The following disclosure relates to a method for tracing web user, and in particular, to an apparatus and method for tracing web user using signed code, which traces a web user with a signed code.
As Internet users rapidly increases, all sorts of criminal acts are increasing over the Internet. However, because most Internet traffics are concentrated on Hyper Text Transmission Protocol (HTTP(s))-based web service having an open structure, Internet infringers easily access a web server to perform unlawful acts and hide the unlawful acts. Therefore, a web service provider applies a web trace scheme for coping with the unlawful act, thereby strengthening the security of web service.
A related art web tracing scheme analyzes the header or access information of a network packet that accesses a web server to obtain a sending address and a destination address, and estimates the access path of an access user on the basis of the obtained addresses. However, when the access user passes through an anonymous proxy server, the related art web tracing scheme cannot find the information of an actual access user.
For solving these limitations, a reverse tracing scheme based on java script, java applet and Active-X was considered, but it cannot perform reverse tracing when strengthening the security of a web browser, blocking popup and executing a separate security program.
Another related art web tracing scheme obtains the information of the access user using an Internet connection program being executed by the web browser of an access user. However, the other related art web tracing scheme additionally should analyze a communication system that goes round a proxy, and moreover, it has limitations in obtainable information.
A related art web tracing scheme using plug-in should control plug-in through a bi-directional communication, and has limitations in extractable information.
In one general aspect, an apparatus for tracing web user using signed code includes: at least one access terminal requesting a web page; a web server providing the web page including a signed code to the each access terminal according to the request; and a monitoring server receiving and analyzing access information which is extracted from the each access terminal according to execution of the signed code.
In another general aspect, an apparatus for tracing web user using signed code includes: a signed code generation unit sending a web page, into which a signed code is inserted, to at least one access user which requests the web page; an information collection unit collecting access information of each access user which is extracted according to execution of the signed code; and an information display unit displaying the collected access information.
In another general aspect, a method for tracing web user using signed code includes: generating a signed code which extracts access information of each access user; inserting the generated signed code into a web page which is requested by the each access user; and sending the web page, into which the signed code is inserted, to the each access user.
In another general aspect, a method for tracing web user using signed code includes: collecting access information of each access user as a signed code is executed by sending a web page, into which a signed code is inserted, to each access user which requests a web page; and displaying the collected access information.
Other features and aspects will be apparent from the following detailed description, the drawings, and the claims.
Hereinafter, exemplary embodiments will be described in detail with reference to the accompanying drawings. Throughout the drawings and the detailed description, unless otherwise described, the same drawing reference numerals will be understood to refer to the same elements, features, and structures. The relative size and depiction of these elements may be exaggerated for clarity, illustration, and convenience. The following detailed description is provided to assist the reader in gaining a comprehensive understanding of the methods, apparatuses, and/or systems described herein. Accordingly, various changes, modifications, and equivalents of the methods, apparatuses, and/or systems described herein will be suggested to those of ordinary skill in the art. Also, descriptions of well-known functions and constructions may be omitted for increased clarity and conciseness.
Hereinafter, an apparatus for tracing web user using signed code according to an exemplary embodiment will be described with reference to
Referring to
The each access terminal 110 accesses the web server 120 to request an HTTP(s) web page. The each access terminal 110 receives a web page (for example, signed HTTP(s)) including a signed code (for example, signed applet, Webstart) and agrees to the executing of the signed code, thereby viewing a web page. At this point, when the each access terminal 100 agrees to the executing of the signed code, the web server 120 allows viewing of the web page. When the each access terminal 100 disagrees executing of the signed code, the web server 120 disallows further viewing of the web page.
The signed code internally includes proxy information, and in execution, it extracts the access information of the each access terminal 110 to provide the extracted access information to the monitoring server 130.
The web server 120 obtains the agreement of an access user for execution before executing the signed code and lawfully collects the access information of the access user, thereby preventing a legal dispute.
The web server 120 inserts a signed code, from which the access information of the each access terminal 110 may be extracted, into the web page, and provides a web page including the signed code according to the web page request of the each access terminal 110. Herein, the access information includes at least one of the Internet Protocol (IP) address, network information, manager information, system information, proxy information, access path information and geographic information for the position of the each access terminal 110. Moreover, the signed code may be one that has been pre-signed by a reliable organization such as recognized organizations, and can improve reliability for the web page.
The monitoring server 130 receives and analyzes access information that is extracted from the each access terminal 110 according to the execution of the signed code in the each access terminal 110. At this point, the monitoring server 130 always waits for receiving access information that is sent from the signed code.
In detail, the monitoring server 130 determines whether to use a proxy server on the basis of the extracted access information, and may check the actual IP address of the access terminal 110 instead of the proxy server to map access information and access path into a physical position, a country and an organization on a digital map, thereby displaying a result of the mapping.
To provide a brief description, the user of the access terminal 110 requests a web page associated with information necessary for the web server 120, and the web server 120 sends a web page including the signed code in response to the request. Accordingly, when the user intends to view the web page through a web browser, a popup window for querying whether to agree to the execution of the signed code is opened. When the user agrees to the execution of the signed code, the web server 120 gives authorization for continuously viewing the web page, and the signed code extracts the access information of the access terminal 110 to send the extracted access information to the monitoring server 130. The monitoring server 130 receives, analyzes and stores the sent access information, and the stored information may be used for service that provides the access information of the user and the access terminal 110 together with geographic information to another user.
The web server 120 or the monitoring server 130 may limit the providing of service for a proxy server or a user that does not agree to the execution of the signed code, and it may add the user or the proxy server to a risk list and manage the potential risk list.
According to an exemplary embodiment, by adding a signed code that has been pre-signed by a reliable organization such as recognized organizations to a web page, the apparatus 10 can improve reliability for materials, documents and programs that may be sent through a web page and the Web. Even when an access user directly accesses a web server or accesses the web server by passing through the proxy server, the apparatus 10 can check the network information and position of the access user.
According to an exemplary embodiment, furthermore, although the apparatus 10 does not capture a packet that is sent, install a separate agent program, or use the plug-in of a web browser, additional plug-in and a separate communication protocol, the apparatus 10 may check the network information and position of the access user. Thereby the apparatus 10 can quickly and easily trace the IP address and system information of the access user.
In addition, because the apparatus 10 may apply the same algorithm irrespective of the kind of the proxy server that is passed thmugh, it need not determine the kind of the proxy server or separately configure an algorithm based on the kind of the proxy server.
Hereinafter, an apparatus for tracing web user using signed code according to another exemplary embodiment will be described with reference to
Referring to
The signed code generation unit 210 sends a web page, into which a signed code is inserted, to at least one access user that requests a web page.
The signed code generation unit 210 includes a daemon 213, a signed code generator 211, and a signed code inserter 212.
The signed code generator 211 generates a signed code that extracts access information related to the execution of a computer and the access through a network, from the computer of each access user. At this point, the signed code generator 211 updates the signed code, and manages a history that is generated, updated and sent.
The signed code inserter 212 inserts the generated signed code into a web page. At this point, he web page may be one that is included in the Hyper Text Markup Language (HTML) document and the jnlp (Java Web Start) document.
The daemon 213 sends a web page, into which the signed code is inserted, to each access user that is outputted from the signed code inserter 212 according to the web page request of the each access user.
The information collection unit 220 collects the access information of the each access user that is extracted according to the execution of the signed code. The information collector 220 includes an information receiver 221, an information analyzer 222, and an access information storage 223.
As the signed code is executed in the computer of the access user, the information receiver 221 receives access information that is extracted by the signed code. The information analyzer 222 analyzes the received access information to check the information of the access user. The access information storage 223 stores access information, which is received and analyzed for providing subsequent service, in an information database. Herein, the access information includes at least one of the IP address, network information (for example, an access network and a network operator), manager information (for example, a user identification (ID)), system information (for example, an operating system (OS)), proxy information and access path information of an access user computer.
The information display unit 230 maps each collected access information on Geographic Information System (GIS) to displays it.
The information display unit 230 includes a geographic information storage 231, a GIS mapper 232, and a displayer 233.
The geographic information storage 231 includes at least one GIS information of traffic information, digital topographical map, satellite photograph and aerial photograph.
The GIS mapper 232 maps collected access information on the GIS information. That is, the GIS mapper 232 maps access information on a digital map on the basis of the access information and the GIS information, and provides mapped data to the displayer 233.
As a display means such as Liquid Crystal Displays (LCD), the displayer 233 displays the mapped data.
Hereinafter, a method for tracing web user using signed code according to an exemplary embodiment will be described with reference to
Referring to
Subsequently, the apparatuses 10 and 20 send a web page, into which a signed code for a corresponding Uniform Resource Locator (URL) is inserted, to the each access user that sends the web page request in S320.
The apparatuses 10 and 20 query whether to agree to the execution of the signed code over the web browser of the access user in S330.
When the access user agrees to the execution of the signed code, the apparatuses 10 and 20 execute the signed code and allow viewing of the web page, which is performed over the web browser, to the access user in S340.
The signed code is executed in the computer of the access user, whereupon access user information, system information and proxy information are collected. The collected information is sent to the web server 120 or the monitoring server 130 in S350.
The web server 120 or the monitoring server 130 receives the access user information, the system information and the proxy information, and stores and manages all the received information in S360.
The apparatuses 10 and 20 map access information on GIS information to display mapped data in S370. Herein, the GIS information includes at least one of traffic information, digital topographical map, satellite photograph and aerial photograph.
In this way, the apparatuses 10 and 20 display an access user, a system and a proxy on an accurate and vivid digital map, and thus support that each user can instinctively perceive information associated with access paths and each access user.
In other words, the apparatuses 10 and 20 three-dimensionally display the access path of each access user through satellite photographs, and moreover, provide the accurate position information of a building in which the each access user is disposed through high-accurate geographic information and each IP address.
Moreover, the apparatuses 10 and 20 provide high-resolution digital maps and access information, including access user information and access path information through vector-based digital topographical maps, irrespective of the zooming in and out of maps.
A number of exemplary embodiments have been described above. Nevertheless, it will be understood that various modifications may be made. For example, suitable results may be achieved if the described techniques are performed in a different order and/or if components in a described system, architecture, device, or circuit are combined in a different manner and/or replaced or supplemented by other components or their equivalents. Accordingly, other implementations are within the scope of the following claims.
Number | Date | Country | Kind |
---|---|---|---|
10-2009-0076832 | Aug 2009 | KR | national |
This application claims priority under 35 U.S.C. §119 to Korean Patent Application No. 10-2009-0076832, filed on Aug. 19, 2009, in the Korean Intellectual Property Office, the disclosure of which is incorporated herein by reference in its entirety.