JP2003008660A - Network routing system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To ensure and simplify authentication management, a PPV charging management, acquisition of audience rating, etc., in the information delivery in broadband. SOLUTION: In delivering information from an access party B to the user terminal A via the Internet by user authentication, an intelligent router 2 is provided per each of network routers or user terminals, where IP addresses of the access party and the user terminal are previously registered and a gate control table 2A including gates for setting whether to perform the information delivery between both addresses is provided, and an authentication server 1 opens a setting gate of the gate control table with the success of authentication of the user to enable the information delivery. The system also performs a session control by acquisition of a session log per each of individual IP addresses on the above gate, tied with a external session control system, and sets up a gate control of each outer in the form of relay, and uses such as surface acoustic wave devices as a encryption key to protect the routing mechanism and the delivery information.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a network routing system for information distribution utilizing a bidirectional communication environment such as the Internet.

[0002]

2. Description of the Related Art In the WWW, a user can view information composed of characters and images called a Web page published on the Internet while following a hyperlink. Information distribution services for users who visit websites include various information distribution service functions mainly for users, such as web page search, registration of favorite pages, storage of search history pages, storage of acquired characters and images, and printing. Is prepared.

As described above, in the information distribution service using the Internet, the network router enables the relay / exchange of packets based on the protocol definition of the network layer, and the relay when the data link layer and below are different. To enable. Further, the network router can control passage of broadcast packets frequently used in TCP / IP protocol and the like, and also enables routing in one-to-many (multicast) communication.

[0004]

The business utilizing a two-way communication environment such as the Internet or a digital television utilizing a broadcasting satellite includes a stream distribution business for distributing a movie or the like to a receiver and an advertisement distribution business.

In the stream distribution business, the Internet is used for both upstream communication and downstream communication, or the Internet is used for upstream communication and the broadcasting satellite is distributed for downstream communication, and pay-per-view (PPV) program pay is performed. Allows viewing.

[0006] The advertisement distribution business uses conventional broadcast media (T
V, radio) or print media (newspapers, magazines), instead of the advertisement distribution method, that is, the method of distributing indiscriminately to a large number of people, as shown in FIG. We will create a virtual user and try to deliver the advertisement information that the virtual user needs or is interested in at the minimum and effectively.

[0007] In such information distribution under broadband, the information originator carries out network routing by individual authentication of the receiver, and carries out information distribution using the multicast communication function of the network router. However, since the receiver changes frequently, the authentication management and the PPV accounting management become difficult. Moreover, there is a similar problem when acquiring the audience rating as a business.

It is an object of the present invention to provide a network routing system which surely and easily performs authentication management in information distribution under broadband, PPV charging management, audience rating acquisition and the like.

[0009]

In order to solve the above-mentioned problems, the present invention replaces a conventional network router with
Alternatively, an intelligent router is provided for each terminal, and this intelligent router is linked to an external authentication system to perform gate management for each IP address or individual unit for each connection destination address. To manage the session by acquiring a session log for each IP address for each upper gate, set up the gate management data of each router in a relay format, and protect the routing mechanism and distribution information by a cryptographic device. And is characterized by the following configuration. (1) A network routing system that distributes information from an information distributor to a user's terminal through a two-way communication environment, and routes the information distribution based on the user's authentication. It is provided for each user terminal, and I of the information distributor and the user terminal
An intelligent router that has a P management address registered in advance and has a gate management table composed of setting gates for whether or not information can be distributed between the two addresses, and information distribution from the information distribution source to the user is authenticated and the terminal of the user's terminal is authenticated. An authentication server is provided for enabling information distribution by opening a setting gate of the gate management table upon successful authentication.

(2) A network routing system for delivering information from an information delivery source to a user's terminal through a two-way communication environment, and routing the information delivery based on the user's authentication. An intelligent router that has a gate management table that is provided for each unit, in which the IP addresses of the information distributor and the user terminal are registered in advance, and that has a gate for setting the user ID, and authentication of information distribution from the information distributor to the user. And an authentication server that enables information distribution by registering a user ID in a setting gate of the gate management table when authentication of the terminal of the user is established.

(3) The intelligent router is
It is characterized in that a session log of the communication passing therethrough is recorded for each connected terminal / for each authenticated user, and the session log is delivered in response to a request from the external session management mechanism.

(4) The intelligent router is
For registration of IP addresses and user IDs of information distributors and user terminals, a master router among a plurality of fellow intelligent routers was defined, and the registration data of each fellow intelligent router was set up in this master router. Sometimes the master router forwards it in relay form to another fellow intelligent router,
It is characterized in that the transferred intelligent router has means for sequentially setting its registration data.

(5) A configuration in which an encryption device is mounted on the intelligent router, the authentication server, or the information distribution source, and a part or all of communication information passing therethrough is encrypted to protect the routing mechanism and the distribution information. Is characterized by.

[0014]

BEST MODE FOR CARRYING OUT THE INVENTION In the network routing system of the present invention, for example, as shown in FIG. 9 in which it is applied to a stream distribution business, a user A uses a stream distribution server B for multicast communication using the Internet. User A when receiving a stream distribution on
Intelligent router C is installed in the management server D
When the authentication of the user A is established by the above, the gate of the intelligent router C is opened, and the stream distribution and the charge management of the user A are enabled. Further, the management server D makes it possible to acquire the audience rating information from the viewing record of the intelligent router C.

Further, as shown in the case of applying to satellite broadcasting in FIG. 10, when the satellite broadcasting is received from the broadcasting station E to the receiving device G of the receiver via the broadcasting satellite F and is viewed on the Internet compatible television H. , An intelligent router I is installed on the receiver side, the intelligent router I obtains a PPV viewing application / permission from the intelligent router I through the Internet, and pay reception of the receiving device G with viewing permission (billing management)
To enable. Further, it is possible to acquire the audience rating on the broadcast station E side from the program selection information of the receiver. In addition, information distribution,
The same applies not only to broadcasting satellites but also to wired or wireless transmission / reception devices.

Hereinafter, the intelligent
An embodiment for authentication management, charging management, viewing management, etc. by a router will be described in detail.

(1) Gate Management Mechanism FIG. 1 is a block diagram of a network routing system according to the present invention, in which an IP address unit gate (information distribution) is provided for each connection destination address in cooperation with an external authentication system. Management of the permission gate. In the system configuration of FIG. 1, the authentication server 1 is provided as a centralized management unit of the network routing system, and is a common authentication management unit requested by a plurality of information sources such as an information distribution business.

The intelligent router 2 is provided on the network instead of the conventional network router, or is provided for each terminal. The intelligent router 2 registers in advance a gate management table 2A having data of a connection destination address, a terminal IP address, and a gate opening / closing flag.

In this configuration, when the terminal A receives information distribution from the connection destination B, which is an information distribution source, through the Internet or the like, gate management is performed in terminal units. The authentication server 1 permits the information distribution from the connection destination B to the terminal A, and when the authentication of the terminal A is established, the gate management table 2A
Switch the gate at the relevant point to OPEN. In the figure, the IP of the terminal A for the IP “XXXX” of the connection destination B
Only the gate of “ABCD” is set to “OPEN”, and the other terminals “ABCE” and the like remain “CLOSE”. The gate is closed when the intention to close the gate is explicitly indicated via the authentication server 1, when a certain time has elapsed after the session is started, and when communication in the session has not been performed for the certain time.

FIG. 2 shows the case of individual gate management. The intelligent router 2 has a gate management table 2B having an IP address of a terminal for each connection destination address and a user ID setting gate for each individual, and the user ID of the terminal authenticated by the authentication server 1 is also stored in the table. By registering in the setting gate of 2B, gate management on an individual basis is realized. The cancellation of the authentication in this case is the same as the case of the gate close in FIG.

Therefore, the authentication management is performed by the gate / management tables 2A and 2B provided in the intelligent router 2.
It can be done easily with the management of. For example, when the terminal A is the information receiving side terminal of the information distribution business and the connection destination B is the information transmitting side, by providing the intelligent router 2 as the router of the receiving side terminal A, the authentication server 1 receives the information. Is possible. At this time, connection destination B
In the authentication management, the authentication data need only be transferred to the authentication server 1 at each terminal and the subsequent authentication change data.

(2) Session Management Mechanism FIG. 3 shows a network routing system equipped with a session management mechanism, which operates in conjunction with an external session management (accounting management or viewing management) system and communicates through an intelligent router. The session log is recorded for each connected terminal / authenticated user, and the session management is delivered when requested by the external session management mechanism. Session management on the Internet requires many requests /
It enables identification and summarization for each user in conversational information communication that involves exchange of responses.

For the session management site 3 having such a function, the intelligent router 2 records a session log for each connection terminal / authenticated user and delivers the session log to the session management site 3. Thereby, for example, the charge management and the viewing management at the connection destination B, which is the source of the information distribution business, can be surely performed at the session management site 3.

(3) Remote Setup Mechanism FIG. 4 shows a network routing system provided with a remote setup mechanism, and each setup of the intelligent router 2 is performed remotely.

It is necessary to register the gate management tables 2A and 2B in advance in the intelligent router 2 shown in FIG. 1 or 2. The setup such as registration of the table data requires a huge amount of time and effort if it is performed individually for each terminal.

Therefore, as shown in FIG. 4, of the intelligent routers A, B, C and D of each terminal, the master router is designated (the router A is designated in the figure), and the gate is given to the master router A. Set up the data of the management tables 2A and 2B. As a result, the master router A internally sets the gate management table, expands it in the relay format to the other terminals described in the gate management table, and transfers the setup data.

This destination determination is made by the sibling intelligent router located at the shortest distance among the plurality of terminals listed in the gate management table. In FIG. 4, router A specifies the settings of routers B, C and D and is transferred to router B, and router B specifies the settings of routers C and D and is transferred to router C. Finally, from router C The settings of the router D are designated and transferred to the router D.

Since this is routing management, the contents required by each router are basically different, and the setting and transfer itself include redundancy. Specifically, a method is adopted in which the settings of all routers are temporarily stored in the master router A, and the setting information other than itself is handed over to the next router at the time of relay expansion.

Therefore, in setting up the data of the gate management table, it is only necessary to transfer the data including the setting data of the routers of other compatriots to the master router, and in the case of setting data having many similarities to many compatriot terminals. The time and information load can be significantly reduced.

(4) Cryptographic Mechanism Using Surface Acoustic Wave Element FIG. 5 shows a cryptographic mechanism in which the surface acoustic wave element in the network routing system is used as an encryption device or a decryption device. The piezoelectric effect of the surface acoustic wave element protects the routing mechanism and the distribution information.

In the surface acoustic wave device, a pair of interdigital electrodes are provided on a quartz substrate, and an electric signal is applied to one of the interdigital electrodes, so that the piezoelectric surface of the quartz substrate causes the electrodes to form an elastic surface on the quartz substrate. A wave can be generated, and this surface acoustic wave can be propagated to the other interdigital transducer and taken out as an electric signal. In the generation and propagation of this surface acoustic wave, a filter function and a modulation function can be provided depending on the electrode pattern and the electrode pitch of the interdigital electrode.

The cryptographic device 4 shown in FIG. 5 has the above-described surface acoustic wave element structure, and has a comb-shaped electrode portion 4A having a number corresponding to the number of bits of a digital input signal, and this electrode portion 4A.
Is provided at a position facing each of the interdigital electrodes of
The interdigital transducer section 4B is provided for extracting the surface acoustic wave signal propagating from the electrode section 4A as a deflection output signal by changing the phase with a deflection code.

The interdigital transducer 4A is a passive interdigital transducer for taking in an input signal having a plurality of bits as a surface acoustic wave having a predetermined frequency and phase for each bit. Further, the interdigital transducer 4B becomes an active interdigital transducer that deflects an input signal by a deflection code set for each bit.

Therefore, the encryption device 4 can obtain the output signal by encrypting the input signal with the deflection code. Then, the input signal can be decrypted from this output signal by providing a decryption device having the same element configuration as the encryption device 4 and decrypting by applying the same deflection code. At this time, the deflection code becomes a key code for encryption and decryption.

From the above, in the information distribution business utilizing the Internet, etc., the intelligent router shown in FIGS. 1 to 4 is equipped with the decryption device of the surface acoustic wave element configuration, and the authentication server and the information distributor are encrypted. By selecting various application methods such as providing the device 4, the routing mechanism and the distribution information can be reliably and easily protected. As a specific application method, there are two modes: a mode in which the cryptographic device is applied to all communications passing through the intelligent router, and a mode in which the cryptographic device is used for communication with a specific partner by interlocking with gate management.

In addition, in the case of using it for each gate, two adaptation methods are prepared, one for interlocking with the authentication mechanism for each individual terminal and one for adapting to all communications passing through the gate. When interlocking with the authentication mechanism, the communication from the terminal shall be connected to the encryption device upon completion of the authentication.
In the case of applying to all, the cryptographic device equipped as standard in the intelligent router is used, and in the case of applying to the gate unit, as shown in FIG. 6, an upper cryptographic device is added by a bit digit as needed.

In addition, the relay type remote type
When applied to the automatic setting communication of the sibling router by the setup mechanism, as shown in FIG. 7, it is always performed through the encryption device, and the deflection code used in that case is the deflection code determined in advance in the sibling. Used as an encryption synchronization signal.

[0038]

As described above, according to the present invention, an intelligent router is provided for each network router or terminal, and this intelligent router is linked with an external authentication system to provide an individual IP for each connection destination address.
Gate management on an address or individual basis, session management by acquiring a session log for each IP address for the upper gate in conjunction with an external session management system, and gate management data for each router in relay format Since the setting up is performed and the routing mechanism and the distribution information are protected by the cryptographic device using the surface acoustic wave element or the like as the cryptographic key, the authentication management in the information distribution under the broadband and the PPV charging accounting,
This has the effect of making sure that the acquisition of audience ratings is easy.

[Brief description of drawings]

FIG. 1 is a configuration diagram of a network routing system showing an embodiment of the present invention.

FIG. 2 is a configuration diagram of a network routing system showing an embodiment of the present invention.

FIG. 3 is a session management mechanism showing an embodiment of the present invention.

FIG. 4 is a setup mechanism showing an embodiment of the present invention.

FIG. 5 is a configuration diagram of a cryptographic device using a surface acoustic wave element according to an embodiment of the present invention.

FIG. 6 is an application example of a cryptographic device showing an embodiment of the present invention.

FIG. 7 is a relationship diagram between a setup and a cryptographic synchronization signal showing an embodiment of the present invention.

FIG. 8 is an explanatory diagram of information distribution based on tastes and interests of an advertisement distribution business.

FIG. 9 is an explanatory diagram of an application example of the intelligent router of the present invention.

FIG. 10 is an explanatory diagram of an application example of the intelligent router of the present invention.

[Explanation of symbols]

A ... User terminal B: Connection destination (information distribution source) 1 ... Authentication server 2 ... Intelligent router 2A, 2B ... Gate management table 3 ... Session management site 4 ... Cryptographic device 4A, 4B ... Interdigital electrode part of surface acoustic wave element

Claims (5)

[Claims] 1. A network routing system for delivering information from an information delivery source to a user's terminal through a two-way communication environment, and routing the information delivery based on the user's authentication, in units of network routers. Alternatively, an intelligent router that is provided for each user terminal, in which the IP addresses of the information distribution source and the user terminal are registered in advance, and that has a gate management table that includes a gate for setting whether information distribution is possible between both addresses, and an information distribution source Network routing characterized by comprising an authentication server for authenticating information distribution to a user, and opening the setting gate of the gate management table to enable information distribution when the terminal of the user is authenticated.・
system. 2. A network routing system for delivering information from an information delivery source to a user's terminal through a two-way communication environment, and routing the information delivery based on the user's authentication. An intelligent router that has a gate management table that is provided with the IP addresses of the information distributor and the user terminal and has a user ID setting gate, and the authentication of the information distribution from the information distributor to the user. And a certification server for registering a user ID in a setting gate of the gate management table to enable information distribution when the terminal of the user is authenticated.
Routing system. 3. The intelligent router comprises means for recording a session log of communication passing therethrough on a connection terminal basis / authentication user basis and delivering the session log in response to a request from an external session management mechanism. The network routing system according to claim 1 or 2. 4. The intelligent router is configured so that the IP address of the information distributor and the user terminal and the user I.
For registration of D, a master router among a plurality of fellow intelligent routers is defined, and when the registered data of each fellow intelligent router is set up in this master router, the other master is relayed from the master router. 3. A means for transferring to a fellow intelligent router, the transferred intelligent router comprising means for sequentially setting its registration data.
3. The network routing system according to any one of 3 above. 5. A configuration in which an encryption device is installed in the intelligent router, the authentication server, or the information distribution source, and encryption processing is performed on a part or all of communication information passing therethrough to protect the routing mechanism and the distribution information. A network routing system according to any one of claims 1 to 4, characterized in that