 from the relay server 310. When the business network terminal 110 wants to transmit data to the Internet network terminal 140, the procedure is reversed.
도 2 및 도 3에서 살펴보면 자료전송시스템(120)은 본 발명의 실시 예가 적용되는 망 분리 환경의 자료전송방법의 이해를 돕기 위한 하나의 예일 뿐 본 발명의 실시 예는 도 2 및 도 3의 자료전송시스템(120)에 한정되는 것은 아니다. 망 분리 환경에서 망간 자료전송방법의 다양한 종래 기술이 존재하며, 본 발명의 실시 예는 종래의 다양한 망간 자료전송방법을 사용할 수 있다. Referring to FIGS. 2 and 3, the data transmission system 120 is only an example for helping understanding of a data transmission method in a network separation environment to which an embodiment of the present invention is applied. It is not limited to the transmission system 120. There are various conventional techniques for data transmission between networks in a network separation environment, and an embodiment of the present invention can use various conventional data transmission methods between networks.
도 4는 본 발명의 실시 예에 따른 망 분리 환경에서 인터넷을 이용하는 방법의 일 예를 도시한 도면이다.4 is a diagram illustrating an example of a method of using the Internet in a network separation environment according to an embodiment of the present invention.
도 4를 참조하면, 업무망 단말(110)은 접속하고자 하는 사이트의 인터넷 주소를 기 정의된 망간 자료전송방법을 통해 인터넷망 단말(140)로 전달한다(S400,S410). 예를 들어, 업무망 단말(110)과 인터넷망 단말(140) 사이에 직접적인 통신은 불가능하므로, 업무망 단말(110)은 도 2 또는 도 3과 같은 자료전송시스템(120)을 이용하여 인터넷 주소를 인터넷망 단말(140)로 전달한다. 본 실시 예에서 인터넷 주소는 URL(Uniform Resource Locator) 주소 또는 IP(Internet Protocol) 주소 등 인터넷 접속에 사용될 수 있는 모든 종류의 주소를 의미한다.4, the business network terminal 110 transmits the Internet address of a site to be accessed to the Internet network terminal 140 through a predefined inter-network data transmission method (S400, S410). For example, since direct communication between the business network terminal 110 and the Internet network terminal 140 is impossible, the business network terminal 110 uses the data transmission system 120 as shown in FIG. 2 or 3 to provide an Internet address. Is transmitted to the Internet network terminal 140. In this embodiment, the Internet address refers to all types of addresses that can be used for Internet access, such as a URL (Uniform Resource Locator) address or an IP (Internet Protocol) address.
인터넷망 단말(140)은 자료전송시스템(120)을 통해 전달받은 인터넷 주소를 기초로 해당 사이트에 접속하여 데이터를 스크래핑한다(S420). 예를 들어, 인터넷 주소가 'www.google.com'이면. 인터넷망 단말(140)은 익스플로러 또는 크롬 등과 같은 인터넷브라우저를 이용하여 해당 사이트에 접속하고 데이터를 스크래핑한다. 다른 실시 예로, 인터넷망 단말(140)은 인터넷 브라우저의 헤드리스 모드(headless mode)를 이용하여 인터넷 사이트의 데이터를 스크래핑할 수 있다.The Internet network terminal 140 accesses the corresponding site based on the Internet address received through the data transmission system 120 and scrapes the data (S420). For example, if your internet address is'www.google.com'. The Internet network terminal 140 accesses the corresponding site and scrapes data using an Internet browser such as Explorer or Chrome. As another example, the Internet network terminal 140 may scrape data of an Internet site using a headless mode of an Internet browser.
인터넷망 단말(140)이 인터넷 사이트로부터 스크래핑한 데이터에는 악성 코드 등이 포함되어 있을 수 있으므로 스크래핑한 데이터 그 자체를 업무망에 바로 전달하는 것은 바람직하지 않다. 따라서 인터넷망 단말(140)은 스크래핑한 데이터를 악성 코드 등이 존재할 수 없는 전자문서 형태로 변환한다(S430). 일 실시 예로, 인터넷망 단말(140)은 스크래핑한 데이터를 PDF 파일 또는 이미지 파일로 변환할 수 있다. 다른 실시 예로, 자료전송시스템(120)에 적용된 망간 자료전송방법의 정책에 따라 두 망 사이에서 교환되는 데이터의 형식이 정해져 있다면, 인터넷망 단말(140)은 스크래핑한 데이터를 기 정의된 데이터 형식의 전자문서로 변환할 수 있다. Since the data scraped by the Internet network terminal 140 from the Internet site may contain malicious code, it is not desirable to directly transmit the scraped data to the business network. Accordingly, the Internet network terminal 140 converts the scraped data into an electronic document form in which malicious codes or the like cannot exist (S430). As an example, the Internet network terminal 140 may convert the scraped data into a PDF file or an image file. In another embodiment, if the format of the data exchanged between the two networks is determined according to the policy of the inter-network data transmission method applied to the data transmission system 120, the Internet network terminal 140 uses the scraped data in a predefined data format. It can be converted to an electronic document.
인터넷망 단말(140)은 전자문서를 자료전송시스템(120)의 망간 자료전송방법을 통해 업무망 단말(110)에 제공한다(S440,S450). 업무망 단말(110)은 전자문서를 수신하면(S450), 이를 화면에 표시한다(S460). 따라서 망 분리 환경의 기본 원칙을 준수하면서 업무망 단말(110)의 사용자는 인터넷에 직접 접속한 것과 같은 효과를 얻을 수 있다. The Internet network terminal 140 provides the electronic document to the business network terminal 110 through the network data transmission method of the data transmission system 120 (S440, S450). When the business network terminal 110 receives the electronic document (S450), it displays it on the screen (S460). Therefore, while adhering to the basic principle of the network separation environment, the user of the business network terminal 110 can obtain the same effect as having directly connected to the Internet.
도 5는 본 발명의 실시 예에 따른 전자문서 변환 방법의 일 예를 도시한 도면이다.5 is a diagram illustrating an example of a method for converting an electronic document according to an embodiment of the present invention.
도 5를 참조하면, 인터넷망 단말(140)이 인터넷 사이트에 접속하여 스크랩핑한 데이터는 HTML 문서(500) 등의 인터넷 데이터이다. 인터넷망 단말(140)은 HTML 문서(500)를 PDF 문서 또는 이미지 문서 등의 전자문서(510)로 변환한다. 예를 들어, 인터넷망 단말(140)은 인터넷 브라우저에 표시되는 인터넷 사이트 화면을 PDF 문서 또는 이미지 문서로 생성할 수 있다. 이때 인터넷망 단말(140)은 인터넷 브라우저에 인터넷 사이트를 표시할 필요없이 해당 사이트의 내용을 바로 이미지 등의 전자문서(510)로 생성할 수 있다.Referring to FIG. 5, data scraped by accessing the Internet network terminal 140 to an Internet site is Internet data such as an HTML document 500. The Internet network terminal 140 converts the HTML document 500 into an electronic document 510 such as a PDF document or an image document. For example, the Internet network terminal 140 may generate an Internet site screen displayed on an Internet browser as a PDF document or an image document. In this case, the Internet network terminal 140 may directly generate the content of the site as an electronic document 510 such as an image without the need to display the Internet site on the Internet browser.
인터넷 사이트는 링크를 포함할 수 있다. 예를 들어, '네이버' 사이트에 접속하면, 사용자는 '네이버' 사이트에 존재하는 다양한 링크를 눌러 다른 사이트로 이동하거나 다른 웹페이지를 볼 수 있다. 그러나 인터넷 사이트 화면을 이미지로 변환한 전자문서에는 링크가 존재하지 않는다. 이 경우, 업무망 단말(110)에서는 일반적인 인터넷 접속과 같이 인터넷 사이트 내 특정 단어나 버튼에 연결된 링크를 통해 다른 웹페이지로의 접근이 불가능하다.Internet sites may contain links. For example, when accessing the'Naver' site, the user can click various links on the'Naver' site to move to other sites or view other web pages. However, there is no link in an electronic document that converts the screen of an Internet site into an image. In this case, the business network terminal 110 cannot access another web page through a link connected to a specific word or button in the Internet site, like a general Internet connection.
따라서 다른 실시 예로, 인터넷망 단말(140)은 스크랩핑한 데이터에 포함된 링크 정보(예를 들어, 인터넷 주소 등)(520)를 파악한 후 이를 PDF 파일 또는 이미지 파일 등의 전자문서로 생성하여 추가 제공할 수 있다. 예를 들어, A 인터넷 사이트에B 인터넷 사이트로 접속이 가능한 링크 정보(520)가 포함되어 있다면, 인터넷망 단말(140)은 A 인터넷 사이트로부터 스크래핑한 데이터를 이미지 등의 제1 전자문서(510)로 변환하고 또한 A 인터넷 사이트에 포함된 B 인터넷 사이트의 링크 정보(즉, B 인터넷 사이트의 인터넷 주소)(520)를 이미지 등의 제2 전자문서로 생성하여 함께 업무망 단말(110)에 제공할 수 있다. Accordingly, in another embodiment, the Internet network terminal 140 identifies link information (eg, Internet address, etc.) 520 included in the scraped data, and then creates and adds it as an electronic document such as a PDF file or an image file. Can provide. For example, if the Internet site A includes link information 520 that allows access to the Internet site B, the Internet network terminal 140 uses the data scraped from the Internet site A to the first electronic document 510 such as an image. In addition, the link information of the Internet site B included in the Internet site A (that is, the Internet address of the Internet site B) 520 is generated as a second electronic document such as an image and provided to the business network terminal 110 together. I can.
다른 실시 예로, 인터넷망 단말(140)은 제1 전자문서 및 제2 전자문서를 하나의 전자문서로 생성할 수 있다. 예를 들어, 인터넷망 단말(140)은 인터넷 사이트의 데이터에서 링크가 존재하는 부분에 URL 주소 등의 링크 정보(520)를 추가 표시한 전자문서(510)를 생성할 수 있다. 즉, '쇼핑'이라는 글자에 링크가 존재하면, 인터넷망 단말은 '쇼핑'과 중첩되게 또는 그 주변에 링크의 인터넷 주소를 함께 표시할 수 있다. 업무망 단말(110)의 사용자는 링크의 인터넷 주소를 인터넷망 단말(140)에 제공하여 링크가 가리키는 인터넷 사이트의 데이터를 다시 수신할 수 있다.As another example, the Internet network terminal 140 may generate a first electronic document and a second electronic document as one electronic document. For example, the Internet network terminal 140 may generate an electronic document 510 in which link information 520 such as a URL address is additionally displayed in a portion where a link exists in data of an Internet site. That is, if there is a link in the word'shopping', the internet network terminal may display the internet address of the link in overlap with or around the'shopping'. The user of the business network terminal 110 may provide the Internet address of the link to the Internet network terminal 140 to receive the data of the Internet site indicated by the link again.
도 6은 본 발명의 실시 예에 따른 망 분리 환경의 인터넷망 단말의 일 예의 구성을 도시한 도면이다.6 is a diagram illustrating an example configuration of an Internet network terminal in a network separation environment according to an embodiment of the present invention.
도 6을 참조하면, 인터넷망 단말(140)은 주소수신부(600), 스크래핑부(610), 문서생성부(620) 및 전송부(630)를 포함한다. 본 실시 예의 각 구성은 컴퓨팅 장치에서 동작 가능한 프로그램인 에이전트로 구현될 수 있다. Referring to FIG. 6, the Internet network terminal 140 includes an address receiving unit 600, a scraping unit 610, a document generating unit 620 and a transmitting unit 630. Each component of the present embodiment may be implemented as an agent that is a program operable on a computing device.
주소수신부(600)는 망 분리 환경의 망간 자료전송방법을 통해 업무망 단말(110)이 전송한 인터넷 주소를 수신한다. The address receiver 600 receives the Internet address transmitted by the business network terminal 110 through a data transmission method between networks in a network separation environment.
스크래핑부(610)는 인터넷 주소를 기초로 인터넷 사이트에 접속하고 데이터를 스크래핑한다. 스크래핑부(610)는 인터넷 브라우저의 헤드리스 모드를 통해 인터넷 사이트에 접속하고 데이터를 스크래핑할 수 있다.The scraping unit 610 accesses an Internet site based on an Internet address and scrapes data. The scraping unit 610 may access an Internet site and scrap data through the headless mode of the Internet browser.
문서생성부(620)는 스크래핑한 데이터를 PDF 문서 또는 이미지 문서 등과 같은 전자문서로 변환한다. 예를 들어, 문서생성부(620)는 인터넷 브라우저에 표시되는 화면 그 자체를 이미지 문서로 생성할 수 있다.The document generation unit 620 converts the scraped data into an electronic document such as a PDF document or an image document. For example, the document generator 620 may generate the screen itself displayed on the Internet browser as an image document.
다른 실시 예로, 문서생성부(620)는 스크래핑한 데이터에 포함된 링크 정보를 전자문서로 만들 수 있다. 예를 들어, 문서생성부(620)는 스크래핑한 데이터를 전자문서로 변환할 때 링크 정보를 전자문서에 추가할 수 있다. As another example, the document generator 620 may create an electronic document with link information included in the scraped data. For example, the document generating unit 620 may add link information to the electronic document when converting the scraped data into an electronic document.
도 7은 본 발명의 실시 예에 따른 망 분리 환경의 업무용 단말의 일 예의 구성을 도시한 도면이다.7 is a diagram illustrating an example configuration of a business terminal in a network separation environment according to an embodiment of the present invention.
도 7을 참조하면, 업무용 단말(110)은 주소전송부(700), 문서수신부(710) 및 문서표시부(720)를 포함한다. 본 실시 예의 각 구성은 컴퓨팅 장치에서 동작 가능한 프로그램으로 구현될 수 있다. Referring to FIG. 7, the business terminal 110 includes an address transmission unit 700, a document receiving unit 710, and a document display unit 720. Each component of the present embodiment may be implemented as a program operable on a computing device.
주소전송부(700)는 사용자로부터 입력받은 인터넷 주소를 망간 자료전송방법을 통해 인터넷망 단말(140)로 전송한다. 예를 들어, 주소전송부(700)는 사용자 편의를 위하여 종래의 인터넷 브라우저를 통해 인터넷 주소를 입력받을 수 있다. 예를 들어, 사용자는 업무용 단말(100)에 표시된 인터넷 브라우저의 주소입력창에 인터넷 주소를 입력할 수 있다. The address transmission unit 700 transmits the Internet address input from the user to the Internet network terminal 140 through an inter-network data transmission method. For example, the address transmission unit 700 may receive an Internet address input through a conventional Internet browser for user convenience. For example, the user may input an Internet address in an address input window of an Internet browser displayed on the business terminal 100.
문서수신부(710)는 망간 자료전송방법을 통해 인터넷망 단말(140)이 제공한 전자문서를 수신한다. 전자문서는 주소전송부(700)가 제공한 인터넷 주소에 해당하는 인터넷 사이트의 화면이 PDF 또는 이미지 등으로 포함된 문서이다. 다른 실시 예로, 전자문서에는 해당 인터넷 사이트에 포함된 링크 정보가 URL 등으로 추가 표시되어 있을 수 있다.The document receiving unit 710 receives an electronic document provided by the Internet network terminal 140 through a data transmission method between networks. The electronic document is a document in which a screen of an Internet site corresponding to an Internet address provided by the address transmission unit 700 is included as a PDF or an image. As another example, in the electronic document, link information included in the corresponding Internet site may be additionally displayed as a URL or the like.
문서표시부(720)는 수신한 전자문서를 화면에 표시한다. 예를 들어, 문서표시부(720)는 인터넷 브라우저의 화면에 수신한 전자문서를 표시할 수 있다. 이 경우, 업무용 단말(110)의 사용자는 인터넷 브라우저를 통해 인터넷 주소를 입력하고 이에 대한 화면이 인터넷 브라우저에 표시되므로 마치 인터넷에 직접 접속한 것처럼 느낄 수 있다.The document display unit 720 displays the received electronic document on the screen. For example, the document display unit 720 may display the received electronic document on the screen of the Internet browser. In this case, since the user of the business terminal 110 inputs an Internet address through an Internet browser and a screen for this is displayed on the Internet browser, he or she can feel as if they have directly connected to the Internet.
다른 예로, 문서표시부(720)가 표시한 전자문서에 URL 주소 등으로 표시된 링크 정보가 존재하면, 업무용 단말(110)의 사용자는 링크 정보에 해당하는 인터넷 주소를 주소전송부(700)를 통해 입력하여 해당 인터넷 주소에 해당하는 인터넷 사이트의 전자문서를 수신하여 볼 수 있다. 즉, 업무용 단말(110)에서 인터넷에 접속하여 해당 사이트의 링크를 누르는 것과 동일한 효과를 달성할 수 있다. As another example, if there is link information displayed as a URL address in the electronic document displayed by the document display unit 720, the user of the business terminal 110 inputs the Internet address corresponding to the link information through the address transmission unit 700 Thus, the electronic document of the Internet site corresponding to the Internet address can be received and viewed. That is, it is possible to achieve the same effect as pressing a link of a corresponding site by accessing the Internet from the business terminal 110.
본 발명은 또한 컴퓨터로 읽을 수 있는 기록매체에 컴퓨터가 읽을 수 있는 코드로서 구현하는 것이 가능하다. 컴퓨터가 읽을 수 있는 기록매체는 컴퓨터 시스템에 의하여 읽혀질 수 있는 데이터가 저장되는 모든 종류의 기록장치를 포함한다. 컴퓨터가 읽을 수 있는 기록매체의 예로는 ROM, RAM, CD-ROM, 자기 테이프, 플로피디스크, 광데이터 저장장치 등이 있다. 또한 컴퓨터가 읽을 수 있는 기록매체는 네트워크로 연결된 컴퓨터 시스템에 분산되어 분산방식으로 컴퓨터가 읽을 수 있는 코드가 저장되고 실행될 수 있다.The present invention can also be implemented as a computer-readable code on a computer-readable recording medium. The computer-readable recording medium includes all types of recording devices that store data that can be read by a computer system. Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tapes, floppy disks, and optical data storage devices. In addition, the computer-readable recording medium can be distributed over a computer system connected through a network to store and execute computer-readable codes in a distributed manner.
이제까지 본 발명에 대하여 그 바람직한 실시 예들을 중심으로 살펴보았다. 본 발명이 속하는 기술 분야에서 통상의 지식을 가진 자는 본 발명이 본 발명의 본질적인 특성에서 벗어나지 않는 범위에서 변형된 형태로 구현될 수 있음을 이해할 수 있을 것이다. 그러므로 개시된 실시 예들은 한정적인 관점이 아니라 설명적인 관점에서 고려되어야 한다. 본 발명의 범위는 전술한 설명이 아니라 특허청구범위에 나타나 있으며, 그와 동등한 범위 내에 있는 모든 차이점은 본 발명에 포함된 것으로 해석되어야 할 것이다.So far, the present invention has been looked at around its preferred embodiments. Those of ordinary skill in the art to which the present invention pertains will be able to understand that the present invention can be implemented in a modified form without departing from the essential characteristics of the present invention. Therefore, the disclosed embodiments should be considered from an illustrative point of view rather than a limiting point of view. The scope of the present invention is shown in the claims rather than the foregoing description, and all differences within the scope equivalent thereto should be construed as being included in the present invention.

Claims (9)

  1. 업무망과 인터넷망이 분리된 망 분리 환경의 인터넷 이용 방법에 있어서,In the Internet usage method in a network separation environment where the business network and the Internet network are separated,
    업무망 단말은 인터넷주소를 망간자료전송 방법을 통해 인터넷망 단말로 전송하는 단계;The business network terminal transmitting the Internet address to the Internet network terminal through the network data transmission method;
    상기 인터넷망 단말은 상기 인터넷주소에 해당하는 웹사이트를 스크래핑하는 단계;Scraping, by the internet network terminal, a website corresponding to the internet address;
    상기 인터넷망 단말은 스크래핑한 데이터를 전자문서로 변환하는 단계; 및The Internet network terminal converting the scraped data into an electronic document; And
    상기 인터넷 단말은 상기 전자문서를 상기 망간자료전송 방법을 통해 상기 업무망 단말로 전송하는 단계;를 포함하는 것을 특징으로 하는 망 분리 환경의 인터넷 이용 방법.And transmitting, by the Internet terminal, the electronic document to the business network terminal through the inter-network data transmission method.
  2. 제 1항에 있어서, The method of claim 1,
    상기 인터넷주소는 URL 주소인 것을 특징으로 하는 망 분리 환경의 인터넷 이용 방법.The Internet use method in a network separation environment, characterized in that the Internet address is a URL address.
  3. 제 1항에 있어서, 상기 전자문서로 변환하는 단계는, The method of claim 1, wherein the converting to the electronic document comprises:
    상기 스크래핑한 데이터를 PDF 파일로 변환하는 단계를 포함하는 것을 특징으로 하는 망 분리 환경의 인터넷 이용 방법.And converting the scraped data into a PDF file.
  4. 제 1항에 있어서, 상기 스크래핑하는 단계는,The method of claim 1, wherein the scraping step,
    상기 인터넷망 단말은 웹브라우저의 헤드리스 모드를 통해 상기 인터넷주소에 해당하는 웹사이트의 데이터를 획득하는 단계를 포함하는 것을 특징으로 하는 망 분리 환경의 인터넷 이용 방법.And acquiring, by the internet network terminal, data of a website corresponding to the internet address through a headless mode of a web browser.
  5. 업무망에 위치한 업무망 단말이 전송한 인터넷 주소를 망 분리 환경의 망간자료전송방법을 통해 수신하는 주소수신부;An address receiver for receiving an Internet address transmitted by a business network terminal located in the business network through a network data transmission method in a network separation environment;
    상기 인터넷주소에 해당하는 웹사이트를 스크래핑하는 스크랩핑부;A scraping unit for scraping a website corresponding to the internet address;
    상기 스크래핑한 데이터를 전자문서로 변환하는 문서생성부; 및A document generator for converting the scraped data into an electronic document; And
    상기 전자문서를 상기 망간자료전송 방법을 통해 상기 업무망 단말로 전송하는 전송부;를 포함하는 것을 특징으로 하는 망 분리 환경의 인터넷망 단말.And a transmission unit for transmitting the electronic document to the business network terminal through the inter-network data transmission method.
  6. 제 5항에 있어서, 상기 스크랩핑부는,The method of claim 5, wherein the scraping unit,
    웹브라우저의 헤드리스 모드를 통해 상기 인터넷주소에 해당하는 웹사이트의 데이터를 획득하는 것을 특징으로 하는 망 분리 환경의 인터넷망 단말.An internet network terminal in a network separation environment, characterized in that acquiring data of a website corresponding to the internet address through a headless mode of a web browser.
  7. 인터넷 주소를 망 분리 환경의 망간 자료전송방법을 통해 인터넷망 단말로 전송하는 주소전송부;An address transmission unit for transmitting an Internet address to an Internet network terminal through an inter-network data transmission method in a network separation environment;
    상기 인터넷망 단말로부터 상기 자료전송방법을 통해, 상기 인터넷 주소에 해당하는 사이트에서 스크랩핑한 데이터를 전자문서 형태로 수신하는 문서수신부; 및A document receiving unit for receiving data scraped from a site corresponding to the Internet address in an electronic document form through the data transmission method from the Internet network terminal; And
    상기 수신한 문서를 표시하는 문서표시부;를 포함하는 것을 특징으로 하는 망 분리 환경의 업무망 단말.A document display unit for displaying the received document; a business network terminal in a network separation environment comprising: a.
  8. 제 7항에 있어서, 상기 주소전송부는,The method of claim 7, wherein the address transmission unit,
    상기 문서에 표시된 인터넷 주소를 상기 인터넷망 단말로 전송하는 것을 특징으로 하는 망 분리 환경의 업무망 단말.A business network terminal in a network separation environment, characterized in that transmitting the Internet address indicated in the document to the Internet network terminal.
  9. 제 1항에 기재된 방법을 수행하기 위한 프로그램을 기록한 컴퓨터로 읽을 수 있는 기록매체.A computer-readable recording medium in which a program for performing the method according to claim 1 is recorded.
PCT/KR2020/005940 2019-06-14 2020-05-06 Internet use method in network separation environment and device therefor WO2020251166A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020190071071A KR102167027B1 (en) 2019-06-14 2019-06-14 Method for accessing internet in network separation environment and apparatus therefor
KR10-2019-0071071 2019-06-14

Publications (1)

Publication Number Publication Date
WO2020251166A1 true WO2020251166A1 (en) 2020-12-17

Family

ID=73035111

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2020/005940 WO2020251166A1 (en) 2019-06-14 2020-05-06 Internet use method in network separation environment and device therefor

Country Status (2)

Country Link
KR (1) KR102167027B1 (en)
WO (1) WO2020251166A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102670719B1 (en) * 2023-04-20 2024-05-31 인포텍코퍼레이션 주식회사 System for providing automatic billing service for unpaid tax

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100633534B1 (en) * 2004-06-11 2006-10-16 (주)인포메이션 앤 인터넷 Web scraping engine system
US7263561B1 (en) * 2001-08-24 2007-08-28 Mcafee, Inc. Systems and methods for making electronic files that have been converted to a safe format available for viewing by an intended recipient
KR20140027756A (en) * 2012-08-27 2014-03-07 주식회사 신한은행 Network separation system, dummy web sever for network separation and method of network separation
KR20140102876A (en) * 2013-02-15 2014-08-25 주식회사 미라지웍스 Network separation system and method thereof
KR20180130306A (en) * 2017-05-29 2018-12-07 한국전력공사 System and method for transmitting data of physical network separation environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7263561B1 (en) * 2001-08-24 2007-08-28 Mcafee, Inc. Systems and methods for making electronic files that have been converted to a safe format available for viewing by an intended recipient
KR100633534B1 (en) * 2004-06-11 2006-10-16 (주)인포메이션 앤 인터넷 Web scraping engine system
KR20140027756A (en) * 2012-08-27 2014-03-07 주식회사 신한은행 Network separation system, dummy web sever for network separation and method of network separation
KR20140102876A (en) * 2013-02-15 2014-08-25 주식회사 미라지웍스 Network separation system and method thereof
KR20180130306A (en) * 2017-05-29 2018-12-07 한국전력공사 System and method for transmitting data of physical network separation environment

Also Published As

Publication number Publication date
KR102167027B1 (en) 2020-10-16

Similar Documents

Publication Publication Date Title
TWI338485B (en) Method of securing a local computer network with respect to a wide area computer network and a computer-readable medium having stored thereon computer-readable instructions for performing the same
WO2010062048A2 (en) Method and apparatus for managing state information of remote user interface
WO2014112727A1 (en) Shortened url management method and management device, and storage medium storing computer program for management thereof
WO2018212455A1 (en) Method and system for checking malicious hyperlink in email body
WO2020040556A1 (en) Web browser-based scraping system and method
WO2011008017A2 (en) Apparatus and method for host-based network separation
WO2020251166A1 (en) Internet use method in network separation environment and device therefor
WO2017213454A1 (en) File control system and method using user server
WO2015102279A1 (en) User security authentication system in internet environment and method therefor
WO2018182065A1 (en) Multi-resource subscription association method in m2m system
WO2017052210A1 (en) Method and apparatus for providing digital product using user account synchronization
WO2025100601A1 (en) Honeypot system and honeypot operation method in distributed cluster environment, and computing device for performing same
WO2018008861A1 (en) Html control system and method using user server
CN110113296A (en) A method of processing data
WO2017043930A1 (en) Shared terminal detection method and device therefor
WO2019022582A1 (en) Intelligent smart-aging service configuration system and method
WO2015076497A1 (en) Shared terminal detection method using web entity and device therefor
WO2017200176A1 (en) Method and system for sharing document in mobile messenger
WO2015088195A1 (en) Local environment protection method and protection system of terminal responding to malicious code in link information
WO2010062126A2 (en) Method and system for optimizing application deployment in open service gateway initiative framework
JP5322972B2 (en) Web screen restoration device, web screen restoration method, and web screen restoration program
WO2016093609A1 (en) Message bookmark system and method
WO2015080378A1 (en) Method for identifying sharing terminal and system therefor
WO2014025129A1 (en) Application installation system, apparatus, method, and computer-readable recording medium in mobile terminal using user terminal
WO2010002227A2 (en) A method of securing passwords used in web pages and a recording medium readable by a computer having a program installed to execute said method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20822562

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20822562

Country of ref document: EP

Kind code of ref document: A1