WO2013180673A1 - An internet router and an internet control method for said router - Google Patents

An internet router and an internet control method for said router Download PDF

Info

Publication number
WO2013180673A1
WO2013180673A1 PCT/TR2013/000144 TR2013000144W WO2013180673A1 WO 2013180673 A1 WO2013180673 A1 WO 2013180673A1 TR 2013000144 W TR2013000144 W TR 2013000144W WO 2013180673 A1 WO2013180673 A1 WO 2013180673A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
router
internet
information
access
Prior art date
Application number
PCT/TR2013/000144
Other languages
French (fr)
Inventor
Ali KIZIL
Huseyin CIZMECIOGLU
Original Assignee
Kizil Ali
Cizmecioglu Huseyin
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kizil Ali, Cizmecioglu Huseyin filed Critical Kizil Ali
Publication of WO2013180673A1 publication Critical patent/WO2013180673A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Definitions

  • This invention is related to an internet router that distributes the data into the building by controlling and filtering the internet and a control method for said internet router.
  • the Turkish Laws demand the compliance of some conditions from ISP (Internet Service Provider) companies. Some of these conditions are criteria such as family filter applications, site restrictions carried out by court decisions, keeping a log of the access information of users and the ending of the internet virtually in our country (at a point wherein the ISP's inner network connects to the internet).
  • ISP Internet Service Provider
  • ISP's In order for the unwanted content to be eliminated from the internet in the known state of the art, it has to be filtered by ISP's before it is distributed to the end user.
  • the filtering process ensures that some content cannot be accessed in accordance with the prohibited list, which is prohibited according the state decision beforehand or which the user has chosen previously. For example when a family does not want their child to access some sites with inappropriate content, the ISP filters the sites and the prohibited sites cannot be accessed. Said filtering process is carried out by a central filtering system that can encompass this
  • each ISP Internet Service Provider
  • F central filter system
  • ISP Internet Service Provider
  • All of the users who want to use an internet pass through a central filtering system.
  • the users that pass through the central filter system can connect to the internet.
  • the content which is not prohibited or which can be seen according to a previously selected prohibited sites list is thus eliminated and transferred to the user.
  • the central filter system of the known state of the art brings some problems together with it.
  • a central filtering system makes it necessary of the end user to use an ID verification device such as a modem.
  • the insulation of the access of users to the internet is carried out via said modems.
  • the central filter system provided by ISP causes the problem of each user to share out the internet to other users unofficially.
  • a business enterprise can enable its customers or guests to use the WIFI channel subscription it has purchased by buying a subscription.
  • the end user number which should actually be one end user ends up being more than one user.
  • the aim of this invention is related to an internet router that enables the access of the users to the filtered internet, and an internet control method for said internet router. Another purpose of this invention, is to provide an internet router that increases the internet filtering capability of the users and an internet control method for said internet router. Another aim of this invention is to provide an internet router, that enables to elimination of the problems caused due to the break downs arising from the central inspection of the internet access and also prevents for the problems in the central structure to affect all users at the same time, and provides an internet control method thereof. Yet another aim of the invention is to provide an internet router that eliminates the connection speed losses that the users face due to the filtering systems of the internet service providers and an internet control method thereof.
  • the router comprises a DNS server and a processor which answers all of the DNS solution requests of all of its clients, which opens and checks all kinds of information packets received, stops access to contents that are not compliant to the law, which carries out the user ID verification for everyone trying to get access to the internet over said router on itself independent from the network operating centre (NOC) belonging to the ISP, and reroutes all demands of all users who have not verified their ID's to an ID verification page.
  • NOC network operating centre
  • ID verification system is performed separately for each predefined user group.
  • the end user does not need an intermediate ID verification device such as a modem.
  • the ID verification page is provided by the hotspot and pppoe interface service.
  • the processor contained in the router according to the invention holds any kind of received data in a memory for a certain amount of time, when the user re-requests the data in the said memory it provides the reply to the user from its said own memory instead of from the internet and it makes it unnecessary to wait for a reply from the ISP system.
  • the processor For accessing with the ID information of the users permitted by the processor, the processor saves the ID information assigned to that user and access date and access time into the memory in the format required by the law.
  • the processor prevents a client (user) connected to itself from accessing one or more IP addresses or services in the internet. Moreover, the processor can also prevent all users from accessing the services desired to be prevented simulatenously.
  • the processor may define a user profile in the memory.
  • the processor adjusts the internet access rate (bandwith management) for each user according to the profile.
  • the processor prioritizes the data depending on the size, type and/or protocol of the certain data packages and may make port based blocking.
  • the internet router comprises a radius server.
  • the processor performs an ID verification by utilizing a remote radius server. The processor of the router transfers the records stored in its memory to the central log server of the ISP.
  • the router automatically performs data update.
  • the router comprises web based, telnet based, socket based programs and CLI based management tools.
  • the router can route internet received from satellite or fiber wire or XDSL wire or Wi-fi or Wi-max or radiolink or similar wireless technologies.
  • the primary duty of the said connection methods is to connect the router of the invention to the internet main backbone.
  • Method (100) according to the router subject to the invention comprises the following steps;
  • the request is received from a user (K) who is connected to the internet and whose identification is verified for the router to decide if the IP address given to the user is a permanent IP address belonging to the user (K) and for the router to give passage permission to the user (K) (106),
  • the router Following the permission given by the router (1) to the user (K), for the router to check the profile comprising the filtering characteristics of the user (K) such as the speed information and family filter information previously recorded into the memory and for the router to determine which filter rules will be processed (108),
  • the router (1) For the router (1) to control if there is a DNS restriction for the web address requested by the user (K) in order to filter the request of the user (K) under the light of the profile information of the user (K), learned from its own memory, independent from the NOC (network operating centre) belonging to the ISP (109),
  • step numbered (113) If the step numbered (113) is carried out, for the router to direct the user (K) to a legal warning page on its browser, showing said page is legally prohibited
  • the ISP uses satellite internet as an internet source.
  • a slave router is placed in front of each satellite terminals, installed in order to provide internet access via satellite in said method defined for the router subject to the invention.
  • the slave routers are connected with the NOC system (Network Operating Centre) over the ISP and a master router which said system comprises. While the slave routers, carry out an identity verification via the AAA server inside the master router within the NOC system, at the same time the family filter and the access rules it has received will ve applied to the users who want to have access to the internet from the satellite.
  • the access to the internet ends virtually in front of the satellite dish.
  • the router keeps the log information that needs to be legally recorded for each client, then transfers these periodically to a main log server inside the main router.
  • BTK Institute of Information Technologies and Communication
  • other inspection organizations can have access to the main router within the NOC system in Turkey and make any changes necessary. Said changes carried out can be simultaneously transferred to all other slave routers in an embodiment of the present invention.
  • the slave routers can request data updating and can update themselves from the NOC system together with the internet access requests of the users, or at pre-determined certain intervals. By this means all new rules are applied to all of the users.
  • the router subject to the invention and method thereof provides the same kind of application of all the laws and regulations regarding internet access in our country to the internet access via satellite
  • FIGURE-1 Shows the schematic view of the central filtering system used in the prior art.
  • FIGURE -2 Shows the schematic view of the system which uses the router subject to the invention.
  • FIGURE -3 is a flow diagram which shows the operating steps of the router subject to the invention.
  • FIGURE -4 is a flow diagram showing the self update of the router subject to the invention.
  • the router (1) is used to control the internet (N) of a building (B) or area where there are a pre-determined number of users (K) present.
  • a router (1) is placed at each of the buildings (B) or areas desired to be controlled.
  • the router (1) is in communication with the NOC system.
  • the router (1) controls the contents of the internet (N) which is provided by the internet service provider (ISP) via NOC system and distributes it to the building (B) or area defined in it by routing.
  • ISP internet service provider
  • the internet (N) management is performed not for all users (K) but for a private group of users (K) and for that group internet (N) contents and conditions are re-configured.
  • the router during a user's (K) access to the internet, transforms the filtering procedures applied by the BTK (Information and Technology Organization) to an accessing service which the user (K) can control by him/herself within the pre- defined rules.
  • BTK Information and Technology Organization
  • a router (1) is placed to the input point of incoming internet (N) in each building (B) and the internet (N) is made to enter into the router (1) before entering into the building (B).
  • the router (1) distributes the internet (N) to the users (K) by filtering in accordance with the predefined contents for each user (K) ( Figure 2).
  • the router distributes the terrestrial internet (N) to pre-defined user (K) groups.
  • the internet (N) is terminated at the modem/switch/routers (said modem is an equipment used for internal network safety of the ISPs) in the building through a terrestrial connection model such as fiber, xdsl or like.
  • the internet is transferred from the modem to the router (1) by being transformed to the Ethernet infrastructure according to ipv 4.0 and ipv 6.0 standards.
  • the access requests from the user (K) are being filtered in the router (1) according the the pre-defined requirements of the BTK and the users (K) (called a family filter in Turkish laws and regulations) and then transferred to the user (K).
  • the router (1) of the invention uses an operating system that contains open source code (such as DNS, SysLOG, Hotspot, Radius, SQL, LDAP, Linux, Proxy, iptables, TCP, UDP, HTTP, HTTPS, SSL, snmp, PPPoe, bgp, mpls, mips nslu nslu2 ppc openwrt x86 x64 st st40 i486 i586 1686) technologies and that works with processor architectures such as x86, ppc, mips, arm. Furthermore, it uses Dude management software, NagiOS management software, wi-fi, wi-maxi radiolink, fiber connection technologies.
  • open source code such as DNS, SysLOG, Hotspot, Radius, SQL, LDAP, Linux, Proxy, iptables, TCP, UDP, HTTP, HTTPS, SSL, snmp, PPPoe, bgp, mpls, mips
  • the router (1) holds any kind of data passing through itself in its memory (11) for a certain amount of time for the users (K) to be able to access internet ( ) with a high performance. Thus, for the information kept on itself, there is no need for it ' to wait for a response from the NOC system of the internet (N) provider that manages the central system.
  • the router (1) of the invention comprises at least one memory, at least one processor and at least one server (not shown in the figures).
  • One of the servers that said router ( 1 ) comprises is a proxy server.
  • the router (1) of the invention operates according to the following method (100) steps: -
  • the user (K) turns on the computer (101),
  • the router (1) located in a pre-determined building (B) or area assigns a temporary ip to the user (K) independent of the network operating center (NOC) that the ISP owns (102),
  • the user (K) opens a web browser to enter the internet (N) and writes the address of the web page that he/she wants to browse into the address bar on the browser (103),
  • the router (1) controls if the ID of the user (K) of the said request is verified and if he/she is a user (K) with an open session (105), - If the request is coming from a user (K) with a verified ID and with an open session, the IP address assigned to the user (K) is determined as the permanent IP address of the user (K) and the user (K) is given a passing permit by the router (1) (106),
  • the router (1) saves the IP address, date and time information of the user (K) into its local memory in the format requested by BTK (107),
  • the router (1) After giving the user (K) a passing permit, the router (1) examines the profile which is saved into its memory beforehand that contains the filtering characteristics of the user (K) such as data rate and family filter and the router (1) learns which filter rules to be executed (108),
  • the router (1) checks if there is a DNS limitation for the web address requested by the user (K) in order to filter the user's (K) request in the light of user (K) profile information learned from its own memory independent of the ISP's network operating center (NOC) (109),
  • the router controls the proxy server that it contains and if there is record in the server regarding to said request it routes the user (K) to the requested web address by using this record (110),
  • the router (1) contains if there is no record regarding to the said request in the server, it fetches the web address information that the user (K) wanted to access from internet (N) and routes the user (K) to the requested web addres (111),
  • the router (1) routes the user (K) to a legal blocking page (113),
  • step (113) If the step (113) is performed, a legal warning page is opened in the user's (K) web browser (114),
  • the router (1) decides that the ID of the user ( ) of the said request was not verified or the user (K) did not open a session, then it performs the following steps:
  • the user (K) writes the subscription information that contains user name and password into the opened "log on” page and the router (1) checks the subscription state of the user (K) (202),
  • the router (1) sends the user (K) a new EP setup and the method (100) returns to step 106 (203),
  • the router (1) routes the user (K) to a subscription control page where the user (K) can correct the information (204),
  • the router (1) routes the user (K) to a web page where the user (K) can get a new subscription (205),
  • the router (1) routes the user (K) to a web page where the user (K) can get a subscription (206).
  • the router (1) connects to the NOC (Network Operator Center) system in pre- defined intervals, receives the new rules that it has to apply to the users and updates the data if there is any.
  • the router (1) also transmits the user logs stored in its memory to NOC system in pre-defined intervals.
  • the router (1) performs the updates which was defined to be executed in pre- defined intervals by using the ISP's NOC system by the following steps: - After the ISP receives internet from a foreign source and the user gets a subscription from the local ISP, the router (1) accesses the NOC system of the local ISP and fetches the AAA, log, filter and dns information recorded on the local ISP's NOC system in order to implement them to the users in its responsibility (301),
  • the router (1) compares the filter information received from the NOC system and the IDs of the users in its responsibility, if there is a difference between the two records it updates the information stored on itself to comply with the records in the NOC system (302),
  • the router When the user wants to connect to the internet, the router allows the user to access internet through the foreign country router depending on the ID data such as family filter and proxy, dns, AAA received from the NOC system (303),
  • the router (1) logs the activities of the user that it permits to access internet in the network in accordance with the laws and transmits these data to a main log machine in NOC system via satellite (304).
  • BTK can always accesses the filter, dns and log machine located in the ISP's NOC system via a tunnel assigned to it and can access the router (1) defined as slave in the said NOC system.
  • any kind of intervention and/or modification made on AAA, log, filter and dns systems in the NOC system is being transmitted to all routers (1) defined as slave in the NOC system realtime.
  • BTK informs ISP about new family filter decisions
  • ISP makes the required updates in the main proxy and dns on the master router system located in the NOC system.
  • NOC system pairs up with all router (1) devices in a short time. Thus, the new filter rules become valid.
  • the users (K) can not share internet (N) with more than one unauthorized users (K).
  • the internet (N) router according to the invention radically changes the internet distribution architectures of the ISPs.

Abstract

This invention is related to a router (1) which comprises a DNS server and a processor which answers all of the DNS resolution requests of all of its users (K) that it serves, which opens and checks incoming information packets, which blocks access to contents that are not compliant to the law, which carries out the user ID verification each user who wants to access to the internet over said router from itself independent from the network operations centre, NOC, owned by the ISP, and which routes any kind of request of all the users who have not verified their ID' S to an ID verification page and it is also related to an internet control method (100) for said router.

Description

DESCRIPTION
AN INTERNET ROUTER AND AN INTERNET CONTROL METHOD
FOR SAID ROUTER
Technical Field
This invention is related to an internet router that distributes the data into the building by controlling and filtering the internet and a control method for said internet router.
Prior Art
The Turkish Laws demand the compliance of some conditions from ISP (Internet Service Provider) companies. Some of these conditions are criteria such as family filter applications, site restrictions carried out by court decisions, keeping a log of the access information of users and the ending of the internet virtually in our country (at a point wherein the ISP's inner network connects to the internet). In the known state of the art, if an ISP, for example wanted to supply internet via satellite, it cannot cover any of the said conditions mentioned above. In order for the unwanted content to be eliminated from the internet in the known state of the art, it has to be filtered by ISP's before it is distributed to the end user. The filtering process ensures that some content cannot be accessed in accordance with the prohibited list, which is prohibited according the state decision beforehand or which the user has chosen previously. For example when a family does not want their child to access some sites with inappropriate content, the ISP filters the sites and the prohibited sites cannot be accessed. Said filtering process is carried out by a central filtering system that can encompass this city or a certain region for this process.
In the known state of the art, each ISP (Internet Service Provider) establishes a central filter system (F) for itself or per service area or city. The related internet provider, (ISP) controls the functioning of this filter system. All of the users who want to use an internet pass through a central filtering system. The users that pass through the central filter system can connect to the internet. The content which is not prohibited or which can be seen according to a previously selected prohibited sites list is thus eliminated and transferred to the user. The central filter system of the known state of the art, brings some problems together with it.
For example in the present filter system, as the user numbers are too many, and as the said users want different contents to be filtered the internet is slow and sufficient filtering cannot be done according to preferred levels. Moreover a problem that might arise in the filter system may cause the internet to disconnect. When the internet disconnects the internet of all of the users is cut off. (Figure- 1).
Moreover as filtering system of the known state of the art, is carried out by a central system provided by the ISP, while the user activities are recorded via this system (keeping logs), the recording process in the new technology is restricted with the processor capacity of the central system of the ISP. When the processor capacity is about to be exceeded, the log taking procedure slows down and as the internet access cannot be gained until the log is taking the access of the users to the internet also slows down. This problem is being tried to be improved by developing the infrastructure of the hardware of ISP's, however this causes a high financial cost which cannot be scaled due to the ever increasing number of internet users.
In addition the usage of a central filtering system, makes it necessary of the end user to use an ID verification device such as a modem. The insulation of the access of users to the internet is carried out via said modems. In addition the central filter system provided by ISP, causes the problem of each user to share out the internet to other users unofficially. For example a business enterprise can enable its customers or guests to use the WIFI channel subscription it has purchased by buying a subscription. In this case the end user number which should actually be one end user, ends up being more than one user. Brief Description of the invention
The aim of this invention is related to an internet router that enables the access of the users to the filtered internet, and an internet control method for said internet router. Another purpose of this invention, is to provide an internet router that increases the internet filtering capability of the users and an internet control method for said internet router. Another aim of this invention is to provide an internet router, that enables to elimination of the problems caused due to the break downs arising from the central inspection of the internet access and also prevents for the problems in the central structure to affect all users at the same time, and provides an internet control method thereof. Yet another aim of the invention is to provide an internet router that eliminates the connection speed losses that the users face due to the filtering systems of the internet service providers and an internet control method thereof.
The router comprises a DNS server and a processor which answers all of the DNS solution requests of all of its clients, which opens and checks all kinds of information packets received, stops access to contents that are not compliant to the law, which carries out the user ID verification for everyone trying to get access to the internet over said router on itself independent from the network operating centre (NOC) belonging to the ISP, and reroutes all demands of all users who have not verified their ID's to an ID verification page.
Thus it ensures that losses that may result from central system during logging of the user activities get minimized.
Moreover, therefore ID verification system is performed separately for each predefined user group. Thus the end user does not need an intermediate ID verification device such as a modem.
In one embodiment of the device, the ID verification page is provided by the hotspot and pppoe interface service.
For the users to access internet with high performance, the processor contained in the router according to the invention holds any kind of received data in a memory for a certain amount of time, when the user re-requests the data in the said memory it provides the reply to the user from its said own memory instead of from the internet and it makes it unnecessary to wait for a reply from the ISP system.
For accessing with the ID information of the users permitted by the processor, the processor saves the ID information assigned to that user and access date and access time into the memory in the format required by the law.
The processor prevents a client (user) connected to itself from accessing one or more IP addresses or services in the internet. Moreover, the processor can also prevent all users from accessing the services desired to be prevented simulatenously.
In the router of the invention, the processor may define a user profile in the memory. The processor adjusts the internet access rate (bandwith management) for each user according to the profile.
The processor prioritizes the data depending on the size, type and/or protocol of the certain data packages and may make port based blocking. To perform ID verification, in a preferred embodiment of the invention, the internet router comprises a radius server. In another embodiment of the invention, the processor performs an ID verification by utilizing a remote radius server. The processor of the router transfers the records stored in its memory to the central log server of the ISP.
If there is a rule or data change in the NOC system, the router automatically performs data update.
In a preferred embodiment of the invention, the router comprises web based, telnet based, socket based programs and CLI based management tools.
The router can route internet received from satellite or fiber wire or XDSL wire or Wi-fi or Wi-max or radiolink or similar wireless technologies. The primary duty of the said connection methods is to connect the router of the invention to the internet main backbone.
Method (100) according to the router subject to the invention comprises the following steps;
- Opening the computer by the user ( ) (101),
- For the router (1) to be placed in a pre-determined building (B) or a region, to assign an IP to the user (K) independent from the network operating centre (NOC) belonging to the ISP (102),
- For the user (K) to open a web browser in order to connect to the internet (N) and for the user to write the address of the web page the user wishes to see inside the address bar on the browser (103),
- For the web page request, requested by the user (K) to be transmitted to the browser (1) (104), For the router (1) to save the web address requested into its memory, then to inspect if the user (K) making said request is a user whose identity has been verified and if the user is connected to the internet (105),
If the request is received from a user (K) who is connected to the internet and whose identification is verified for the router to decide if the IP address given to the user is a permanent IP address belonging to the user (K) and for the router to give passage permission to the user (K) (106),
For the router (1) to save the IP address, date and time information of the user
(K) in the format in compliance with the regulations of BTK (Institute of
Information Technologies and Communication), in it's own local memory
(107),
Following the permission given by the router (1) to the user (K), for the router to check the profile comprising the filtering characteristics of the user (K) such as the speed information and family filter information previously recorded into the memory and for the router to determine which filter rules will be processed (108),
For the router (1) to control if there is a DNS restriction for the web address requested by the user (K) in order to filter the request of the user (K) under the light of the profile information of the user (K), learned from its own memory, independent from the NOC (network operating centre) belonging to the ISP (109),
For the router to check the proxy server inside it if following the inspection for restriction, a restriction is not observed, and if there is a record in the server for said request for the router to direct the user (K) to the web address by using this record (110),
If following the inspection for restriction, a restriction is not observed, and if there is no record in the proxy server it contains for said request; for the router to direct the user (K) to the web address, the user (K) wants to reach, by taking this address information from the internet (N) (111),
For the user (K) to connect to the internet (N) when the web page, requested by the user (K) is opened in the web browser. (112), - If the router (1) faces a restriction, following the restriction inspection numbered 109; for the router (1) to direct the user (K) to a warning page
(113) ,
- If the step numbered (113) is carried out, for the router to direct the user (K) to a legal warning page on its browser, showing said page is legally prohibited
(114) ; and
- For the user to write a new web address on the new tab of the web browser
(115) .
In a preferred embodiment of the invention the ISP uses satellite internet as an internet source. In said embodiment, a slave router is placed in front of each satellite terminals, installed in order to provide internet access via satellite in said method defined for the router subject to the invention. The slave routers, are connected with the NOC system (Network Operating Centre) over the ISP and a master router which said system comprises. While the slave routers, carry out an identity verification via the AAA server inside the master router within the NOC system, at the same time the family filter and the access rules it has received will ve applied to the users who want to have access to the internet from the satellite. By means of the method subject to the invention, the access to the internet ends virtually in front of the satellite dish. In addition the router, keeps the log information that needs to be legally recorded for each client, then transfers these periodically to a main log server inside the main router. BTK (Institute of Information Technologies and Communication) and other inspection organizations, can have access to the main router within the NOC system in Turkey and make any changes necessary. Said changes carried out can be simultaneously transferred to all other slave routers in an embodiment of the present invention. In another embodiment of the present invention, the slave routers, can request data updating and can update themselves from the NOC system together with the internet access requests of the users, or at pre-determined certain intervals. By this means all new rules are applied to all of the users. The router subject to the invention and method thereof, provides the same kind of application of all the laws and regulations regarding internet access in our country to the internet access via satellite
Detailed description of the invention
The system used by the router in order to reach the aims of the invention has been shown in the attached figures wherein said figures illustrate the following;
FIGURE-1 Shows the schematic view of the central filtering system used in the prior art.
FIGURE -2 Shows the schematic view of the system which uses the router subject to the invention.
FIGURE -3 is a flow diagram which shows the operating steps of the router subject to the invention.
FIGURE -4 is a flow diagram showing the self update of the router subject to the invention.
The parts in the figures have each been given a number and the references of said numbers have been listed below.
1. Router
100. Method
K. User
N. Internet
B. Building
The router (1) according to the invention is used to control the internet (N) of a building (B) or area where there are a pre-determined number of users (K) present. A router (1) is placed at each of the buildings (B) or areas desired to be controlled. The router (1) is in communication with the NOC system. The router (1) controls the contents of the internet (N) which is provided by the internet service provider (ISP) via NOC system and distributes it to the building (B) or area defined in it by routing. Thus, the internet (N) management is performed not for all users (K) but for a private group of users (K) and for that group internet (N) contents and conditions are re-configured.
The router, during a user's (K) access to the internet, transforms the filtering procedures applied by the BTK (Information and Technology Organization) to an accessing service which the user (K) can control by him/herself within the pre- defined rules.
In the invention, a router (1) is placed to the input point of incoming internet (N) in each building (B) and the internet (N) is made to enter into the router (1) before entering into the building (B). The router (1) distributes the internet (N) to the users (K) by filtering in accordance with the predefined contents for each user (K) (Figure 2).
In an embodiment of the router (1) of the invention, the router distributes the terrestrial internet (N) to pre-defined user (K) groups. In said embodiment, the internet (N) is terminated at the modem/switch/routers (said modem is an equipment used for internal network safety of the ISPs) in the building through a terrestrial connection model such as fiber, xdsl or like.
The internet is transferred from the modem to the router (1) by being transformed to the Ethernet infrastructure according to ipv 4.0 and ipv 6.0 standards. The access requests from the user (K) are being filtered in the router (1) according the the pre-defined requirements of the BTK and the users (K) (called a family filter in Turkish laws and regulations) and then transferred to the user (K). The router (1) of the invention uses an operating system that contains open source code (such as DNS, SysLOG, Hotspot, Radius, SQL, LDAP, Linux, Proxy, iptables, TCP, UDP, HTTP, HTTPS, SSL, snmp, PPPoe, bgp, mpls, mips nslu nslu2 ppc openwrt x86 x64 st st40 i486 i586 1686) technologies and that works with processor architectures such as x86, ppc, mips, arm. Furthermore, it uses Dude management software, NagiOS management software, wi-fi, wi-maxi radiolink, fiber connection technologies.
The router (1) holds any kind of data passing through itself in its memory (11) for a certain amount of time for the users (K) to be able to access internet ( ) with a high performance. Thus, for the information kept on itself, there is no need for it ' to wait for a response from the NOC system of the internet (N) provider that manages the central system.
The router (1) of the invention comprises at least one memory, at least one processor and at least one server (not shown in the figures). One of the servers that said router ( 1 ) comprises is a proxy server.
The router (1) of the invention operates according to the following method (100) steps: - The user (K) turns on the computer (101),
- The router (1) located in a pre-determined building (B) or area assigns a temporary ip to the user (K) independent of the network operating center (NOC) that the ISP owns (102),
- The user (K) opens a web browser to enter the internet (N) and writes the address of the web page that he/she wants to browse into the address bar on the browser (103),
- The web page request demanded by the user (K) is transmitted to the router (104),
- Upon the received request, by writing the web address into its memory, the router (1) controls if the ID of the user (K) of the said request is verified and if he/she is a user (K) with an open session (105), - If the request is coming from a user (K) with a verified ID and with an open session, the IP address assigned to the user (K) is determined as the permanent IP address of the user (K) and the user (K) is given a passing permit by the router (1) (106),
- The router (1) saves the IP address, date and time information of the user (K) into its local memory in the format requested by BTK (107),
- After giving the user (K) a passing permit, the router (1) examines the profile which is saved into its memory beforehand that contains the filtering characteristics of the user (K) such as data rate and family filter and the router (1) learns which filter rules to be executed (108),
- The router (1) checks if there is a DNS limitation for the web address requested by the user (K) in order to filter the user's (K) request in the light of user (K) profile information learned from its own memory independent of the ISP's network operating center (NOC) (109),
- At the end of limitation check, if there is no limitation, the router controls the proxy server that it contains and if there is record in the server regarding to said request it routes the user (K) to the requested web address by using this record (110),
- At the end of limitation check if there is no limitation and after controlling the proxy server the router (1) contains if there is no record regarding to the said request in the server, it fetches the web address information that the user (K) wanted to access from internet (N) and routes the user (K) to the requested web addres (111),
- The web page requested by the user (K) is opened in the web browser and the user (K) is connected to the internet (N) (112),
- As a result of the limitation check in step 109, if the router (1) finds a limitation, the router (1) routes the user (K) to a legal blocking page (113),
- If the step (113) is performed, a legal warning page is opened in the user's (K) web browser (114),
- The user writes a new web address into the new web browser (115). In the said method (100), after the ID verification in step 105, if the router (1) decides that the ID of the user ( ) of the said request was not verified or the user (K) did not open a session, then it performs the following steps:
- It routes the user (K) to a "log on" page (201),
- The user (K) writes the subscription information that contains user name and password into the opened "log on" page and the router (1) checks the subscription state of the user (K) (202),
- If the user (K) is subscribed and if the entered subscription information is correct, the router (1) sends the user (K) a new EP setup and the method (100) returns to step 106 (203),
- If the user (K) has a subscription and the entered subscription information is not valid, then the router (1) routes the user (K) to a subscription control page where the user (K) can correct the information (204),
- After the user (K) is routed to a subscription control page where the user (K) can correct his/her information, if there is a problem with the subscription state of the user (K), the router (1) routes the user (K) to a web page where the user (K) can get a new subscription (205),
- After the verification of the subscription information in step 202, if the user ( ) does not have a subscription, the router (1) routes the user (K) to a web page where the user (K) can get a subscription (206).
The router (1) connects to the NOC (Network Operator Center) system in pre- defined intervals, receives the new rules that it has to apply to the users and updates the data if there is any. The router (1) also transmits the user logs stored in its memory to NOC system in pre-defined intervals.
The router (1) performs the updates which was defined to be executed in pre- defined intervals by using the ISP's NOC system by the following steps: - After the ISP receives internet from a foreign source and the user gets a subscription from the local ISP, the router (1) accesses the NOC system of the local ISP and fetches the AAA, log, filter and dns information recorded on the local ISP's NOC system in order to implement them to the users in its responsibility (301),
- The router (1) compares the filter information received from the NOC system and the IDs of the users in its responsibility, if there is a difference between the two records it updates the information stored on itself to comply with the records in the NOC system (302),
- When the user wants to connect to the internet, the router allows the user to access internet through the foreign country router depending on the ID data such as family filter and proxy, dns, AAA received from the NOC system (303),
- The router (1) logs the activities of the user that it permits to access internet in the network in accordance with the laws and transmits these data to a main log machine in NOC system via satellite (304).
By the router (1) and the method (100) according to the invention, if desired BTK can always accesses the filter, dns and log machine located in the ISP's NOC system via a tunnel assigned to it and can access the router (1) defined as slave in the said NOC system. In an embodiment of the invention, any kind of intervention and/or modification made on AAA, log, filter and dns systems in the NOC system is being transmitted to all routers (1) defined as slave in the NOC system realtime. When BTK informs ISP about new family filter decisions, ISP makes the required updates in the main proxy and dns on the master router system located in the NOC system. NOC system pairs up with all router (1) devices in a short time. Thus, the new filter rules become valid. By the method (100) of the invention, therefore any kind of request which is forbidden to access is blocked ip-based and dns-based and the internet traffic is practically terminated in Turkey. By the internet (N) router and internet (N) kontrol method (100) according to the invention, isolation of users (K) for security concerns is more accurately and simply performed through the router configuration which is distributed over user (K) groups.
By this invention, since each users subscription and ID verification is performed through the web pages requested from internet (N), the users (K) can not share internet (N) with more than one unauthorized users (K). The internet (N) router according to the invention radically changes the internet distribution architectures of the ISPs.
It is possible to develop many applications of the router (1) according to the invention and the internet control method (100) according to the router (1), the invention can not be limited by the examples described here and it is essentially as described in the claims.

Claims

A router (1) that comprises a DNS server; characterized in that it comprises a processor which responds to all DNS resolution requests of the users (K) that it serves, which opens and controls any kind of incoming data package, which stops access to contents not complying with the laws, which performs ID verification of each user that wants to access internet (N) on itself independent from the network operating center system (NOC) owned by the ISP, which routes any kind of request of the users (K) to ID verification page whose ID verification is not performed.
A router (1) according to Claim 1, in order to allow users to access internet (N) with high speed, characterized by a processor which keeps any kind of incoming data in an internal memory for a certain amount of time and which provides the respond to the user ( ) from its own memory instead of internet when the user (K) re-requests the information contained in the said memory and which makes it unnecessary to wait for a response from the ISP.
A router (1) according to any of the Claims 1 or 2, for all the users (K) with an access permission to access by their ID informations (authentification), characterized by a processor which records the ID information assigned to a specific user (K) and access date and access time information in a format requested by the law into the memory
A router (1) according to any of the previous claims, characterized by a processor which prevents a client (user) connected to the router (1) from accessing one or more IP addresses or services in the internet (N).
A router (1) according to any of the previous claims, characterized by a processor which simultaneously prevents all the users (K) from accessing the services which is desired to be blocked.
1
6. A router (1) according to any of the previous claims, characterized by a processor which can define user ( ) profiles in the memory and which adjusts the internet (N) data access rate (bandwith management) of each user (K) according to this profile.
7. A router (1) according to any of the previous claims, characterized by a processor which prioritize data depending on the size, type and/or protocol of the certain data packages.
8. A router (1) according to any of the previous claims, characterized by a processor which performs port based blocking.
9. A router (1) according to any of the previous claims, characterized by comprising a radius server.
10. A router (1) according to any of the Claims 1 to 8, characterized by a processor which performs ID verification by utilizing a remote Radius server. 11. A router (1) according to any of the previous claims, characterized by a processor which transmits the records stored in its memory to the central log server of the ISP.
12. A router (1) according to any of the previous claims, which comprises web based, telnet based, socket based programs and CLI based management tools.
13. A router (1) according to any of the previous claims, which routes internet ( ) received from the satellite. 14. A router (1) according to any of the Claims 1 to 12, which routes the terrestrial internet (N).
2
15. A router (1) according to any of the Claims 1 to 12, which routes the internet (N) received through a wireless technology.
16. A router (1) according to any of the previous claims, characterized in that it connects to the NOC (Network Operator Center) system at pre-defined time intervals, receives the new rules that should be applied to the users and updates the ones that should be updated.
17. A router (1) according to any of the previous claims, characterized in that it performs automatic data update if there is any rule or data change in the NOC system.
18. A router (1) according to any of the previous claims, which uses an operating system that comprises open source code DNS, SysLOG, Hotspot, Radius, SQL, LDAP, Linux, Proxy, iptables,TCP, UDP, HTTP, HTTPS, SSL,snmp ,PPPoe, bgp, mpls, mips nslu nslu2 ppc openwrt x86 x64 st st40 i486 i586 i686 technologies and that works by processor architectures such as x86, ppc, mips, arm; and characterized in that it uses Dude management software, NagiOS management software, wi-fi, wi-max, radiolink, fiber connection technologies.
19. A router (1) according to any of the previous claims, which performs updates by using the following steps: - After the ISP receives internet from a foreign source and the user gets a subscription from the local ISP, the router (1) accesses the NOC system of the local ISP and fetches the AAA, log, filter and dns information recorded on the local ISP's NOC system in order to implement them to the users in its responsibility (301),
- It compares the filter information received from the NOC system and the IDs of the users in its responsibility, if there is a difference between the two
3 records it updates the information stored on itself to comply with the records in the NOC system (302),
- When the user wants to connect to the internet, it allows the user to access internet through the foreign country router depending on the ID data such as family filter and proxy, dns, AAA received from the NOC system (303),
- It logs the activities of the user that it permits to access internet in the network in accordance with the laws and transmits these data to a main log machine in NOC system via satellite (304). 20. Method (100) according to the router subject to the invention characterized in that it comprises the following steps;
- The user (K) turns on the computer (101),
- The router (1) located in a pre-determined building (B) or area assigns a temporary ip to the user (K) independent of the network operating center (NOC) that the ISP owns (102),
- The user (K) opens a web browser to enter the internet (N) and writes the address of the web page that he/she wants to browse into the address bar on the browser (103),
- The web page request demanded by the user (K) is transmitted to the router (104),
- Upon the received request, by writing the web address into its memory, the router (1) controls if the ID of the user (K) of the said request is verified and if he/she is a user (K) with an open session (105),
- If the request is coming from a user (K) with a verified ID and with an open session, the IP address assigned to the user (K) is determined as the permanent
IP address of the user (K) and the user (K) is given a passing permit by the router (1) (106),
- The router (1) saves the IP address, date and time information of the user (K) into its local memory in the format requested by BTK (107),
- After giving the user (K) a passing permit, the router (1) examines the profile which is saved into its memory beforehand that contains the filtering
4 characteristics of the user ( ) such as data rate and family filter and the router (1) learns which filter rules to be executed (108),
- The router (1) checks if there is a DNS limitation for the web address requested by the user (K) in order to filter the user's (K) request in the light of user (K) profile information learned from its own memory independent of the ISP's network operating center (NOC) (109),
- At the end of limitation check, if there is no limitation, the router controls the proxy server that it contains and if there is record in the server regarding to said request it routes the user (K) to the requested web address by using this record (110),
- At the end of limitation check if there is no limitation and after controlling the proxy server the router (1) contains if there is no record regarding to the said request in the server, it fetches the web address information that the user ( ) wanted to access from internet (N) and routes the user (K) to the requested web addres (111),
- The web page requested by the user (K) is opened in the web browser and the user (K) is connected to the internet (N) (112),
- As a result of the limitation check in step 109, if the router (1) finds a limitation, the router (1) routes the user (K) to a legal blocking page (113), - If the step (113) is performed, a legal warning page is opened in the user's (K) web browser (114),
- The user writes a new web address into the new web browser (115).
21. After the ID verification control in the step 105 of the method (100) according to Claim 20, if the router (1) decides that the ID of the user (K) of said request was not verified or the user (K) did not open a session, a method (100) characterized by performing the following steps:
It routes the user (K) to a "log on" page (201),
5 The user (K) writes the subscription information that contains user name and password into the opened "log on" page and the router (1) checks the subscription state of the user (K) (202),
If the user (K) is subscribed and if the entered subscription information is correct, the router (1) sends the user (K) a new IP setup and the method (100) returns to step 106 (203),
If the user (K) has a subscription and the entered subscription information is not valid, then the router (1) routes the user (K) to a subscription control page where the user (K) can correct the information (204),
After the user (K) is routed to a subscription control page where the user (K) can correct his/her information, if there is a problem with the subscription state of the user (K), the router (1) routes the user (K) to a web page where the user (K) can get a new subscription (205),
After the verification of the subscription information in step 202, if the user (K) does not have a subscription, the router (1) routes the user (K) to a web page where the user (K) can get a subscription (206).
6
PCT/TR2013/000144 2012-05-30 2013-05-17 An internet router and an internet control method for said router WO2013180673A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR201206367 2012-05-30
TR2012/06367 2012-05-30

Publications (1)

Publication Number Publication Date
WO2013180673A1 true WO2013180673A1 (en) 2013-12-05

Family

ID=48803589

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2013/000144 WO2013180673A1 (en) 2012-05-30 2013-05-17 An internet router and an internet control method for said router

Country Status (1)

Country Link
WO (1) WO2013180673A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10992678B1 (en) 2015-09-15 2021-04-27 Sean Gilman Internet access control and reporting system and method
CN113613274A (en) * 2021-09-01 2021-11-05 四川九州电子科技股份有限公司 Intelligent access configuration method based on Mesh networking
CN114006759A (en) * 2021-10-29 2022-02-01 中国联合网络通信集团有限公司 Network access method, network connection device and readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6393484B1 (en) * 1999-04-12 2002-05-21 International Business Machines Corp. System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks
US20050102529A1 (en) * 2002-10-21 2005-05-12 Buddhikot Milind M. Mobility access gateway
US7093020B1 (en) * 2000-06-29 2006-08-15 Sungard Sct Inc. Methods and systems for coordinating sessions on one or more systems
WO2008112692A2 (en) * 2007-03-12 2008-09-18 Citrix Systems, Inc. Systems and methods of providing proxy-based quality of service
WO2009132700A1 (en) * 2008-04-29 2009-11-05 Telefonaktiebolaget L M Ericsson (Publ) Improved intrusion detection and notification
US20100332615A1 (en) * 1998-12-08 2010-12-30 Nomadix, Inc. Systems and methods for providing content and services on a network system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100332615A1 (en) * 1998-12-08 2010-12-30 Nomadix, Inc. Systems and methods for providing content and services on a network system
US6393484B1 (en) * 1999-04-12 2002-05-21 International Business Machines Corp. System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks
US7093020B1 (en) * 2000-06-29 2006-08-15 Sungard Sct Inc. Methods and systems for coordinating sessions on one or more systems
US20050102529A1 (en) * 2002-10-21 2005-05-12 Buddhikot Milind M. Mobility access gateway
WO2008112692A2 (en) * 2007-03-12 2008-09-18 Citrix Systems, Inc. Systems and methods of providing proxy-based quality of service
WO2009132700A1 (en) * 2008-04-29 2009-11-05 Telefonaktiebolaget L M Ericsson (Publ) Improved intrusion detection and notification

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10992678B1 (en) 2015-09-15 2021-04-27 Sean Gilman Internet access control and reporting system and method
CN113613274A (en) * 2021-09-01 2021-11-05 四川九州电子科技股份有限公司 Intelligent access configuration method based on Mesh networking
CN113613274B (en) * 2021-09-01 2023-08-18 四川九州电子科技股份有限公司 Intelligent access configuration method based on Mesh networking
CN114006759A (en) * 2021-10-29 2022-02-01 中国联合网络通信集团有限公司 Network access method, network connection device and readable storage medium
CN114006759B (en) * 2021-10-29 2023-08-15 中国联合网络通信集团有限公司 Network access method, network connection device, and readable storage medium

Similar Documents

Publication Publication Date Title
US11539669B2 (en) Inspection of network packet traffic for policy control
US8341317B2 (en) Systems and methods for managing a network
USRE46459E1 (en) User specific automatic data redirection system
US9231911B2 (en) Per-user firewall
EP3105902B1 (en) Methods, apparatus and systems for processing service requests
US10601777B2 (en) Data inspection system and method
US11949661B2 (en) Systems and methods for selecting application connectors through a cloud-based system for private application access
US11936623B2 (en) Systems and methods for utilizing sub-clouds in a cloud-based system for private application access
US20210377223A1 (en) Client to Client and Server to Client communication for private application access through a cloud-based system
WO2013180673A1 (en) An internet router and an internet control method for said router
WO2020029793A1 (en) Internet access behavior management system, device and method
US20030204744A1 (en) Network access control
JP2005217757A (en) Firewall management system, firewall management method, and firewall management program
Cisco Controlling Network Access and Use
Cisco Controlling Network Access and Use
Cisco Managing Network Access and Use
CN109347822A (en) A kind of user accesses the reminding method and device of unauthorized resource
Alassouli Configuration of Microsoft ISA Proxy Server and Linux Squid Proxy Server
KR200354505Y1 (en) Apparatus for isolating and relaying with integration function
Tripunitara et al. Connectivity provisioning with security attributes
JP2016046625A (en) Communication relay device, information processing method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13739298

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13739298

Country of ref document: EP

Kind code of ref document: A1