KR20040006425A - Method for pre-paid serving in a on/off line network - Google Patents

Abstract

PURPOSE: A prepayment connection supplemental service method in a wired/wireless network is provided to offer supplemental functions such as the flexibility of billing method selection right, a security function of information transmission, a rating limiting function in a user connection device, a transmission quality assignment function, a virtual routing function for composing a virtual network, an automatic activation function and an on-line recharging function. CONSTITUTION: A connection system(101) provides user connection as a prepaid type. The connection system(101) dynamically sets a person-specialized integration billing estimation reference. The connection system(101) controls the transmission of user information on the basis of the integration billing. The connection system(101) sets an end-to-end security path between a user connection device(102) and a destination for requesting security connection. The connection system(101) sets an end-to-end virtual path between the user connection device(102) and a destination for requesting logical point-to-point connection. The user connection device(102) assigns transmission quality of user information, and transmits user information to a user connection network equipment(103). A server(105) automatically activates the connection system(101). The server(105) automatically recharges the connection system(101) through on-line by the end-to-end security path.

Description

Pre-paid additional service method in wired / wireless network {METHOD FOR PRE-PAID SERVING IN A ON / OFF LINE NETWORK}

The present invention relates to a prepaid access service technology. In particular, the present invention provides a new business that can meet the demands of the wired / wireless user access environment and solve the problems faced by transmission / service providers and improve the profitability. The present invention relates to a method of prepaid access service in wired / wireless networks, which enables a model to be quickly created at low additional cost through value-added of already invested / installed resources.

Commonly used wired / wireless access devices include telephone modems, DSL modems, cable modems, wireless LAN cards, personal digital assistants (PDAs), and wireless Internet devices (eg, mobile phones). Charging for data network access services is left to the service provider. Charging is done through a monthly fee, an hourly schedule, and a very simple pay-as-you-go plan.

In terms of billing, prepaid cards for dial-up are very similar. Prepaid calling card is a card for voice call, and the call time is controlled according to the amount paid in advance, and it is widely used for those who have frequent international calls or frequent business trips.

When the prepaid phone card is applied to a data network connection device, there are the following problems.

For example, a prepaid phone card is a simple memory card for storing information, and thus it is not easy to control the usage amount. That is, there is a problem that the subject that can block the use when the consumption is exhausted is limited to the service provider.

Therefore, the prepaid calling card provider must secure the function of managing users.

On the other hand, there are existing methods of charging using a mobile phone or POS data system. However, these methods do not offer prepaid concepts, flexible billing, and new add-ons.

On the other hand, smart cards are a model that provides similar functions in terms of providing security. The smart card forms a microchip, memory, etc. on a credit card-sized plastic card as a single chip, and provides the advantages of security and mobility based on the data operation processing function and the data storage function through the microprocessor and the memory. . Cards without microprocessors in these card components are called memory cards and are used for simple data storage. In addition, the user's information and passwords are recorded using only the chip portion, and are mounted on the mobile communication terminal, and thus are widely used in electronic commerce and user authentication processes.

The disadvantages of such a smart card are described as follows.

First, the billing process must be done by the service provider. In other words, the payment is processed in the post-payment system that uses a credit card or includes it in the telephone cost during electronic commerce.

Second, they do not have enough processors to encrypt user data in real time. The processor installed in the smart card has a function of encrypting a user authentication or a password and sending it. However, since the processor is intended for user authentication only, a high performance processor is not required. However, current cross-certification uses a certificate from a trusted certification authority (CA), so the process of registering each secure connection party with a CA or decrypting a digitally signed certificate from the CA. There are problems with the cost of use.

Third, in addition to security, the general smart card does not provide additional service functions such as charging user traffic control function, virtual routing, and transmission quality guarantee.

The above technologies do not satisfy the current demands under the following wired / wireless connection environments.

Simple customer management : Current customer management systems manage large amounts of user information (e.g., billing information, registration information, access information, etc.) and a large database to perform individual notification of processed content. There is a burden of having a department and a processing department. Of course, this burden is also a problem that arises whenever a new service is provided. Therefore, a simpler customer management procedure is required for most wired / wireless access providers or service providers.

Reliable user access : Authenticating users' reliability is a common challenge for all wired and wireless service providers and service providers. Authenticating many users is a big challenge, but securing a trust in the user itself can be a big challenge. A representative example of such a problem is the leakage and loss of user access information.

Expanding user range : In terms of billing method, current users can be classified into monthly users and part-time users. However, in terms of user selection, the number of users who are willing to pay the actual fee according to the amount of data transmitted or received is increasing. By providing specialized services to the needs of these users, the market demand to expand the new user hierarchy and to expand the options of existing users is increasing.

Specialized user billing method : There is an increasing demand for a customer-tailored billing function (Q101) by combining each user's preference, access network type, billing method, and content service type.

Create a profitable new business model : The biggest requirement for wired / wireless service providers and service providers is to create a profitable value-added business model. In other words, there is a need for a new way to increase profitability by adding additional service functions to the existing infrastructure without significant investment.

On the other hand, secure end-to-end secure path establishment is very important in relation to security, and one of the most important things in managing security information is managing / distributing the path security key securely.

It is never easy for an end user to securely manage a path security key. One of the best ways is to secure without the user knowing about the path security key itself.

In addition, in order for end-to-end user information security, a secure path must be established from the user access means.

SUMMARY OF THE INVENTION The present invention has been made in view of the above-described demands, and includes the flexibility of the billing method option (fixed-time, time-based, pay-as-you-go, combinations thereof), security of information transmission, transmission rate control in a user interface, transmission quality allocation, virtual network configuration By providing additional functions such as virtual path setting function, automatic activation, and online recharging function, it provides a pre-paid access service method for wired / wireless network which greatly reduces the burden on user management of transmission / service providers. Its purpose is to.

In order to achieve this object, the present invention is characterized by distributing the control / monitoring function for traffic to a user access device.

In addition, the present invention is characterized in that a secure path security key is managed and distributed, an end-to-end security path is easily set, and hardware / processing for encryption / decryption is implemented in a user access device.

In addition, the present invention is characterized by automatically processing the activation process of the prepaid connection system.

In addition, the present invention is characterized by applying a virtual path setting technique that automatically connects user traffic to a service provider network through a transmission provider network in a short time without a special authentication procedure.

In addition, the present invention is characterized by applying an online recharging technique to reuse the prepaid access system that has been used due to the need for end-to-end security maintenance.

The present invention also provides an additional service method of a connection system that can be connected in a user connection device connected to a transmission network via a wired / wireless connection network, the method comprising: a first step of providing a user connection in a connection system in advance; Dynamically setting personalized consolidated billing criteria; Controlling user information transmission in the access system based on integrated charging; A fourth step of establishing an end-to-end secure path between the user access device and a destination requiring a secure connection in the access system; A fifth step of establishing an end-to-end virtual path between a user access device and a destination requiring a logical point-to-point connection in the access system; A sixth step of allocating the transmission quality of the user information in the access system and delivering the user information to the user access network equipment; A seventh step of automatically activating the access system; And an eighth step of automatically recharging the access system online using an end-to-end secure path.

1 is a block diagram showing the overall configuration of a prepaid access system having an additional service function according to a preferred embodiment of the present invention;

2 is a diagram illustrating blocks for determining a personalized billing function;

3 is a diagram for explaining the type and delivery path of an information key stored in a prepaid access system having an additional service function, for example, the N-chip 101;

4 is a flowchart of a process of controlling user data transmission in the N-chip 101 by the integrated charging function;

5 is a table showing a charging form defined in the CTC (Q101) based integrated charging calculation system,

6 is a view for explaining a charging calculation method according to a user access port change;

FIG. 7 is a diagram illustrating charging calculation applied when an arbitrary user connects to a wired Internet, a wireless LAN, and a wireless Internet to use the same N-chip 101. FIG.

8 is a diagram illustrating a charging calculation method for a paid content service;

9 is a view showing a final integrated charging calculation method according to the CTC (Q101) function,

10 is a diagram illustrating a procedure for an automatic activation process of the N-chip 101;

11 is a diagram illustrating a process relating to an end-to-end secure connection method of the N-chip 101,

12 illustrates an online recharge procedure using a secure path;

FIG. 13 is a diagram illustrating definitions of a physical point-to-point connection (D101) and a logical point-to-point connection (D102).

14 is a view showing a connection method between the user access device 102 and the transmission network address allocation device (L101),

15 is a view for explaining a method (F101) for transmitting data by including a path key 203 in all user traffic;

16 is a view for explaining a method (F102) for transmitting data using a mapping function of the user access network equipment 103;

FIG. 17 is a diagram illustrating a logical point-to-point connection (D102) setting connecting a plurality of service providers through a method F102 using a user mapping function.

18 is a diagram exemplarily illustrating a path setting connected to a final destination according to transmission quality;

19 is a view showing in detail the configuration of the user connection device 102,

20 is a diagram showing in detail the configuration of the data transfer block N101 of the N-chip 101;

21 is a diagram showing the basic configuration of the user access network equipment 103,

FIG. 22 is a view showing related persons applied to the present invention; FIG.

FIG. 23 is a diagram summarizing the interconnection relationship and its effects applied to the present invention. FIG.

<Explanation of symbols for the main parts of the drawings>

101: prepaid access system with additional service function

102: user access device 103: user access network equipment

104: security access device 105: server

106: transmission network equipment 107: destination equipment

201: activation key 202: public key of the destination device

203: path key 204: activation server

205: recharge server

206: master secret 301: traffic input and output

302: Prepayment fee 303: Traffic classification

304: Accumulate traffic count information 305: Set acceptance criteria

306: Allowance exceeded 307: Traffic sent

308: Discard traffic P109: Count information

P110: acceptance threshold S101: data security path

S102: Secure Path D101: Physical Point-to-Point Connection

D102: Logical Point-to-Point Connections

L101: network address allocation equipment

M101: path key mapping table M102: forwarding table

M103: Quality Mapping Table N101: Data Transmission Block

N102: Activation Block N103: Path Control Block

N104: Security control block N105: Recharge block

U101: User Data Transfer Software

U102: User Control Software U103: Wired / Wireless Connection Port

C101: Traffic classification C103: Accumulation of counting information

C104: Connection changeover C105: Transmission quality allocation

C106: Rate Limit

U104: Wired / Wireless User Connection Port U105: Transmission Network Connection Port

I101: user interface card

I102: network interface card I103: switching fabric

B101: Transport Operator B102: Individual User

B103: Service Provider B104: Wired / Wireless Access Provider

B105: Enterprise User B106: Telecom Reseller

P101: Hourly P102: Pay as you go

P103: Flat Rate P108: Acceptable Threshold

P109: Counting Information P110: Rate Conversion Formula

P110: connection transfer criteria

Q101: Personalized Charging Function (CTC)

R101: Prepaid Consolidated Billing Based Traffic Control / Monitoring / Switching Method

R102: Automatic activation method with activation key

R103: How to Set Up an End-to-End Security Path

R104: End-to-End Secure Online Recharge Method

R105: How to Set Up Virtual Paths

R106: Transmission Quality Allocation Method

Hereinafter, with reference to the accompanying drawings will be described in detail a preferred embodiment of the present invention.

1 is a block diagram showing the overall configuration of a prepaid access system having an additional service function in a wired / wireless network according to a preferred embodiment of the present invention.

First, the prepaid function in the present invention may be compared to a communication battery (rechargeable battery if rechargeable) from the standpoint of charging. That is, in terms of prepayment, it is similar to the present invention, but it can be seen that there is a difference in the fundamental technology.

In addition, the present invention provides a function to limit the transmission of user information on the basis of the prepaid billing in the prepaid access system, aka, N-chip 101 to reduce the burden of work related to the billing process of the service provider. do.

In addition, the present invention provides a function that can quickly process mutual authentication without a CA certificate by using the information stored in the N-chip (101).

In addition, the virtual path establishment technique applied to the present invention is a technique for automatically connecting user traffic to a service provider network quickly without any special authentication procedure, and the following two techniques are additionally required.

1) Automatic recognition of user's service provider: When a user first starts traffic transmission, the user's service provider wants the network operator to automatically connect the user to his or her network according to the mutual agreement. In this case, it is necessary to automatically recognize various service providers in the user access network equipment of the transmission network operator.

2) Automatic authentication procedure: For fast and reliable user access, the service provider requires the automatic authentication procedure.

In addition, Table 1 below shows the source technologies that can meet the conventional requirements in the prepaid connection technology according to the present invention.

TABLE 1

Market requirements Meet technology Remarks Simple customer care Prepaid function, N-chip 101's own traffic control function (independent of transmission network) The prepaid function and its own traffic control function built into the user interface 102 greatly reduces the burden on the service provider of billing-related recording / processing / notification. Reliable user access Built-in security / authentication The security / authentication function built into the user interface 102 allows service / transfer providers to increase their trust in users, thereby reducing the administrative burden required for this. Extend user range Charge function according to usage amount (total amount of data transmitted / received, service count, or a combination) In addition to the monthly / hourly basis, you can have a new user base that you want to pay based on usage. Specialized User Billing Method User Billing Specialization Individual billing can be set separately using the CTC function (Q101). Create a profitable new business model Additional service function Increased returns and new revenue models can be created through value-added investments in existing facilities / resources without significant burden on additional costs.

On the other hand, the integrated charging calculation system of the user interface device 102 equipped with the N-chip 101 is made through the CTC function Q101 shown in FIG.

The combination of the internal elements of the blocks constituting the CTC function Q101 can be changed at any time, so that the changed accounting criteria are automatically applied to the charging criteria traffic control / monitoring function of the user access system.

On the other hand, the general charging method of the existing transmission / service providers is to accumulate / process the user's information and collect the amount according to the contract with the user after using the information. This charging process is carried out through the user management system of the communication / service providers, the problem is that the cost of managing them when the number of users is large.

In order to reduce such a burden, the present invention focuses on greatly reducing the burden on user management aspects of transmission / service providers by allowing all billing-related processing to be handled within the user access device 102 as much as possible. The prepaid connection method is the easiest and most suitable way to meet these requirements. In order for the prepaid access technology to simplify the user management functions of the transmission / service providers, the conditions for ensuring the user access reliably and controlling / monitoring / switching / consolidated billing-based traffic must be satisfied in the user access device 102. do.

Reliable user access guarantees means that only authorized users can receive data transmissions and services. Authentication of the user is also achieved by trusting the user access device 102 itself in order to reduce the user management function burden of the transmission / service providers.

The trust in the user connection device 102 proposed in the present invention is achieved by mounting the verified hardware in the device. Here, the verified hardware refers to a device licensed by the transmission / service providers. The N-chip 101 according to the present invention is a system used as such verified hardware.

As illustrated in FIG. 3, the N-chip 101, which is previously authenticated to the transmission / service providers, may be activated by being activated through an authentication process after exchanging the built-in activation key 201 with the activation server 204. do. The value of the activation key 201 embedded in the N-chip 101 is impossible to find the contents from the outside to the extent that it is unknown to the user himself.

The charging function in the user access device 102 is a function for controlling itself so that the user can receive the service as much as the amount paid by the user. This function allows billing to be done within the user access device 102, thereby enabling transmission / service providers to reduce the complex administrative burden associated with user billing.

4 is a diagram illustrating a user data transmission control process by an integrated billing function in the N-chip 101.

As shown in FIG. 4, the amount paid by the user is converted into an acceptable reference value P108 by the defined prepaid conversion formula P110 and stored in the N-chip 101. As the user transmits the information, coefficient information P109 for each billing method is collected in real time, and the user traffic is controlled by the connection switching criterion P111 by comparing the value with the allowable reference value P108.

Functions as shown in FIG. 20 are implemented in the N-chip 101 to provide such integrated charging reference traffic control.

Traffic Classification Function C101: The user data transmission software U101 shown in FIG. 19 is a function that classifies output traffic to be transmitted or input traffic input from a transmission network. The classification criteria are address information included in the traffic, application related information, and service related information.

Acceptance threshold value setting function (C102): It is a function to set the allowable threshold value (P108) that can be transmitted according to the rate conversion formula (P110) of the usable amount.

Traffic Accounting Function C103: A function of accumulating, in real time, coefficient information P109 compared with the set allowable reference value P108. In addition, it also accumulates statistical information that notifies the user as needed. This information is, for example, the total number of packets successfully transmitted and received, the total number of packets tagged or discarded by the connection rate limiting function C106 and the traffic switching function C104, and the like.

Traffic switching function C104: If the set allowance reference value P108 is smaller than the count information P109 accumulated so far, all traffic passing through the N-chip 101 is discarded (308). All traffic of the user is discarded (308) until online recharge (R104) or a new N-chip 101 is purchased and mounted.

Transmission quality assignment function (C105): This function allocates transmission quality per user data flow or wired / wireless connection.

Rate-Limiting Function (C106): A function of limiting the maximum data rate of wired / wireless connection of the user access device 102. When the user access device 102 has a rate limiting function C106, the data transfer block N101 of the N-chip 101 limits the rate independently for each transmission quality through traffic monitoring. This feature exists only on the path through which user traffic flows to the network. This feature is not necessary for traffic coming from the network.

Meanwhile, the charging form defined in the CTC (Q101) based integrated charging calculation system shown in FIG. 2 is shown in more detail in the table of FIG. 5.

In addition, the connection switching criteria and the acceptance criteria of the basic charging type, the hourly rate, and the metering rate, which are required for the charging reference traffic control of the N-chip 101, may be determined as shown in the table of FIG. 6.

The N-chip 101 is designed to be used for all wired / wireless user access devices 102, and is charged based on the connection type of the user access device 102 (eg, wired / wireless LAN, wireless Internet, etc.). The factors (for example, t: allowable time per price and d: allowable amount of transmit / receive data per price) may be different. The accounting calculation according to the user access port change is performed in the same manner as shown in FIG. 6.

7 is a diagram exemplarily illustrating a charging calculation applied when a user uses the same N-chip 101 through a wired, wireless LAN, and wireless Internet.

In some cases, the user may use a paid content service. In this case, the user generally pays a fee for using the content in addition to the basic access fee.

The charging calculation applied to such an application is as shown in FIG. Billing methods for paid content are largely divided into two types, based on the amount of paid content used and the number of times of use.

9 is a view showing a final integrated charging calculation method according to the CTC (Q101) function.

On the other hand, automatic activation according to the present invention can be implemented using the activation key 201.

Since the N-chip 101 is initially installed or recharged in the user interface device 102, the N-chip 101 is in an "out-of-service" state. The purpose of activation is to switch the state of the N-chip 101 to a state capable of transmitting and receiving data (In-Service state).

In the present invention, the activation establishes a path where end-to-end security can be maintained by the end-to-end security path setting method (R103), and whether or not activation is performed by the activation server using the activation key 201 transmitted from the user access device 102. It is determined by comparing with registered information.

Once activated, the N-chip 101 switched to the "In-Service" state can be used at any time without going through any further activation process. In other words, the activation process is performed only once. Activation is a management purpose for the N-chip 101 itself, not a user management purpose.

10 is a diagram illustrating an activation process through an activation key path 201. The assigned activation key 201 value stored in the N-chip 101, the transmission address of the activation server 204 and the public key 207 of the activation server are not accessible from the outside.

Next, the end-to-end security path setting method R103 will be described.

The simplest way to communicate while maintaining security is to encrypt, transmit, and decrypt information with an end-to-end one-pass secret key (206). The method of exchanging and managing the route security key 206 safely in a general situation where the other party's information cannot be confirmed has undergone a lot of research and development, but has many inconveniences and problems.

The present invention proposes a method for safely and easily distributing a path security key by using a public key of a destination device stored in the N-chip 101.

FIG. 11 is a diagram illustrating a process related to an end-to-end secure connection method of the N-chip 101, and FIG. 13 is a diagram illustrating definitions of a physical point-to-point connection (D101) and a logical point-to-point connection (D102). .

Hereinafter, a process of establishing a secure path between the user access device 102 and the destination equipment 107 will be described in detail with reference to FIGS. 11 and 13.

First, request a secure path setting from the user connection device 102 to the destination equipment 107 (step S1).

Upon receiving the secure routing request message, the destination equipment 107 sends a response message to the user access device 102 if it can accept the request (step S2).

Upon receiving the response message, the user access device 102 encrypts its public key with the public key 202 of the destination device 107 stored in the N-chip 101 and transmits it to the destination device 107 ( Step S3).

Thereafter, the destination device 107 generates one path security key 206, encrypts the path security key 206 with the public key of the user access device 102 extracted in step S3, and sends the same to the user access device 102. Transmit (step S4). As such, the user interface 102 and the destination equipment 107 securely exchange one path security key 206.

On the other hand, the user access device 102 notifies the destination equipment 107 that the message to be transmitted is then encrypted with the path security key 206 (step S5).

Then, the user access device 102 encrypts the message indicating that the secure path setting step is completed with the path security key 206 and transmits the message to the destination device 107 (step S6).

The destination equipment 107 decrypts the message generated in step S6 to confirm that the path security key 206 such as the user access device 102 is being used, and the message to be transmitted in the future is the path security key 206. The user connection device 102 is notified that the data will be encrypted (step S7).

Then, the destination equipment 107 also encrypts the message that the secure path setting step is completed with the path security key 206 and transmits the message to the user access device 102 (step S8). From this point on, the message encrypted with the path security key 206 is a message guaranteed to be secured.

When the secure path release message is received at any time after the secure path setting (R103) is finished, the security path S102 is released and the path security key 206 is discarded. If a release message is received during the secure path setup process (R103), the process starts again from the secure route setup request step.

Next, an end-to-end secure online recharge method R104 will be described.

A method of automatically recharging online is proposed in order to reuse the used N-chip 101 by the agreed amount. On-line recharging requires three conditions to be successful.

First, end-to-end security must be maintained online during the recharge process.

Second, the state of the N-chip 101 should be switched from the "In-Service" to the "Out-of-Service" state.

Third, the initialization of the coefficient information and the reset of the allowable reference value should be completed.

12 is a diagram illustrating this end-to-end secure secure online recharge process.

As shown in FIG. 12, the recharge secure path S102 between the N-chip 101 and the end of the recharge server 205 in the recharge process is set by the end-to-end secure path setting method R103 described above. Information about the recharge amount, activation key 201 value, billing method, and prepaid payment method required for recharging is securely transmitted through the secure path S102.

If recharging is successfully executed, the state of the N-chip 101 is switched to "Out-of-Service". In order to transition the recharged N-chip 101 into a usable " In-Service " state, the activation step described above must be performed. Resetting the acceptance criteria follows the single consolidated billing calculation and connection transfer criteria of FIG. 6 depending on the amount prepaid and the type of service.

As described above, FIG. 12 schematically illustrates a procedure for online recharge. Here, the transmission address of the recharging server 205 initially allocated in the N-chip 101 is not accessible from the outside.

Next, the virtual path setting method R105 will be described.

Automatic virtual routing is a service that logically points-to-point connect (D102) users and service providers.

FIG. 13 is a diagram for explaining the definition of the logical point-to-point connection D102 and the physical point-to-point connection D101.

Each logical point-to-point connection D102 may be defined by a transport layer. That is, seven layers of OSI such as physical layer (Layer 1: Physical Layer), data link layer (Layer 2: Data Link Layer), network layer (Layer 3: Network Layer), transport layer (Layer 4: Transport Layer), etc. Point-to-point connections on each higher layer except the physical layer may be defined as logical point-to-point connections (D102). For example, the logical point-to-point connection (D102) in the Internet environment mainly refers to the logical connection at the Layer 3 (Network Layer), while the point-to-point connection on the physical layer is referred to as the physical point-to-point connection (D101). Can be defined.

The virtual path establishment method R105 provided by the present invention is used to provide a logical point-to-point connection D102 in all layers except the physical layer.

For the sake of simplicity, this description focuses on the logical point-to-point connection (D102) in the network layer (Layer 3; Network Layer) in the Internet environment.

In order to transmit / exchange information, the user access device 102 must first be assigned a transport network address (eg, an Internet address). In this case, a logical point-to-point connection (D102) setting is necessary between the device L101 for allocating a transmission network address and the user access device 102.

The connection method between the user access device 102 and the transport network address allocation device L101 may be classified into two cases as shown in FIG. 14.

1. When the network address assignment device (L101) and the user access device 102 are physically directly connected (C101).

2. When the network address assignment equipment L101 and the user access device 102 are logically point-to-point connected (C102).

In the first case (C101), the user access network equipment 103 is also responsible for the role of the transport network address allocation equipment (L101). In this case, the virtual path for the logical point-to-point connection D102 in the user access network equipment 103 need not be specifically set up through the transmission network. However, the path key 203 assigned / embedded by the N-chip 101 service provider is transmitted to the user access network equipment 103 in the network address assignment process. For example, the transport network address assignment process is the protocol specification of the IETF. When made through Point-to-Point Protocol (PPP), the path key 203 value is used as a user ID or password required in a network control process (NCP).

Note that the embedded path key 203 is automatically transmitted even if the user does not enter the user ID or password directly. The service provider may be recognized through the path key 203 value, and may be distinguished from other users who do not use the N-chip 101.

In contrast, in the second case (C102), the virtual path for the logical point-to-point connection (D102) between the transport network address assignment device (L101) and the user access device (102) must be established through the transport network in the user access network equipment (103). do.

The most important thing for this is how the user access network equipment 103 identifies the service provider of each user.

In the present invention, this problem is solved by using the path key 203 embedded in the N-chip 101.

In this case, the contents of the path key 203 value may be composed of a value such as an Internet address or a web address of a service provider managing the transport network address allocation equipment L101, and also owns the service provider and the user access network equipment 103. Identification numbers specially defined between transmitting providers may be used. In practice, the user access network equipment 103 uses the information of the transmitted path key 203 or, if necessary, information of layers below the logical point-to-point connection D102 (eg, physical layer, data link layer). A virtual path between the access network device 103 and the transport address assignment device L101 is set.

In the initial connection of the user, the path key 203 embedded in the N-chip 101 is transmitted to the user access network equipment 103, and the output is set in advance so as to be connected to the path key 203 value and the transport network address assignment equipment L101. The connection is automatically performed with reference to the initial path key mapping table M101 configured as a port. The transmission network address is allocated to the user access device 102 through the logical point-to-point connection D102 configured as described above.

After the transport network address is assigned to the user access device 102, a method for transparently transmitting user traffic to the transport address assignment device L101 through the virtual path for the logical point-to-point connection D102 is as follows. It can be abbreviated to one embodiment.

1. Include route key 203 in all user traffic and transmit (F101).

2. Transmission of user traffic using the mapping function of the user access network equipment 103 (F102).

The first embodiment F101 transmits user traffic in the same manner as when receiving a network address. That is, all user data is transmitted from the user access network equipment 103 with reference only to the path key mapping table M101.

15 shows an implementation process for this first embodiment F101.

In contrast, in the second embodiment F102, the user access network equipment 103 uses a mapping function between the transmission network address and the output port of the user access device 102 to transmit user data.

In the second embodiment, the transmission network address received from the transmission network address allocation device L101 is transmitted from the user access network equipment 103 to the user access device 102 at the initial connection of the user, and this address is used as the starting address. A forwarding table M102 is mapped to an output port preset to be connected to the equipment L101. Subsequent user data transfer is made via this forwarding table M102.

Therefore, after the transmission network address is delivered to the user, the path key 203 is no longer used, and the user data is then transmitted with reference to the forwarding table M102 set in the user access network equipment 103. In this embodiment, the path key 203 is transmitted to the destination with reference to the path key mapping table M101.

16 shows an implementation process for this second embodiment.

FIG. 17 is a diagram exemplarily illustrating a logical point-to-point connection (D102) setting connecting a plurality of service providers through a method F102 of using a mapping function of the user access network equipment 103.

18 is a diagram for describing a transmission quality assignment method R106, which is one of additional service functions according to the present invention.

As shown in FIG. 18, the end-to-end transmission quality guarantee of user data in the present invention is ensured by implementing a function of assigning a predefined transmission quality (class of service) to the N-chip 101.

All user data is transmitted to the user access network equipment 103 in the form of the transmission quality assigned in real time by the N-chip 101 and transmitted to the final destination through different paths (or differentiated processing) in the transmission network. The charging reference traffic control in the N-chip 101 is performed independently between each transmission quality. In addition, the transmission quality is allocated in units of a connection flow. The traffic classification function C101, the allowance threshold value setting function C102, the traffic counting function C103, and the traffic switching function C104 of the N-chip 101 proposed above are independently performed for each transmission quality.

An advantage of the method R106 in which the transmission quality of the user is assigned by the N-chip 101 is that the transmission quality assigned by the user equipment can be trusted from the point of view of the transmission network. That is, by eliminating the possibility that the transmission quality can be manipulated by the malicious user, the user access network equipment 103 can reduce the equipment cost and management burden by eliminating the burden of monitoring the user's traffic.

The transmission quality is determined in the N-chip 101 and then transmitted to the user access network equipment 103. Transmission quality related information is exchanged / processed only between the N-chip 101 and the user access network equipment 103 and is completely independent of what is defined in the transmission network. In other words, definitions of transmission quality criteria may be different. In this case, it is necessary to map transmission quality criteria in the user access network equipment 103.

As shown in FIG. 18, when the transmission quality criteria between the N-chip 101 and the user access network equipment 103 are different from the transmission quality criteria in the transmission network, the transmission quality mapping table M103 is used.

Hereinafter, the basic configuration of the prepaid access system having the additional service function according to the present invention will be described in more detail.

Fig. 19 is a detailed block diagram of the user access device 102, which is composed of software U101 and U102 related to user data transmission and control, an N-chip 101, and a wired / wireless connection port U103.

First, the user data transmission software U101 is a block for packetizing the actual user data. The user data transmission software U101 is responsible for processing beyond the Layer 3: Network Layer, or the path security allocated from the N-chip 101 for secure data. It is responsible for the encryption / decryption function using the key 206.

The user control software U102 is a block in charge of the functions for user control, and transmits the user's requirements to the recharge block N105 in the N-chip 101 or the path security key 206 transmitted from the security block. It is responsible for informing the user data transmission software U101.

N-chip 101 is the core configuration of the present invention, and is composed of a data transmission block (N101), activation block (N102), path control block (N103), security control block (N104), recharge block (N105), It is responsible for the transmission and control between the user software blocks U101 and U102 and the wired / wireless connection port U103.

The wired / wireless connection port (U103) is a part that is in charge of direct connection to the wired / wireless user access network, and its shape varies according to the type of the user access network (for example, xDLS, cable, WLAN interface, CDMA, etc.).

In this case, the N-chip 101 includes functional blocks such as a data transmission block N101, an activation block N102, a path control block N103, a security control block N104, and a recharge block N105.

First, the data transmission block N101 is a block in charge of controlling / monitoring / managing data transmitted / received between the user data transmission software U101 and the wired / wireless connection port U103. As shown in FIG. 20, the data transmission block N101 includes a traffic classification block C101, a transmission quality assignment block C105, a traffic coefficient block C103, an allowable reference value P108, and coefficient information on a transmission / reception path. P109) a traffic switching block C104 through comparison, and a connection rate limiting block C106.

The activation block N102 is responsible for controlling the state of the N-chip 101. When the current state is "Out-of-Service" according to the signal received from the hardware at initialization, the "In-Service" state through communication with the user access network equipment 103 using the built-in activation key 201. Attempt to change to. If the current state is "In-Service", no action is taken. The change from "In-Service" to "Out-of-Service" is made only at the request of the recharge block N105.

The path control block N103 is a block that controls the logical point-to-point connection D102 and transmits / manages the embedded path key 203. The transmission of the path key 203 is performed in every connection or per flow. The path control block N103 may also be used to preset an end-to-end path for which the security control block N104 desires a logical point-to-point connection D102. Through this path, the security control block N104 forms the security path S102 by using the public key 202 of the embedded destination equipment and transmits encrypted control information. This block may also be used to form a logical point-to-point connection D102 with the initial activation server 204.

The security control block N104 is responsible for establishing and releasing the security path S102. The public key 202 of the embedded destination equipment is managed by this block, and the path security key 206 determined at the time of routing is delivered to the user control software U102. The user control software U102 sends a request message to the security control block N104 whenever the path security key 206 is needed.

The recharge block N105 processes recharges online. All recharging processes are made through the secure path S102 formed by the security control block N104. The result of recharging varies slightly depending on the charging decision method. Commonly, the acceptance threshold value P108 defined in the CTC Q101 is changed according to the amount paid and the current coefficient information P109 is initialized. The recharge request is communicated to the recharge block N105 by the user control software U102. Recharging simultaneously deactivates the state of the N-chip 101 being managed in the activation block N102 to "Out-of-Service". Thus, the N-chip 101 state after recharging is the same as the N-chip 101 state when everything is first used.

21 is a detailed block diagram of the user access network equipment 103, and serves to connect the user access device 102 and a transmission network.

The user access network equipment 103 is a wired / wireless user access port U104, a transmission network access port U105, a user access interface card I101, a transmission network interface card I102, a switching fabric I103, and the above-described logical point. Path key mapping table M101 for point connection D102, forwarding table M102, and transmission quality mapping table M103 for transmission quality mapping, respectively.

Next, the secure access device 104, the transport network address assignment device L101, and the server 105 described above with reference to Figs. 3 and 14 will be described.

The secure access device 104 is a device that terminates the secure path S102 together with the user access device 102. The secure access device 104 has a function of processing the public key 202 of the destination device for forming the secure path S102 and a function of connecting the destination device 107 to which the path security key 206 is assigned.

The transport network address assignment device L101 may exist independently as a device for assigning a transport network address to the user access device 102, but may also exist together in the user access network device 103 or the secure access device 104.

Finally, server 105 is primarily concerned with embedded keys (activation key 201, public key 202 of destination equipment, path key 203) managed by N-chip 101.

This server 105 is divided into an activation server 204 and a recharge server 205.

First, the activation server 204 performs a function of authenticating the activation key 201 transmitted by the N-chip 101, and the recharge server 205 is a server for processing a recharge request, and the activation server (for each recharge) Report the result to 204).

As mentioned above, although this invention was demonstrated concretely based on the Example, this invention is not limited to such an Example, Of course, various changes are possible for those skilled in the art within the range which does not deviate from the summary.

Therefore, the present invention can bring about continuous development and improvement of competitiveness through activation of overall data transmission and service related businesses and improvement of profitability.

Specifically, the effects of the present invention can be largely described in terms of the user side, the service provider side, and the transmitter side. Those involved in the effects of the present invention can be summarized as shown in FIG. 22.

Effect on the user side : On the general user's side (B102), it offers the effect of expanding the billing options, expanding the range of services, and increasing access. For enterprise users (B105), it can be expected to secure work and increase efficiency through guaranteed end-to-end security functions.

Effects on the Service Provider / Wireless / Wireless Access Provider Side : Effects on the Service Provider B103 and Wire / Wireless Access Provider (B104) sides are summarized as follows.

(1) Total Cost of Ownership (TCO) can be reduced by simplifying user management.

(2) Return can be increased through value-added of previously invested resources.

(3) It is easy to create new business models and reduce the risk of investment through a solid return model.

(4) Increase the return on investment (ROI) by quickly deploying new services at low investment costs.

(5) It can bring business expansion to not only general users but also companies such as advertising market and security market.

Effect on the network operator side : The effect on the service provider (B103) and wired / wireless access provider (B104) side will eventually increase the network utilization rate resulting from the emergence of new service providers, resulting in increased profits of the carrier (B101). . In this virtuous loop, the transmission network operator B101 can obtain the greatest profit without using additional investment by using the already invested network resources.

The invention, which includes many relevant parties, will eventually lead to the activation and development of the online industry as a whole and ultimately to the industry-wide activation, including the offline industry.

The business interrelationships of the parties involved in the effect of the invention can be defined as a customer and a provider. As a simple example, the transmission network provider B101 may define general users B102, enterprise operators B105, wired / wireless access providers B104, service providers B103, and telecommunications resellers B106 as their customers. And you can define yourself as a provider for them. 23 is a diagram summarizing the mutual relations between them and the effects of the present invention.

Claims (12)

An additional service method of an access system that can be connected in a user access device connected to a transmission network through a wired / wireless access network, Providing a pre-paid user connection in the connection system; Dynamically setting personalized consolidated billing criteria; A third step of controlling transmission of user information in the access system based on the integrated billing; A fourth step of establishing an end-to-end secure path between the user access device and a destination requiring a secure connection in the access system; A fifth step of establishing an end-to-end virtual path between the user access device and a destination requiring a logical point-to-point connection in the access system; A sixth step of allocating a transmission quality of the user information in the access system and transferring the user information to user access network equipment; A seventh step of automatically activating the access system; And an eighth step of automatically recharging the access system online using the end-to-end secure path. The method of claim 1, Connection of the user access device and the access system is a pre-paid connection additional service method in a wired / wireless network, characterized in that implemented by wired / wireless remote connection or detachable direct connection. The method of claim 1, The third step, Estimating a single consolidated charge using an allowance threshold and a rate conversion formula according to the personalized consolidated charge calculation criteria; Controlling wired / wireless user access according to a connection switching criterion using the allowable reference value and coefficient information; And controlling the transmission of user information in the access system by combining the access switching and the rate limiting technique. The method of claim 1, The fourth step, Exchanging a path security key for end-to-end secure path establishment through mutual authentication using a public key of a destination device in which the access system is embedded; And setting up an end-to-end security path using the path security key. The method of claim 1, The fifth step, Transmitting embedded information to the user access network equipment for logical point-to-point connection in the user access device or the access system; Generating and managing a transmission table for transmitting control information and user information using the embedded information transmitted to the user access network equipment; And applying the embedded information to user authentication or service provider identification for logical point-to-point connection. The method of claim 5, wherein The transmission table generation and management step, Configuring the transmission table with a mapping table that maps embedded information to a port of the user access network equipment connected to a destination on a logical point-to-point connection; Configuring the forwarding table with a forwarding table mapped to the user access network equipment port connected to the destination on a logical point-to-point connection with the transport network address assigned to the user access device as a source address; Configuring the transmission table with a forwarding table that maps information that is lower layer than a physical port or logical point-to-point connection of the user access device to the user access network device port connected to a destination on a logical point-to-point connection. Prepaid connection additional service method in wired / wireless network. The method of claim 6, The method, Control information related to transport network address assignment of the user access device by configuring the transmission table with a mapping table that maps embedded information to the user access network device port connected to a destination on a logical point-to-point connection, the security for end-to-end secure connection Transmit relevant control information, initial control information for logical point-to-point connection, Configure the transmission table with a forwarding table that maps the transmission network address to the user access network equipment port connected to a destination on a logical point-to-point connection, using the transmission network address assigned to the user access device as a source address, or physically Wired / wireless wireless information is transmitted by configuring the transmission table with information that is lower layer than the in-port or logical point-to-point connection to a forwarding table mapped to the user access network equipment port connected to the destination on the logical point-to-point connection. Prepaid connection additional service method in network. The method of claim 6, The method, And transmits the control information by configuring the transmission table to a forwarding table that maps information that is lower layer than the physical port or logical point-to-point connection of the user access device to the user access network device port connected to a destination on a logical point-to-point connection. , Configure the transmission table with a mapping table that maps embedded information to the user access network equipment port connected to a destination on a logical point-to-point connection, or configure the transmission table using a transmission network address assigned to the user access device as a source address. And transmitting the user information by configuring the transmission table in a forwarding table that maps an address to the user access network equipment port connected to a destination on a logical point-to-point connection. The method of claim 6, The method, Configure the forwarding table with a mapping table that maps embedded information to the user access network equipment port connected to a destination on a logical point-to-point connection, or logically store information that is lower layer than the physical port or logical point-to-point connection of the user access device. And transmitting the control information and the user information by configuring the transmission table in a forwarding table mapped to the user access network equipment port connected to a destination on a point-to-point connection. The method of claim 1, The sixth step, And a transmission quality independent of the transmission quality in the transmission network using the transmission quality mapping table, between the access system and the user access network equipment. The method of claim 1, The seventh step, A prepaid access additional service method in a wired / wireless network, which is performed online using embedded information. The method of claim 1, The eighth step, It is implemented by transmitting the recharge amount, the activation information of the access system, the charging method, the billing payment methods through the access system through a secure path for transmitting end-to-end control information set by using the embedded information. Prepaid connection additional service method in a wireless network.