Description

SYSTEM AND METHOD FOR BLOCKING THE CONNECTION

TO THE HARMFUL INFORMATION IN A INTERNET

SERVICE PROVIDER NETWORK

Technical Field

[1] The present invention relates to a system and method for blocking connection to harmful information in an Internet service provider (ISP) network, which prevents a subscriber computer from accessing harmful information through the URL of a harmful site by means of an HTTP protocol according to a request of the subscriber, or from accessing harmful information provided through file sharing service (such as P2P, web hard, etc.) or through dedicated applications (such as messenger, etc.). More particularly, the present invention relates to a system and method for blocking connection to harmful information in the ISP network, with a concept that a specified traffic with harmful information, which is included in traffic of a harmful-information-blocking-service subscriber, is blocked by using a harmful-in- formation-blocking-system point-of-presence (PoP) selectively-allocated from among the multiple harmful-information-blocking-system PoPs of the ISP. Background Art

[2] Currently, there are too many pieces of harmful information on the Internet. Such too many pieces of harmful information are widely distributed not only on specific web sites such as porno sites but also through file sharing means, such as P2P, web hard, messenger, etc., so that an environment in which even teenagers can easily access the harmful information is being formed.

[3] In order to solve such a problem, until now, various methods and apparatus for preventing the computer of a specific user from accessing various kinds of harmful information which exists on the Internet have been proposed. However, most of the solutions have limitations in that a solution has many limitations in its own function, or that adopting a solution causes a different problem.

[4] Currently-used harmful information blocking schemes may be roughly classified into the following three schemes: A first scheme is a client scheme in which software capable of performing a harmful information blocking function is installed in a client PC of the user. A second scheme is a blocking server scheme in which a server for blocking harmful information is installed on the LAN in a school, company or association. A third scheme is a scheme in which the first and second schemes are combined. According to the third scheme, a proxy function is established by software in a subscriber computer, and a proxy -based blocking server is installed in a subscriber

LAN or public network, so that the subscriber computer cannot access the Internet without passing through the blocking server with a harmful information blocking function, thereby blocking connection to the harmful information.

[5] The first scheme, which is generally used for home PCs, causes basic inconvenience in that blocking software must be installed in the subscriber PC so as to restrict teenagers from accessing harmful information, such as harmful sites, P2P, web hard, etc., through the Internet. Also, the first scheme is dependent upon the PC operating system (OS) and the web browser environment, and has a defect in that, since a desired blocking operation is not performed if the blocking software installed in the subscriber PC is deleted, it is necessary for parents to continuously manage the blocking software at home.

[6] The second scheme requires a server manager to manage the harmful information blocking server generally in a school or association, so that it has defects in that much time and cost are wasted, and a separate manager in charge of the blocking server is required.

[7] The third scheme requires that a procedure of changing the setting of a subscriber

PC is first performed by setting a proxy function in the subscriber PC, so as to perform a normal operation. According to the third scheme, as the number of subscribers increases, greater load is imposed on the blocking server, thereby delaying a packet processing, so that the data rate of the Internet is severely reduced. Therefore, the third scheme is not suitable for accommodating a large number of subscribers. In addition, similar to the first scheme, the third scheme has a defect in that it is impossible to provide the harmful information blocking function if corresponding software is deleted from the subscriber PC or if the proxy setting is changed.

[8] Meanwhile, in addition, as solutions for blocking harmful sites, there are a caching scheme of blocking the harmful sites in a cache server, and a router filtering scheme of specifying an IP filter list for the harmful sites to be blocked in an Internet gateway device and blocking the harmful sites. However, such schemes have problems in that they have a low success rate and instability, and reduce the data rate of the Internet. In order to solve the problems in the prior art, a network blocking scheme of providing harmful site blocking service to subscribers through the central control by an Internet service provider (ISP) has been introduced. According to the network blocking scheme, a harmful-information-blocking-system PoP is installed in an ISP network, and when a user attempts to access a harmful site, the request packet of the user is compared with a harmful site DB, thereby blocking connection to the harmful site. Such a network blocking scheme has advantages in that a blocking success rate is high, it is impossible for the user to evade harmful information blocking through a method of deleting software at will, it is unnecessary for a client (e.g., a school or company) to

employ a separate manager, the Internet speed is not reduced, it is possible to update a harmful site DB in real-time, the blocking stability is excellent, and a rerouting function is provided. Therefore, the network blocking scheme may be regarded as a considerably effective solution.

[9] However, according to the first model of the network blocking scheme, as shown in

FIG. 1, traffic is routed through a Layer 4 (L4) switch 30 included in a blocking system. Then, very high speed traffic is input to the L4 switch 30 within the blocking system, without distinction of a harmful information connection blocking service subscriber 20 and an unsubscriber 10. Next, after traffic of the service subscriber 20 and traffic of the service unsubscriber 10 are distinguished from each other, the traffic of the unsubscriber 10 is transmitted directly to the Internet, and the traffic of the service subscriber 20 is applied to blocking servers 40a and 40b according to rules established in the L4 switch 30, are filtered, and then is transmitted to the Internet. Accordingly, since the overall traffic is applied to the L4 switch 30, without distinction of the service subscriber 20 for the blocking service and service unsubscriber 10, a large load is imposed on the L4 switch, thereby causing a problem of generating a failure in the L4 switch 30.

[10] In order to solve the problem of the first model and to further increase the stability of the ISP network, a system (see Korea Patent Registration No 10-0478899 Bl filed by the inventor) as shown in FIG. 2 has been proposed. The system, which has been proposed to prevent a failure occurring in a blocking system 80 from exerting an effect upon Internet access service for traffic of a unsubscriber 10, is configured such that traffic of a subscriber 10 joining in the harmful information blocking service is separated from an access network and processed by a separately-constructed harmful information blocking system 80 (including 81 and 82), which can be easily operated and managed because of being independent of existing networks 50, 60 and 70. To this end, it has been proposed to apply a tunneling protocol technology (e.g., a scheme using an L2TP tunnel as shown in FIG. 2) and a packet mirroring technology in addition to the above configuration.

[11] In detail, according to the conventional system shown in FIG. 2, an ISP provides

Internet service to the subscriber through various access networks, such as xDSL, Cable, wireless Internet, ISDN, a private line, etc. An Internet service subscriber receiving Internet service can be provided with harmful information blocking service only through subscription for the harmful information blocking service additionally- provided by the ISP, without changing any setting in his/her own PC. When the subscriber joins in the harmful information blocking service, the ISP inputs information (e.g., an MAC address or ID/password) of the harmful-in- formation-blocking-service subscriber into a subscriber control device. Then, when the

haraiful-inforaiation-blocking-service subscriber accesses the Internet or transmits a packet so as to use the Internet, the subscriber control device distinguishes and separately transmits traffic of the subscriber 20 and traffic of the unsubscriber 10 through different routes. For example, a tunneling protocol, such as a Layer 2 Tunneling protocol (L2TP) shown in FIG. 2, may be used to separate traffic of the harmful-information-blocking-service subscriber from traffic of a harmful-information-blocking-service unsubscriber and to transmit the traffic of the harmful- information-blocking-service subscriber to the harmful-information-blocking-system PoP 80. Herein, according to the configuration of an ISP, a policy-based routing (PBR) technology in place of the tunneling protocol may be used to separately transmit traffic of the harmful-information-blocking-service subscriber and traffic of the harmful- information-blocking-service unsubscriber.

[12] The harmful-information-blocking-system PoP 80, having received the traffic of the harmful- information-blocking-service subscriber 20 in the form of packets, performs a packet mirroring operation, and analyzes the mirrored packet of the harmful-in- formation-blocking-service subscriber by comparing the mirrored packet with a harmful information DB updated in real-time by a harmful-information-control-list-DB server. Then, if the corresponding packet requests harmful information, the harmful- information-blocking-system PoP 80 transmits a blocking message to the terminal of the harmful-information-blocking-service subscriber, and transmits a connection closing message to a server providing harmful information which the harmful-in- formation-blocking-service subscriber attempts to access, thereby preventing download traffic including harmful information from being transmitted to the harmful-i nformation-blocking-service subscriber. Herein, it should be clearly understood that, when it is determined that the packet corresponds to a normal packet, the packet received in the mirroring scheme is discarded, so that even the harmful-in- formation-blocking-service subscriber can normally access the Internet.

[13] However, even in the system shown in FIG. 2, as the number of harmful-information-blocking-service subscribers increases, traffic concentrated on the harmful- information-blocking-system PoP increases to cause a bottleneck phenomenon, thereby decreasing the Internet speed for the harmful-information-blocking-service subscriber. Also, such a conventional system has a difficulty in the construction thereof because the harmful-information-blocking-system PoP must be installed over all the area.

[14] Furthermore, the conventional system has various problems, for example, when a failure occurs in the single blocking system PoP or when the ISP network is unstable, the harmful-information-blocking-service subscriber cannot be provided with even the basic Internet service because there is no failure recovery method. On the other hand, the harmful information blocking service provided to the Internet service subscriber is

only a supplementary service which is provided in addition to the basic Internet service provided by the ISP to the subscriber, and accordingly, it is most important that basic Internet service is smoothly provided to the harmful-information-blocking-service subscriber regardless of the supplementary service, however, under the conventional system, if a failure in a system related to the supplementary service such as the harmful information blocking service occurs, the Internet speed becomes lower or an access to the Internet becomes impossible, thereby exerting a bad effect upon basic Internet service and incurring a serious harmful effect. Disclosure of Invention Technical Problem

[15] Accordingly, the present invention has been made to solve the above-mentioned problems occurring in the prior art, and the present invention provides a system and method for blocking connection to harmful information, which includes multiple harmful-information-blocking-system PoPs so that a subscriber can normally be provided with the basic Internet service and harmful information blocking service even when a harmful-information-blocking-system PoP fails. Also, the present invention provides a system and method for blocking connection to harmful information, which appropriately distributes traffic to a plurality of harmful-information-blocking-system PoPs so as to prevent excessive traffic from being concentrated on a specific harmful- information-blocking-system PoP and to reduce the possibility of occurrence of a bottleneck phenomenon, so that service can be smoothly provided without reduction of the Internet speed even as the number of harmful- information-blocking-service subscribers increases. In addition, the present invention provides a system and method for blocking connection to harmful information, which detects a failure occurring in a harmful-information-blocking-system PoP and enables another harmful-information-blocking-system PoP to be used until the failure is recovered, thereby improving the reliability of the entire system. Technical Solution

[16] In accordance with an aspect of the present invention, there is provided a system which includes devices providing a function of blocking connection to harmful information in an Internet service provider (ISP) network, the system including:

[17] a plurality of harmful- information-blocking-system PoPs that are located on the backbone of the ISP;

[18] a harmful-information-control-list-DB server for transmitting a control list DB of blocking-targeted harmful information to the plurality of harmful-in- formation-blocking-system PoPs in real-time;

[19] a subscriber control device comprising a subscriber-traffic-separation/transmission

controller which performs a control operation such that traffic of a harmful-information-blocking-service subscriber is separated from other traffic and is transmitted to one harmful-information-blocking-system PoP selected among the plurality of harmful- information-blocking-system PoPs; and

[20] a harmful-information-blocking-system-PoP monitoring device for monitoring current states of the harmful-information-blocking-system PoPs, checking whether or not each harmful-information-blocking-system PoP is normally operated, and transmitting a result of the checking to the subscriber control device, wherein:

[21] the plurality of harmful-information-blocking-system PoPs collect the harmful- information-blocking-service subscriber's traffic separated by the subscriber control device through a packet mirroring device, analyze the collected traffic by comparing the collected traffic with harmful information DB updated by the harmful-in- formation-control-list-DB server in real-time or by periods, determine if a request packet of the service subscriber includes a request for connection to the harmful information, such as a harmful site, P2P, web hard, etc., and block connection to the harmful information when it is determined that the request packet of the service subscriber includes the request for connection to the harmful information; and

[22] the subscriber-traffic-separation/transmission controller of the subscriber control device is configured to determine one harmful-information-blocking-system PoP based on the state information of the plurality of harmful-information-blocking-system PoPs, which has been received from the harmful-information-blocking-system-PoP monitoring device, and to transmit the traffic of the harmful-in- formation-blocking-service subscriber to the determined harmful-in- formation-blocking-system PoP.

[23] In accordance with another aspect of the present invention, there is provided a method for blocking connection to harmful information in an Internet service provider (ISP) network, the method including:

[24] a subscriber-information registering step, in which, when a subscriber requests an

ISP to accept joining for harmful information blocking service through on-line or offline, information about the harmful-information-blocking-service joining of the subscriber is registered in a subscriber control device;

[25] a harmful-information-blocking-system-PoP-monitoring-informati on transmitting step, in which a harmful information blocking system monitoring device, which monitors current states of a plurality of harmful-information-blocking-system PoPs, checks location information and state information of each harmful-information-blocking-system PoP, and then transmits a result of the checking to the subscriber control device;

[26] a harmful-information-blocking-system-PoP determining step, in which, after

receiving the location information of the harmful-information-blocking-system PoPs and state information about the current states of the harmful- information-blocking-system PoPs, the subscriber control device selects and determines one harmful-information-blocking-system PoP from among the plurality of harmful- information-blocking-system PoPs;

[27] a harmful-information-blocking-service-subscriber-traffic separating/ transmitting step, in which, when the subscriber accesses the Internet or transmits a packet, the subscriber control device identifies whether or not the subscriber corresponds to a harmful-information-blocking-service subscriber, separates traffic of the harmful- information-blocking-service subscriber from traffic of unsubscribers by means of a tunneling protocol or one routing technology selected from the routing technology group consisting of a policy-based routing (PBR) technology, etc., and then transmits the subscriber traffic to a harmful-information-blocking-system PoP determined in the harmful-information-blocking-system-PoP determining step;

[28] a harmful-information-blocking-service-subscriber-packet analyzing step, in which the subscriber traffic, which has been separated and concentrated on a predetermined harmful-information-blocking-system PoP by the subscriber control device in the harmful-information-blocking-service-subscriber-traffic separating/transmitting step, is mirrored by a packet mirroring device, the mirrored packet is analyzed and compared with harmful information DB updated in real-time by a harmful-information-control- list-DB server, and it is determined if the subscriber packet requests harmful information; and

[29] a harmful-information blocking step, in which, when it is determined that the packet of the service subscriber requests harmful information in the harmful-information-blocking-service-subscriber-packet analyzing step, a blocking message is transmitted to the service subscriber terminal, and a connection closing message is transmitted to a server which the service subscriber has attempted to access, and in contrast, when it is determined that the packet of the service subscriber corresponds to a normal packet which does not request harmful information, the mirrored packet is discarded so that it is possible to normally use the Internet.

[30] Herein, the method may further includes a basic-internet-connection maintaining step, which allows the subscriber control device to change a traffic route such that the traffic of the harmful-information-blocking-service subscriber is transmitted to the Internet via a traffic route of an unsubscriber, when one harmful- information-blocking-system PoP has not been determined in the harmful-in- formation-blocking-system-PoP determining step.

Advantageous Effects

[31] According to the present invention as described above, only by joining of a subscriber in the ISP, it is possible to efficiently prevent a harmful-information-blocking-service subscriber from accessing harmful information, such as accessing to a harmful site by the subscriber or accessing to a harmful file through P2P or a web hard, in a network blocking scheme, even without any change in a subscriber terminal (e.g., PC, PDA, etc.). Also, according to the present invention, a plurality of harmful-information-blocking-system PoPs are disposed on the ISP backbone, monitored and efficiently operated, so that it is possible to stably provide the harmful information blocking service although the number of harmful-information-blocking-service subscribers increases. Further, according to the present invention, even when a failure occurs in the multiple harmful-in- formation-blocking-system PoPs, the basic Internet service for the harmful-in- formation-blocking-service subscriber is not influenced at all by such a failure. Also, according to the present invention, through duplexing of a blocking device itself such as a packet filtering device, it is possible to more stably provide the harmful information blocking service. In addition, according to the present invention, from the viewpoint of the ISP, since the ISP manages subscribers through central control, it is possible to significantly reduce the work force, time and cost for the provision of the harmful information blocking service. Brief Description of the Drawings

[32] FIG. 1 is a block diagram illustrating the configuration of a conventional system of providing harmful information blocking service, in which both traffic of a service subscriber and traffic of an unsubscriber are processed by an L4 switch in an ISP network;

[33] FIG. 2 is a block diagram illustrating the configuration of a conventional system which provides harmful information blocking service by separating traffic of a service subscriber from traffic of service unsubscribers;

[34] FIG. 3 is a block diagram illustrating the entire configuration of a harmful-in- formation-connection-blocking system in the ISP network according to an embodiment of the present invention;

[35] FIG. 4 is a detailed block diagram illustrating the configuration of a subscriber control device within the harmful-information-connection-blocking system in the ISP network according to an embodiment of the present invention;

[36] FIG. 5 is a detailed block diagram illustrating the configuration of a harmful-in- formation-blocking-system PoP within the harmful-information-connection-blocking system in the ISP network according to an embodiment of the present invention;

[37] FIG. 6 is a block diagram illustrating the entire configuration of a harmful-in-

formation-connection-blocking system in the ISP network according to another embodiment of the present invention;

[38] FIG. 7 is a flowchart illustrating the procedure of a harmful-information-connection-blocking method in the ISP network according to an embodiment of the present invention; and

[39] FIG. 8 is a flowchart illustrating the procedure of a harmful-information-connection-blocking method in the ISP network according to another embodiment of the present invention. Mode for the Invention

[40] Hereinafter, an exemplary embodiment of the present invention will be described with reference to the accompanying drawings. In the following description and drawings, the same reference numerals are used to designate the same or similar components, and so repetition of the description on the same or similar components will be omitted.

[41] Hereinafter, the system and method for blocking connection to harmful information in an Internet service provider (ISP) network according to exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

[42] The system for blocking connection harmful information in the ISP network according to exemplary embodiments of the present invention will now be described with reference to FIGs. 3 to 6.

[43] As shown in FIG. 3, the harmful information connection blocking system according to an embodiment of the present invention includes: a plurality of harmful-information-blocking-system PoPs 400 (i.e., harmful-information-blocking-system PoP #1 400a, #2 400b, ... , #N 400c); a harmful-information-control-list-DB server 200 for transmitting a control list of blocking-targeted harmful information to the plurality of harmful-information-blocking-system PoPs in real-time; a subscriber control device 300; and a harmful-information-blocking-system-PoP monitoring device 500 in the ISP network, which transmits traffic of an Internet service subscriber to the Internet through a subscriber access network including a subscriber access device. In detail, the subscriber control device 300 includes, as shown in FIG. 4, a subscriber- traffic-separation/transmission controller 320, which performs a control operation such that traffic of the harmful-information-blocking-service subscriber is separated from the overall traffic and is transmitted to one harmful-information-blocking-system PoP selected among the harmful-information-blocking-system PoPs. The harmful-information-blocking-system PoPs 400 (including 400a, 400b and 400c) are located on the backbone of the ISP; collect traffic of the harmful-information-blocking-service

subscriber, which has been separated by the subscriber control device 300, through a packet mirroring device; analyze the collected traffic by comparing the traffic with harmful information DB updated by the harmful-information-control-list-DB server 200 in real-time or by periods, and determine if a request packet of the service subscriber includes a request for connection to harmful information; and block connection to the harmful information when it is determined that the request packet of the service subscriber includes the request for connection to the harmful information.

[44] Herein, the subscriber control device 300 may further include a separate authentication server 310 for taking charge of an authentication function that enables the ISP to determine if a subscriber joins in the harmful information blocking service. Meanwhile, depending on Internet connection methods (e.g., ADSL, VDSL, LAN- based, HFC, etc.) provided to the subscriber from the ISP, various methods may be selectively used to separate traffic of the harmful-information-blocking-service subscriber from the overall traffic. Therefore, the subscriber-traffic-separation/ transmission controller 320, which takes charge of separating traffic of the harmful- information-blocking-service subscriber from the overall traffic, may be incorporated into the subscriber access network 100, differently from the configuration shown in FIG. 4. In this case, the subscriber-traffic-separation/transmission controller 320 may be configured separately from the subscriber access device 110 in the subscriber access network 100, or according to another embodiment of the present invention, may be incorporated into the subscriber access device 110, as shown in FIG. 6. Also, except for the authentication server 310, the other portion of the subscriber control device 300, that is, the subscriber-traffic-separation/transmission controller 320 including a harmful-information-blocking-system-PoP determination unit 320A, may be incorporated into the subscriber access network 100, as shown in FIG. 6.

[45] In addition, the harmful-information-blocking-system-PoP monitoring device 500 monitors the current states of the harmful-information-blocking-system PoPs so as to check state information, e.g., whether or not each harmful-information-blocking-system PoP is normally operated, and transmits a result of the checking to the subscriber control device 300.

[46] The subscriber-traffic-separation/transmission controller 320 of the subscriber control device 300 includes, as shown in FIGs. 4 and 6, the harmful-in- formation-blocking-system-PoP determination unit 320A for determining one harmful- information-blocking-system PoP based on the state information of the plurality of harmful-information-blocking-system PoPs 400 (including 400a, 400b and 400c), which has been received from the harmful-information-blocking-system-PoP monitoring device 500. In addition, preferably, the harmful-information-blocking-system- PoP determination unit 320A includes: a database for

preserving location and state information of each harmful- information-blocking-system PoP on the basis of the state information of the harmful- information-blocking-system PoPs, which has been received from the harmful-in- formation-blocking-system-PoP monitoring device 500; and a load sharing algorithm for selecting one harmful-information-blocking-system PoP by using the location and state information for each PoP, which has been preserved in the database, whenever the harmful-information-blocking-service subscriber accesses the Internet or transmits a packet. Then, the harmful-information-blocking-system-PoP determination unit 320A determines one harmful-information-blocking-system PoP based on the state information of the plurality of harmful-information-blocking-system PoPs 400 (including 400a, 400b and 400c), which has been received from the harmful-in- formation-blocking-system-PoP monitoring device 500, and traffic of the harmful- information-blocking-service subscriber 20 is transmitted from the subscriber access device 110 (e.g., a subscriber access server) to the determined harmful-in- formation-blocking-system PoP.

[47] Each of the harmful-information-blocking-system PoPs 400 includes: a subscriber connection device 410 for receiving and processing traffic of the harmful- information-blocking-service subscriber when the subscriber access device 110 transmits the traffic by means of tunneling, policy-based routing (PBR), etc.; and a harmful information blocking device 420 for determining if traffic of the harmful-in- formation-blocking-service subscriber approaches harmful information, in which, as shown in the accompanying drawings, a subscriber connection tunneling end device may be configured as one PoP, or a plurality of subscriber connection devices may be combined to configure one PoP.

[48] Herein, more preferably, the harmful information blocking device 420 includes: as shown in FIG. 5, a packet mirroring device 421 for performing a packet mirroring operation with respect to traffic of the harmful-information-blocking-service subscriber, which has been transmitted to the subscriber connection device 410, while the traffic is being transmitted to the ISP backbone; a packet filtering device 422 and 423 which includes at least two packet filtering switches so as to filter the packets mirrored by the packet mirroring device 421; and a packet filtering switch monitoring device 425 for separately determining the packet filtering switches to one active switch 422 and the remaining standby switch(es) 423.

[49] The subscriber control device 300, which is included in the harmful information connection blocking system according to the characteristics of the present invention, preserves DB about the location information and current system state of each harmful- information-blocking-system PoP 400a, 400b, ...., 400c, by using the state information of the harmful-information-blocking-system PoP 400 which has been received from

the harmful-information-blocking-system-PoP monitoring device 500. The location information of the harmful-information-blocking-system PoP 400a, 400b, .... , 400c may be expressed by a representative IP address of the blocking system PoP, and the current system state may include detailed information about PoPs, such as the amount of access by subscribers (capacity), the amount of traffic which can be processed (capacity), packet processing delay time (Packet Latency), and information about whether the system malfunctions or not, according to each PoP. The subscriber control device 300 determines the optimal harmful-information-blocking-system PoP based on the load sharing algorithm implemented therein by using the state information of the PoPs whenever a subscriber accesses the Internet or transmits a packet, and notifies the subscriber access network 100 including the subscriber access device 110 of the determined harmful-information-blocking-system PoP so as to appropriately distribute and allocate traffic of the harmful-information-blocking-service subscriber 20 to the harmful- information-blocking-system PoPs.

[50] The load sharing algorithm may be implemented such that one harmful-information-blocking-system PoP is selected based on parameters, which include a distance (e.g., Hop Count) in the network and a network state on the route between the harmful-information-blocking-service subscriber and each harmful-information-blocking-system PoP, and the current subscriber and traffic capacities, and then one harmful-information-blocking-system PoP is established manually by a manager.

[51] When there is no more serviceable PoP due to an excess of subscriber capacity in every harmful-information-blocking-system PoPs or due to a system failure, the subscriber control device 300 does not separate the traffic routes for the subscriber and unsubscriber any more, and performs a setting operation so that a basic Internet route can be used for the harmful-information-blocking-service subscriber, as for un- subscribers, thereby exerting no effect on the basic Internet service for the subscriber.

[52] Meanwhile, according to an embodiment of the present invention, the subscriber control device 300 may be configured in such a manner that the subscriber control device 300 is separated from the subscriber access network 100 and is included in an existing ISP subscriber authentication system, as shown in FIG. 3. According to another embodiment of the present invention, as shown in FIG. 6, the subscriber control device 300 may be incorporated into the subscriber access network 100 in the form of the subscriber-traffic-separation/transmission controller 320 including the harmful-information-blocking-system-PoP determination unit 320A. In this case, the subscriber control device 300 may be implemented as a PBR function or the like according to circumstances. Also, various schemes may be used to determine the optimal harmful-information-blocking-system PoP, as described below. There are a

Round Robin scheme which allocates serviceable PoPs one by one from among the harmful-information-blocking-system-PoP-list DB, a Least Connection scheme which transmits a corresponding traffic to a specific PoP including the least number of currently accessed subscribers or the least traffic amount, and a Weight scheme which gives different weights depending on the harmful-information-blocking-system PoPs so that a specific harmful-information-blocking-system PoP can accommodate relatively more subscriber access. Preferably, the present invention is implemented such that the algorithms (i.e., the schemes) can be selected and changed depending on the setting of a manager.

[53] Also, the harmful-information-blocking-system-PoP monitoring device 500 monitors each harmful-information-blocking-system PoP by means of various parameters in real-time so as to check whether or not each PoP is normally operated. The parameters used for monitoring the harmful-information-blocking-system PoPs may include a plurality of variables, such as information about whether or not each device included in the harmful information blocking system is normally operated, subscriber and traffic capacities of each corresponding PoP (e.g., a ratio of the current capacity to the maximum accommodation capacity), a subscriber packet processing delay time (Packet Latency), and a policy manually set by a manager. The harmful- information-blocking-system-PoP monitoring device 500 transmits such measured information to the subscriber control device 300 in real-time so that the subscribe r- traffic-separation/transmission controller 320 can use the information in selecting the optimal harmful-information-blocking-system PoP suitable for accommodation of subscriber traffic. Also, a manager may change the optimal harmful-information-blocking-system PoP by modifying such parameters. When the harmful- information-blocking-system-PoP monitoring device 500 determines that a harmful- information-blocking-system PoP cannot accommodate subscribers any more due to an excess of subscriber capacity or a system failure while monitoring the PoP, the harmful-information-blocking-system-PoP monitoring device 500 transmits information about the failure of the PoP to the subscriber control device 300 in real-time so that traffic of the harmful-information-blocking-service subscriber can be prevented from being transmitted to the corresponding PoP. Accordingly, the harmful information blocking service can be continuously provided through a different stable PoP, or the basic Internet service can be provided even at the worst case in which all the PoPs malfunction.

[54] Herein, as shown in FIG. 6, when the subscriber control device 300 is incorporated into the subscriber access network 100 in the form of the subscriber- traffic- separation/transmission controller 320 including the harmful-in- formation-blocking-system-PoP determination unit 320A, the harmful-in-

formation-blocking-system-PoP monitoring device 500 also may be incorporated into the subscriber access network 100 together with the subscriber control device 300.

[55] FIG. 5 is a block diagram illustrating the configuration of a harmful information blocking device for preventing the subscriber from being connected to harmful information in a harmful-information-blocking-system PoP having received traffic of the subscriber according to an exemplary embodiment of the present invention. According to the embodiment of the present invention, a device required for blocking harmful information has a duplex configuration, so that it is possible to provide more stable service.

[56] As described above, traffic of the harmful-information-blocking-service subscriber

20 is transmitted from the subscriber access network 100 to the subscriber connection device 410 of one of the harmful-information-blocking-system PoPs 400, which has been set by the subscriber control device 300.

[57] The traffic transmitted to the subscriber connection device 410 is transferred to the

ISP backbone, and then is transmitted to the packet filtering device 422 and 423 through the packet mirroring device 421 of the harmful information blocking device 420. In this case, the packet filtering device 422 and 423 has a duplex configuration constituted by the active switch 422 and standby switch 423 so as to stably block harmful information, and the packet mirroring device 421 transmits the same subscriber traffic to the two packet filtering switches 422 and 423. Among the packet filtering switches 422 and 423, while the packet filtering switch 422 set as an active state normally processes packets of the subscriber so as to block harmful information, the packet filtering switch 423 set as a standby state discards the received subscriber packets so that normal service can be provided. If a failure occurs in the active switch 422, the standby switch 423 operates as an active switch so as to process the subscriber packets, so that the harmful information blocking service can be stably provided even when one of the packet filtering switches malfunctions. Such an operation of the active switch 422 and standby switch 423 is controlled by the switch monitoring device 425. The switch monitoring device 425 periodically checks whether or not the packet filtering device, that is, the pre-declared active switch 422 and standby switch 423, are in normal operations by means of SNMP, ICMP, etc. During such a monitoring, when it is determined that a failure occurs in the active switch 422, the switch monitoring device 425 changes the setting of the standby switch 423 to an active state so that the harmful information blocking function can be normally provided.

[58] The packet filtering switches 422 and 423 separate and filter only packets necessary for the blocking service from among the subscriber packets received from the packet mirroring device 421, and distribute and transmit the filtered packets to a plurality of blocking servers 424a. In this case, preferably, the packet filtering switches 422 and

423 monitor the operations of the blocking servers 424a through TCP/UDP port monitoring, SNMP, ICMP, Link state monitoring with respect to the blocking servers 424a so as to check whether or not the blocking servers 424a are normally operating, and, when a specific blocking server is not in a normal operation, the packet filtering switches 422 and 423 do not transmit the subscriber packets to the specific blocking server any more so as to adaptively cope with a failure in the blocking servers 424a.

[59] FIGs. 7 and 8 are flowcharts illustrating methods for blocking connection to harmful information embodiment of the present invention based on another aspect of the present invention. As shown in FIG. 7, a method for blocking connection to harmful information in the ISP network according to a first embodiment of the present invention includes a subscriber- information registering step SlOO, a harmful-in- formation-blocking-system-PoP-monitoring-information transmitting step S200, a harmful-information-blocking-system-PoP determining step S300, a harmful-information-blocking-service-subscriber-traffic separating/transmitting step S400, a harmful-information-blocking-service-subscriber-packet analyzing step S500, and a harmful-information blocking step S600.

[60] In the subscriber-information registering step SlOO, when a subscriber requests an

ISP to accept joining for the harmful information blocking service through on-line or off-line, information about the harmful-information-blocking-service joining of the subscriber is registered in a subscriber control device. In the harmful-in- formation-blocking-system-PoP-monitoring-information transmitting step S200, a harmful information blocking system monitoring device, which monitors the current states of a plurality of harmful-information-blocking-system PoPs, checks the location information and state information of each harmful-information-blocking-system PoP, and then transmits a result of the checking to the subscriber control device. In the harmful-information-blocking-system-PoP determining step S300, after receiving the location information of the harmful-information-blocking-system PoPs and state information about the current states thereof, the subscriber control device selects and determines one harmful-information-blocking-system PoP from among the plurality of harmful- information-blocking-system PoPs.

[61] Preferably, in the harmful-information-blocking-system-PoP determining step, the subscriber control device preserves the location information and state information about each harmful-information-blocking-system PoP as database, by using the state information of the harmful-information-blocking-system PoPs received from the harmful-information-blocking-system-PoP monitoring device, and selects one harmful- information-blocking-system PoP by using the location information and state information of each PoP in the database and a load sharing algorithm whenever the harmful-information-blocking-service subscriber accesses the Internet or transmits a

packet.

[62] Herein, the location information of the harmful-information-blocking-system PoPs may correspond to a representative IP address of the blocking system PoPs, and the state information of the harmful-information-blocking-system PoPs may include at least one selected from the state information group consisting of the amount of access by subscribers, the amount of traffic which can be processed, packet processing delay time, and information about whether a failure occurs or not, according to each PoP. Preferably, the load sharing algorithm may be implemented such that one harmful- information-blocking-system PoP is selected based on parameters, which include a distance in the network and a network state on the route between the harmful-information-blocking-service subscriber and each harmful-information-blocking-system PoP, and the current subscriber and traffic capacities. In addition, more preferably, the load sharing algorithm may be implemented such that a manager may manually set one harmful- information-blocking-system PoP.

[63] In the harmful-information-blocking-service-subscriber-traffic separating/ transmitting step S400, when the subscriber accesses the Internet or transmits a packet, the subscriber control device identifies whether or not the subscriber corresponds to a harmful-information-blocking-service subscriber, separates traffic of the harmful- information-blocking-service subscriber from traffic of unsubscribers by means of a tunneling protocol or one routing technology selected from the routing technology group consisting of a policy-based routing (PBR) technology, and then transmits the subscriber traffic to a harmful-information-blocking-system PoP determined in the harmful-information-blocking-system-PoP determining step. In the harmful-information-blocking-service-subscriber-packet analyzing step S500, the subscriber traffic, which have been separated and concentrated on a predetermined harmful- information-blocking-system PoP by the subscriber control device in the harmful- information-blocking-service-subscriber-traffic separating/transmitting, is mirrored by a packet mirroring device, the mirrored packet is analyzed and compared with harmful information DB updated in real-time by a harmful-information-control-list-DB server, and it is determined if the subscriber packet requests harmful information. In the harmful- information blocking step S600, if it is determined that the packet of the service subscriber requests harmful information in the service-subscriber-packet analyzing step, a blocking message is transmitted to the service subscriber terminal, and a connection closing message is transmitted to a server which the service subscriber has attempted to access. In contrast, if it is determined that the packet of the service subscriber corresponds to a normal packet which does not request harmful information, the mirrored packet is discarded so that it is possible to normally use the Internet.

[64] A method for blocking connection to harmful information according to a second embodiment of the present invention is shown in FIG. 8. According to the second embodiment of the present invention, the method for blocking connection to harmful information further includes a basic-internet-connection maintaining step S700, which allows the subscriber control device 300 to change a traffic route such that the traffic of the harmful-information-blocking-service subscriber is transmitted to the Internet via a traffic route of an unsubscriber, when one harmful-information-blocking-system PoP has not been determined in the harmful-information-blocking-system-PoP determining step S300.

[65] Although several exemplary embodiments of the present invention have been described for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims. Therefore, it should be understood that the aforementioned embodiments are shown for purposes of illustration and explanation only and does not limit the present invention in any way.

[66] Accordingly, the scope of the present invention should be determined not by the embodiments illustrated, but by such claims as may be allowed and their legal equivalents.