JP2003169085A - Volunteer network - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To limit the use of a volunteer network, which provides a 3rd party with network use using a radio LAN, by the 3rd party. <P>SOLUTION: The volunteer network, comprising a 1st network composed of a plurality of terminal devices, a 2nd network connected to the 1st network via a connection line, and a 3rd-party terminal device which can be connected to the 1st and 2nd networks and is different from the terminal devices constituting the 1st network and connecting the 3rd-party terminal device and the 2nd network together by using the connection line, is equipped with a terminal authenticating means of authenticating the 3rd-party terminal device, a terminal connecting means of maintaining the connection of only the 3rd-party terminal device authenticated by the terminal authenticating means, a communication party limiting means of limiting a communication party of the 3rd-party terminal device, and a communication traffic limiting means of limiting the communication traffic between the 3rd-party terminal device and its communication party. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a volunteer network, and more particularly to a wireless LAN (Local Area Network).
The present invention relates to a technique effectively applied to a connection method when a third party terminal device used by a third party other than the operator who operates k) is connected to the Internet via the wireless LAN.

[0002]

2. Description of the Related Art Conventionally, as a network for computer communication, there is a local area network (LAN).

The LAN is composed of, for example, a router serving as an access point and a plurality of terminal devices connected to the router. The router uses the connection line such as a telephone line or a dedicated line to connect to the Internet or the like. LA
N, WAN (Wide Area Network) and other networks.

The LAN is mainly used for companies, organizations,
It is installed in a place that has many computers (connection terminals) such as schools and factories, but in recent years, when individuals, small companies, local communities, etc., construct a LAN using multiple connection terminals. Is increasing.

In the past, a wired LAN in which connecting terminals were connected by a cable was mainly used as the LAN, but in recent years, the IEEE 802 committee established within the Institute of Electrical and Electronics Engineers (IEEE) Standardized IEEE 802.11b standard and Bl
Wireless communication technologies that do not require a wireless station license, such as short-range wireless communication interface specifications such as uetooth, are becoming widespread, and wireless LANs using the wireless communication technologies are becoming widespread.

The wireless LAN 1 constructed by the individual or regional community is composed of a plurality of terminal devices 101 and a wireless base station 102 as shown in FIG. 15, for example. It is connected to the second network 3. At this time, each of the terminal devices 10
1 and the wireless base station 102 are connected by a wireless communication means conforming to the wireless communication technology. The wireless base station 102 is generally one-to-many connection, and a plurality of terminal devices 101 can be connected to one base station.

At this time, the operator of the wireless LAN 1 has, for example, a contract with the first Internet connection operator ISP1. When connecting the terminal device 101 to the Internet, the connection line 2 is used. Then, it connects to the access point 5 installed by the first Internet connection operator ISP1 and connects to an arbitrary host computer on the Internet 3 via the access point 5.

However, when the wireless LAN 1 is constructed by an individual, a small company, or a local community, the number of the terminal devices 101 installed is smaller than the number of terminals connectable to the wireless base station 102. In some cases, a surplus occurs in the radio frequency band used by the radio base station 102.

With the spread of the Internet and the increase in the number of users, the Internet connection service is always connected,
Broadband and flat-rate and low-price charges are in progress, and a high-speed connection line such as xDSL (x Digital Subscriber Line) or optical fiber is used for the connection line 2 connecting the wireless base station 102 and the Internet 3. The cases are increasing.

However, when the wireless LAN 1 is constructed by an individual, a small-scale company, or a regional community, the capacity of the high-speed connection line 2, that is, the line capacity is used 100% when performing data communication. There is little opportunity to do so, and there is often a surplus in the line capacity.

Since the radio frequency band and the line capacity are limited resources, the surplus of the line capacity and the radio frequency band is provided to a third party other than the operator or registrant of the wireless LAN 1. Therefore, a network (volunteer network) that efficiently shares the radio frequency band and the line capacity has been proposed.

In the volunteer network, the wireless base station 102 managed by the operator of the wireless LAN 1
Also, by providing the connection line 2 to a third party, as shown in FIG. 15, the third party terminal device 4 other than the terminal device 101 constituting the wireless LAN 1 is connected to the wireless base station 1.
02, and can be connected to the Internet 3 using the wireless base station 102 and the connection line 2.

At this time, the third party who uses the third party terminal device 4 does not need to have a contract with the first Internet connection operator ISP1 with which the operator of the wireless LAN 1 has a contract. Even if the third party has a contract with the second Internet service provider ISP2, the first
If roaming is performed between the Internet connection operator ISP1 and the second Internet connection operator ISP2, the third party terminal device 4 is authenticated by an authentication server or the like installed by the roaming service operator, 1
It is possible to connect to the access server 605 of the second internet connection operator ISP2 by using the access point 5 and the network line installed by the internet connection operator ISP1. Further, at this time, the third party terminal device 4 can be connected not only to the access server 605 but also to the host computer (network terminal) 8 or the like of another Internet connection operator ISP3.

As in the volunteer network,
By providing a surplus of the wireless base station 102 and the line capacity of the wireless LAN to a third party, outside the service providing area of the second Internet connection operator ISP2 used by the third party, for example, the second 2 Even if there is no wireless base station installed by the Internet connection operator ISP2, or even if the distance to the access point installed by the second Internet connection operator ISP2 is long, the volunteer network (wireless LAN) 1 The third party terminal device 4 can be connected to the Internet 3 by utilizing it.

[0015]

However, in the above-mentioned conventional technique, when the vacant radio frequency band and the line capacity of the connection line are provided to a third party, the third party terminal device 4 cannot use the network. If the number increases, there is a problem that the use of the network using the terminal device 101 forming the volunteer network 1 may be pressured.

The cause of the increase in network use by the third party terminal device 4 is, for example, that there are a plurality of third parties who use the volunteer network 1 and the plurality of third party terminal devices 4 are connected at one time. This may be the case, or when downloading large amounts of information such as videos. At this time, since the line usage of the third party terminal device 4 with respect to the line capacity of the connection line 2 increases, there is a problem that the communication speed of the data communication by the terminal device 101 configuring the volunteer network 1 is significantly reduced. .

Further, when the number of third parties using the volunteer network 1 increases, and a plurality of third parties use the network at the same time, the radio frequency band becomes vacant, and the operator himself or other third parties. May not be able to use the network.

Further, by connecting the third party terminal device 4 to the volunteer network (wireless LAN) 1, the third party terminal device 4 is also regarded as one terminal constituting the volunteer network 1. , The operator of the volunteer network 1 intercepts or modifies the communication content of the third party, in other words,
There is also a problem that the contents of communication of the third party are likely to be leaked or tampered with.

Further, the conventional volunteer network 1
Then, it is difficult to identify the terminal device 101 and the third party terminal device 4, and it is difficult to manage the network usage time by the third party terminal device 4. In particular, as shown in FIG. 15, when the third party has a contract with the second internet connection operator ISP2, the usage status of the volunteer network 1 by the third party becomes unclear. Cheap. Therefore, the payment of the network provision fee from the second internet connection operator ISP2 to the operator of the volunteer network, or the third party, the second internet connection operator ISP2, etc. from the volunteer network operator, There was a problem that it was difficult to charge the network usage fee for the third party.

It is an object of the present invention to provide a technique capable of restricting the network use of a third party in a volunteer network for providing the network use via a wireless LAN to a third party.

Another object of the present invention is to provide a technique capable of preventing leakage or falsification of communication contents of the third party in a volunteer network for providing a third party with network use via a wireless LAN. To do.

Another object of the present invention is to provide, in a volunteer network for providing a third party with network use via a wireless LAN, a technique capable of managing the utilization status of the volunteer network by the third party. Especially.

The above and other objects and novel features of the present invention will become apparent from the description of this specification and the accompanying drawings.

[0024]

The outline of the invention disclosed in the present application is as follows. A first invention is a first network (wireless LAN) configured by a plurality of terminal devices, a second network (Internet) connected to the first network by a connection line, the first network and the second network. And a third party terminal device different from the terminal device constituting the first network and connecting the third party terminal device and the second network using the connection line. In a network, a terminal authenticating unit that authenticates the third party terminal device, a terminal connecting unit that maintains a connection only with the third party terminal device authenticated by the terminal authenticating unit, and a communication partner of the third party terminal device. Communication partner limiting means for limiting (connection destination terminal) and communication for limiting communication traffic between the third party terminal device and the communication partner. It is a volunteer network provided with a means for limiting traffic.

According to the first aspect of the present invention, by providing the terminal authenticating means and the terminal connecting means, the wireless base station and the connecting line are provided only to the third party terminal device which has been previously registered for authentication. Therefore, it is possible to prevent an increase in the number of connections of the third party terminal devices, and limit the use of the volunteer network by the third party.

Further, by providing the communication partner limiting means and limiting the communication partner of the third party terminal device, it becomes easy to grasp the utilization situation of the volunteer network by the third party terminal device, and the third party It becomes easy to prevent overuse of the volunteer network by the terminal device.

Further, by providing the communication traffic limiting means and limiting the amount of information (communication traffic) transmitted and received between the third party terminal and the communication partner, the third party can be prevented from overusing the volunteer network. Can be prevented. Therefore, it is possible to restrict the use of the volunteer network of the third party, and prevent the use of the network using the terminal device configuring the first network from being pressured.

In a second aspect of the invention, in the volunteer network of the first aspect, communication is performed between the third party terminal device and the communication partner only at two points, the third party terminal device and the communication partner. It is a volunteer network provided with secret communication means for setting a communication channel (tunnel) through which information (packets) can be taken out.

According to the second aspect of the invention, the confidential communication means is provided between the third party terminal device and the communication partner.
Information transmitted and received between the third party terminal device and the communication partner can be taken out as correct information only by the third party terminal device or the terminal of the communication partner. Therefore, information transmitted and received between the third party terminal device and the communication partner is transmitted to the first network (wireless LA).
It will not be intercepted or altered by the operator of N).
That is, it is possible to prevent the information transmitted and received between the third party terminal device and the communication partner from being leaked or tampered with, and to enhance the confidentiality and security of the information transmitted and received.

A third invention is the volunteer network of the first invention or the second invention, wherein the communication partner limiting means is the destination of the transmission information transmitted first from the third party terminal device. The IP address storage means for storing the IP address of the third party terminal device, the destination IP address of the information transmitted by the third party terminal device, or the source IP address of the information transmitted to the third party terminal device. The volunteer network has an information selecting unit that collates the IP address stored in the address storing unit and deletes the information when the IP address is different.

According to the third aspect, the IP address of the transmission destination of the information transmitted first from the third party terminal is stored, and the IP address is transmitted to an address different from the device (terminal), and By rejecting the reception of information from a different address, it is possible to easily limit the communication partner of the third party terminal device.

In a fourth aspect of the invention, in the volunteer network of the second aspect, there is provided tunnel communication means for enabling communication between a network terminal other than the communication partner and the third party terminal device via the communication partner. It is a volunteer network to prepare.

According to the fourth aspect of the invention, by providing the tunnel communication means, even if the communication partner is restricted by the communication partner limiting means, it is possible to connect to any network terminal via the communication partner. it can.

A fifth invention is the volunteer network of the fourth invention, wherein the tunnel communication means is
It is a volunteer network having information multiplexing means for multiplexing information transmitted / received between the network terminal and information transmitted / received between the third party terminal device and the communication partner.

According to the fifth aspect of the invention, the information transmitted and received between the third party terminal device and the communication partner is multiplexed with the information transmitted and received between the network terminal and the communication partner. The third party terminal device and the network terminal can be connected via the above.

A sixth invention is the volunteer network according to any one of the second invention to the fifth invention, wherein the time for establishing the communication channel between the third party terminal device and the communication partner, Alternatively, the volunteer network includes a fee calculation means for calculating a fee according to the transfer amount of communication information.

According to the sixth aspect of the present invention, it is possible to calculate the fee depending on the time when the communication channel is established between the third party terminal device and the communication partner or the transfer amount of communication information. Therefore, for example, even if the internet connection operator contracted by the third party is different from the internet connection operator contracted by the operator of the volunteer network, the usage status of the volunteer network by the third party is It becomes clear, and it becomes easy for the business operator to pay the volunteer network providing fee to the operator of the first network (wireless LAN).

Hereinafter, the present invention will be described in detail with reference to the drawings together with the embodiments (examples). In all the drawings for explaining the embodiments, those having the same function are designated by the same reference numerals, and the repeated description thereof will be omitted.

[0039]

BEST MODE FOR CARRYING OUT THE INVENTION (Embodiment 1) FIG. 1 is a schematic diagram showing a schematic configuration of a network of Embodiment 1 according to the present invention. In FIG. 1, 1 is a first network (volunteer network), 101 is a terminal device, 102 is a wireless base station, 102A is a wireless communication means, 102B is a communication partner limiting means, 102C is a communication traffic limiting means, and 103 is a first IP address. Allocation means (first DHCP server), 2
Is a connection line, 3 is a second network (Internet), 4 is a third party terminal device, 5 is an access point, 6
01 is an access server (tunnel server), 602 is a second IP address assigning means (second DHCP server), 7 is an authentication server, 8 is another network terminal, ISP1 is a first internet connection operator, and ISP2 is a second internet connection business. , IPS3 is a third Internet connection operator, and RSP is a roaming service operator.

As shown in FIG. 1, the network of the first embodiment is connected to a first network 1 composed of a plurality of terminal devices 101 and radio base stations 102, and to the first network 1 by a connection line 2. A second network (hereinafter referred to as the Internet) 3, and the wireless base station 102 and the Internet 3,
In addition, it is composed of a third party terminal device 4 different from the terminal device 101 constituting the wireless LAN 1.

In addition, in the network of the first embodiment, the operator of the first network 1 has a contract with the first internet connection operator ISP1, and the connection line 2
Is connected to the first access point 5 installed by the first internet connection operator ISP1. At this time, the connection line 2 is, for example, xDSL,
Alternatively, it is assumed to be a high-speed communication line such as an optical fiber.

In addition, as shown in FIG. 1, the wireless communication means 10 is connected to the wireless base station 102 of the first network 1.
2A is provided, and between the terminal device 101 and
For example, they are connected by wireless communication according to a wireless communication standard such as IEEE 802.11b standard or Bluetooth standard. Further, the wireless base station 102 is provided with a partner limiting means 102B and a communication traffic limiting means 102C.

Further, a first IP address assigning means 103 is connected to the wireless communication means 102A. The first IP address assigning means 1 is, for example, a DHCP server, and is means for dynamically assigning an IP address to the terminal device when the terminal device is connected to the wireless communication means 102A. is there.

In the network of the first embodiment, the first network 1 is operated by, for example, an individual, a small company, or a regional community, and the radio frequency band of the radio base station 102 is vacant. There is. Therefore, the operator of the first network 1 provides the third party with the vacant radio frequency band and the surplus of the connection line 2, and uses the radio base station 102 and the connection line 2. The first network 1
It is assumed that a third party terminal device 4 other than the terminal device 101 constituting the above can be connected to the Internet 3. Hereinafter, the first network 1 will be referred to as a volunteer network.

The user (third party) of the third party terminal device 4 is the first Internet connection operator ISP1.
The second third party terminal device 4 has a contract with a second internet connection provider ISP2 different from the access server 6 installed by the second internet connection provider ISP2.
By connecting to 01, it is possible to connect to the Internet 3. At this time, when the access server 601 connects the third party terminal device 4, the access server 601 sets, for example, tunneling conforming to the IPsec ESP standard between the access server 601 and the third party terminal device 4. It is assumed that the server (tunnel server) has a function to perform. In addition, the access server 60
1 includes a second IP address assigning means (DHCP server)
602 is connected.

The third party terminal device 4 is assumed to be capable of wireless communication with the wireless communication means 102A of the volunteer network 1, and is outside the service area of the second internet connection operator ISP2, for example, the second internet. In a place where there is no wireless base station provided by the connection operator ISP2 or a place where the distance to the access server 601 is long, the wireless communication means 102A of the volunteer network 1 and the connection line 2 are used to connect to the access server 601. Shall be able to.

The access point 5 is connected to a terminal authentication means (authentication server) 7 as shown in FIG. The terminal authentication unit 7 stores data for authenticating the third party terminal device 4 when the third party terminal device 4 connects to the Internet 3 using the volunteer network 1. In addition, the terminal authentication means 7 is, for example, the first Internet connection operator ISP1 and the second Internet connection operator IS.
The roaming service provider RSP, which mediates the connection between P2s, is installed.

In addition to the first Internet connection operator ISP1 and the second Internet connection operator ISP2, the Internet 3 includes LANs and WAs of the third Internet connection operator ISP3, universities, companies, etc.
An operator such as N provides a host computer (network terminal) 8 and the like, and these network terminals 8 are connected by network lines.

2 to 8 are schematic diagrams for explaining the method of using the volunteer network according to the first embodiment, and FIG. 2 is a diagram for connecting the third party terminal device to an arbitrary host computer on the Internet. FIG. 3 is a block diagram of a step of authenticating a third party terminal device, FIG. 4 is a block diagram of a step of assigning a first IP address to the third party terminal device, and FIG. 6 and 7 are block diagrams of a step of connecting an access server (tunnel server), FIG. 6 and FIG. 7 are block diagrams of a step of assigning a second IP address, and FIG. It is a block diagram of a step.

Volunteer network 1 of the first embodiment
To connect the third party terminal device 4 to the Internet 3
Any host computer (network terminal) above 8
To connect to the third party terminal device 4, the third party terminal device 4 is authenticated to establish a connection between the third party terminal device 4 and the wireless communication means 102A, as shown in FIG. A step S2 of assigning a first IP address to the person terminal device 4, and a step S3 of connecting the third party terminal device 4 and the access server (tunnel server) 601.
Step S4 of assigning a second IP address to the third party terminal device 4 and step S5 of connecting the third party terminal device 4 and the network terminal 8 are required.

Hereinafter, the first embodiment will be described with reference to FIGS.
I will explain how to use the volunteer network. The user of the third party terminal device 4 has a contract with the roaming service provider RSP in advance, and the device information of the third party terminal device 4 is stored in the authentication server 7. To do.

First, in step S1 of authenticating the third party terminal device 4, as shown in FIG. 3, the third party terminal device 4 is moved into the service providing area of the wireless LAN 1 and the wireless communication means is operated. 102A, the communication with the third party terminal device 4 is started and the wireless communication means 1 is started.
Send to 02A.

At this time, the wireless communication means 102A cooperates with the authentication server 7, and the third party terminal device 4
The third party terminal device 4 is authenticated by referring to the terminal data transmitted from the server and the information stored in the authentication server 7. Then, when the authentication of the third party terminal device 4 is successful, the third party terminal device 4 and the wireless communication means 102.
A data link is established with A, and a connection is established between the third party terminal device 4 and the wireless communication means 102A.

At this time, the third party terminal device 4 and the wireless communication means 102A communicate with each other in accordance with, for example, the IEEE802.11b standard, and the authentication server 7 receives the wireless communication means 102A via the wireless communication means 102A. The third party terminal device 4 is authenticated according to the IEEE802.1x standard.

Next, in the step S2 of allocating the first IP address, as shown in FIG. 4, the third party terminal device 4 transmits the first IP address via the wireless communication means 102A.
When data (packet) requesting an IP address is transmitted to the IP address assigning means (DHCP server) 103, information on an unused address IP1 among the IP addresses set in the first DHCP server 103 is described above. It is paid out to the third party terminal device 4. When this information is received by the third party terminal device 4, the first IP address IP1 is assigned to the third party terminal device 4 and the connection to the network becomes possible.

Next, in step S3 of connecting the third party terminal device 4 and the access server 601 installed by the second internet connection operator ISP2, as shown in FIG. Using the preset information of the tunnel server 601, data (packet) requesting a connection to the tunnel server 601 is transmitted to connect the third party terminal device 4 and the tunnel server 601. At this time, since the tunnel server 601 is provided with a tunneling function, the third party terminal device 4 and the tunnel server 601 are provided.
Data (packets) transmitted and received between the third party terminal device 4 and the tunnel server 60 are encapsulated.
Only 1 can be taken out as correct information.

That is, since the third party terminal device 4 and the tunnel server 601 are tunneled, the operator of the volunteer network 1 or the like intercepts or modifies the communication content of the third party terminal device 4. I can't do it. Conversely speaking, it is possible to prevent the contents of communication at the third party terminal device 4 from being leaked or tampered with by the user of the volunteer network 1.

At this time, the communication partner limiting means 102B provided in the radio base station 102 extracts the IP address of the partner from the data (packet) first transmitted from the third party terminal device 4. ,Remember. Example 1
In this case, since the destination IP address of the data (packet) first transmitted by the third party terminal device 4 is the address IP2 of the tunnel server 601, the communication partner limiting means 102 includes the tunnel. The IP address IP2 of the server 601 is stored.

The communication partner limiting means 102B is then transmitted from the third party terminal device 4 (packet).
Is monitored, and the packet is transmitted only when the destination IP address of the transmitted packet matches the IP address IP2 of the tunnel server 601. As for the packet sent to the third party terminal device 4, the source IP address is the IP of the tunnel server 601.
It is passed only when it matches the address IP2. That is, data can be transmitted / received only when the IP address of the destination or the source matches the IP address IP2 of the tunnel server 601, and therefore, the first embodiment.
In this case, the connection destination to which the third party terminal device 4 can be directly connected is limited to only the tunnel server 601.

The IP address stored in the communication partner limiting means 102B is used when the third party terminal device 4 opens the data link with the wireless communication means 102A, that is, when the communication is disconnected. Erased.

In this way, the communication partner limiting means 102
By providing B and limiting the communication partner of the third party terminal device 4, it becomes easy to grasp the usage situation of the volunteer network by the third party terminal device 4. Moreover, since it is easy to understand the usage status of the third party terminal device 4, it becomes easy to prevent the overuse of the network by the third party terminal device 4.

However, the partner limiting means 102
By providing B, the third party terminal device 4 can only send and receive packets to and from the tunnel server 601, and cannot connect to another network terminal 8.

Therefore, for example, in step S4 of acquiring the second IP address, first, as shown in FIG. 6, the second DHCP server 602 is added to the packet P1 transmitted from the third party terminal device 4 to the tunnel server 601. Packet P2 for requesting an IP address is multiplexed and transmitted. At this time, the destination address of the packet P2 requesting the IP address is the second DHCP server 6
The IP address IP3 is 02, but the packet P2 requesting the IP address is superposed on the packet P1 transmitted to the tunnel server 601, so that the tunnel server 601 passes through the communication partner limiting means 102B. Packet P1 to be transmitted to. That is, since the destination address of the packet P2 requesting the IP address is the IP address IP2 of the tunnel server 601, it can pass through the communication partner limiting means 102B.

The tunnel server 601 having received the packet from the third party terminal device 4 extracts and reads the packet P2 requesting the IP address from the received packet, and transmits the packet P2 to the second DHCP server 602.

Packet P2 requesting the IP address
The second DHCP server 602 which has received the message, as shown in FIG. 7, issues an unused address from the set IP addresses as the second IP address IP4 of the third party terminal device 4.

At this time, the second DHCP server 602
Therefore, if the packet P3 notifying the second IP address IP4 is directly transmitted to the third party terminal device 4, it cannot pass through the communication partner limiting means 102B. Therefore, in the tunnel server 601, the tunnel server 601 transfers the packet The packet P4 to be transmitted to the three-way terminal device 4 is superimposed and transmitted to the third party terminal device 4 as a packet from the tunnel server 601 so that the communication partner limiting means 102B can be passed.

After being received as a packet from the tunnel server 601, the third party terminal device 4 extracts and sets the packet P3 for notifying the second IP address IP4.

Second from the second DHCP server 602
After obtaining the IP address IP4, the third party terminal device 4 is connected to another network terminal 8 in step S.
5, when transmitting a packet from the third party terminal device 4 to the network terminal 8, as shown in FIG.
In the packet P1 having the destination address of the IP address IP2 of the tunnel server 601, the second IP address I
Transmission packet P5 from P4 to another network terminal 8
Is superimposed and transmitted.

At this time, the packet transmitted from the third party terminal device 4 is regarded as the packet P1 transmitted to the tunnel server 601, passes through the communication partner limiting means 102B, and is transmitted to the tunnel server 601. Sent. The tunnel server 601 extracts the transmission packet P5 to the network terminal 8 from the transmitted packets and transmits it to the network terminal 8 having the designated IP address IP5.

The packet P6 sent from the network terminal 8 having the IP address IP5 is superimposed on the packet P4 transmitted from the tunnel server 601 to the third party terminal device 4 by the tunnel server 601. , Passing through the communication partner limiting means 102B,
The third party terminal device 4 can receive the data.

When connecting to a network terminal other than the network terminal 8 having the IP address IP5,
Similarly, when a packet is transmitted, it is superimposed on the packet P1 addressed to the tunnel server 601, and when it is received, it is superimposed on the tunnel server 601 to connect to an arbitrary host computer on the Internet 3. can do.

At this time, the communication traffic limiting means 102C provided in the radio base station 102
If the IP packet that exceeds a certain threshold is transmitted / received, if the packet is set to be discarded, the network use by the third party terminal device 4 can be restricted, and the volunteer network 1
It is possible to prevent the pressure on the network use in the terminal device 101 that configures the.

As described above, according to the volunteer network of the first embodiment, it is possible to prevent overuse of the volunteer network by the third party terminal device 4 by limiting the communication partner and the communication traffic. You can Therefore, it is possible to prevent the use of the network by the terminal device 101 configuring the volunteer network (wireless LAN) 1 from being squeezed.

By connecting the third party terminal device 4 to the tunnel server 601, packets sent and received between the third party terminal device 4 and the tunnel server 601 can be sent to the operator of the volunteer network. It is possible to prevent interception or modification.

In addition, in the packet which acquires the second IP address from the second DHCP server 602 and is transmitted and received between the third party terminal device 4 and the tunnel server 601,
By multiplexing packets to be transmitted / received to / from other network terminals 8, connection with network terminals 8 other than the tunnel server becomes possible via the tunnel server 601.

FIG. 9 is a schematic block diagram showing a modification of the network of the first embodiment. In the network of the first embodiment, for example, as shown in FIG. 9, by providing the fee calculation means 603 between the tunnel server 601 and the access point 5, the third party terminal device 4 and the tunnel server 601. The time when tunneling is established between the two and the packet transfer amount becomes clear, and the utilization status of the volunteer network 1 by the third party terminal device 4 becomes clear. Therefore, it becomes easy to pay or charge the provision fee of the volunteer network 1. At this time, the provision fee of the volunteer network 1 may be paid by the second Internet connection operator ISP2 or the roaming service operator RSP.

In the first embodiment, as the first network 1, a wireless LAN operated by an individual, a small company, or a local community has been described as an example. However, the first network 1 is not limited to this. The network 1 may be a network service installed by the first internet connection operator ISP1.

(Second Embodiment) FIG. 10 is a schematic block diagram showing a schematic configuration of a volunteer network according to a second embodiment of the present invention. In FIG. 10, reference numeral 604 is a home agent.

The network of the second embodiment is similar to the network described in the first embodiment, and includes the first network 1, the second network 3 connected to the first network by the connection line 2, and the first network. Since the network 1 and the second network 3 are connectable to each other and the third terminal device 4 is different from the terminal device forming the first network, detailed description thereof will be omitted.

The first network 1 is a volunteer network similar to the first embodiment, which provides a surplus of the wireless base station 102 and the connection line 2 to a third party.

The network of the second embodiment is different from the network of the first embodiment in that the first address allocating means 103 and the second address allocating means 6 are different.
02 is not provided. Further, the home agent 6 installed by the second Internet connection operator ISP2.
Reference numeral 04 denotes a server having an agent function conforming to the Mobile IPv6 (Internet Protocol version 6) standard in addition to the tunneling function described in the first embodiment.

The third party terminal device 4 has a function of generating a link local address according to the IPv6 standard. In addition, the third party terminal device 4 is assumed to have the second IP address IP4 described in the first embodiment.

11 to 14 are schematic diagrams for explaining the method of using the volunteer network according to the second embodiment. FIG. 11 is a step of connecting the third party terminal device to an arbitrary host computer on the Internet. FIG. 12, FIG. 12 is a block diagram of a step of authenticating a third party terminal device, FIG. 13 is a block diagram of a step of connecting a third party terminal device and a home agent, and FIG. 14 is a connection with another network terminal. It is a block diagram of a step.

Volunteer network 1 of the second embodiment
To connect the third party terminal device 4 to the Internet 3
Any host computer (network terminal) above 8
11, to authenticate the third party terminal device 4 and establish a connection between the third party terminal device 4 and the wireless communication means 102A, as shown in FIG. Step S6 of generating a local address in the terminal device 4, step S7 of connecting the third party terminal device 4 and the home agent 604, and step S of connecting the third party terminal device 4 and the network terminal 8.
5 is required.

A method of using the volunteer network according to the second embodiment will be described below with reference to FIGS. 12 to 14, but detailed description of the steps described in the first embodiment will be omitted. The user of the third party terminal device 4 has a contract with the roaming service provider RSP in advance, and the device information of the third party terminal device 4 is stored in the authentication server 7. To do.

First, in step S1 of authenticating the third party terminal device 4, as shown in FIG. 12, the third party terminal device 4 is moved into the service providing area of the wireless LAN 1 and the wireless communication means is operated. Start communication with 102A,
The terminal data of the third party terminal device 4 is transmitted to the wireless communication means 102A, and the information stored in the authentication server 7 linked with the wireless communication means 102A is referred to,
The third party terminal device 4 is authenticated. Then, when the authentication of the third party terminal device 4 is successful, a data link is set up between the third party terminal device 4 and the wireless communication means 102A, and the third party terminal device 4 and the wireless communication means. 1
The connection with 02A is established.

At this time, the third party terminal device 4 and the wireless communication means 102A communicate with each other in accordance with, for example, the IEEE802.11b standard, and the authentication server 7 receives the wireless communication means 102A via the wireless communication means 102A. The third party terminal device 4 is authenticated according to the IEEE802.1x standard.

Next, although not shown, in step S6 for generating a local address, when the third party terminal device 4 is authenticated and a connection is established, the third party terminal device 4 conforms to the IPv6 standard. Link local address LA
To generate. The link local address LA is an arbitrary address generated on the third party terminal device 4,
The address is valid only with a predetermined communication terminal, in the case of the second embodiment, the home agent 604.

Next, in step S7 of connecting the third party terminal device 4 and the home agent 604 installed by the second internet connection operator ISP2, as shown in FIG. Using the generated link local address LA, data (packet) requesting a connection to the home agent 604 is transmitted according to the mobile IPv6 standard, and the third party terminal device 4 and the home agent 604 are connected. At this time, since the home agent 604 has a tunneling function, the data (packet) transmitted and received between the third party terminal device 4 and the home agent 604 is encapsulated and Only the terminal device 4 and the home agent 604 can retrieve the correct information.

That is, since the third party terminal device 4 and the home agent 604 are tunneled, the operator of the volunteer network 1 or the like intercepts or modifies the communication content of the third party terminal device 4. I can't do it. Conversely speaking, it is possible to prevent the contents of communication at the third party terminal device 4 from being leaked or tampered with by the user of the volunteer network 1.

At this time, the communication partner limiting means 102B provided in the radio base station 102 extracts the IP address of the partner from the data (packet) first transmitted from the third party terminal device 4. ,Remember. Example 1
In this case, since the destination IP address of the data (packet) first transmitted by the third party terminal device 4 is the IP address IP6 of the home agent 604,
The IP address IP6 of the home agent 604 is stored in the communication partner limiting means 102.

The communication partner limiting means 102B is then transmitted from the third party terminal device 4 (packet).
And the data can be transmitted and received only when the IP address of the transmission destination or the transmission source when the third party terminal device 4 performs data communication matches the IP address IP6 of the home agent 604. Therefore, the connection destination to which the third party terminal device 4 can be directly connected is limited to only the home agent 604.

The IP address stored in the communication partner limiting means 102B is used when the third party terminal device 4 opens the data link with the wireless communication means 102A, that is, when the communication is disconnected. Erased.

As described above, the communication partner limiting means 102
By providing B and limiting the communication partner of the third party terminal device 4, it becomes easy to grasp the usage situation of the volunteer network by the third party terminal device 4. Moreover, since it is easy to understand the usage status of the third party terminal device 4, it becomes easy to prevent the overuse of the network by the third party terminal device 4.

After connecting the third party terminal device 4 and the home agent 604,
In step S5 for connecting the other network terminal 8 to
When a packet is transmitted from the third party terminal device 4 to the network terminal 8, as shown in FIG. 14, the destination address is the IP address I of the home agent.
The transmission packet P5 from the second IP address IP4 preset in the third party terminal device 4 to the other network terminal 8 is superimposed on the packet P7 which is P6 and transmitted.

At this time, the packet transmitted from the third party terminal device 4 is regarded as the packet P7 transmitted to the home agent 604, passes through the communication partner limiting means 102B, and the home agent 604.
Sent to. The tunnel server 601 extracts the transmission packet P5 to the network terminal 8 from the transmitted packets and transmits it to the network terminal 8 having the designated IP address IP5.

The packet P6 sent from the network terminal 8 having the IP address IP5 is sent to the home agent 604 by the home agent 604.
4 is superimposed on the packet P8 transmitted to the third party terminal device 4, the destination IP address is regarded as the packet of the IP address IP6 of the home agent 604, passes through the communication partner limiting means 102B, and The third party terminal device 4 can receive the data.

When connecting to a network terminal other than the network terminal 8 having the IP address IP5,
Similarly, when a packet is transmitted, it is superposed on the packet P7 addressed to the home agent 604, and when it is received, it is superposed by the home agent 604 to connect to an arbitrary host computer on the Internet 3. can do.

At this time, the communication traffic limiting means 102C provided in the radio base station 102
If the IP packet that exceeds a certain threshold is transmitted / received, if the packet is set to be discarded, the network use by the third party terminal device 4 can be restricted, and the volunteer network 1 It is possible to prevent the pressure on the network use in the terminal device 101 that configures the.

As described above, according to the volunteer network of the second embodiment, it is possible to prevent the third party terminal device 4 from excessively using the volunteer network by limiting the communication partner and the communication traffic. You can Therefore, it is possible to prevent the use of the network by the terminal device 101 configuring the volunteer network 1 from being pressed.

By connecting the third party terminal device 4 to the home agent 604, a packet transmitted / received between the third party terminal device 4 and the home agent 604 can be transmitted by the operator of the volunteer network. It can be prevented from being intercepted or modified by.

Also, by multiplexing the packet transmitted / received between the third party terminal device 4 and the home agent 604 with the packet transmitted / received between the other network terminals 8, the packet is transmitted via the home agent 604. Thus, connection with the network terminal 8 other than the home agent 604 is possible.

By connecting to a server having an agent function like the home agent 604, a given work (command) is automatically performed on behalf of a third party who uses the third party terminal device 4. Therefore, it is possible to connect to the home agent 604 and set the work while avoiding the busy hours of the volunteer network 1. Therefore, it is possible to prevent overuse of the volunteer network 1.

Also in the network of the second embodiment, as described in the first embodiment, by providing the fee calculation means 603 between the home agent 604 and the access point 5, the third party terminal The time during which tunneling is established between the device 4 and the tunnel server 601 or the packet transfer amount becomes clear, and the usage status of the volunteer network 1 by the third party terminal device 4 becomes clear. Therefore, it becomes easy to pay or charge the provision fee of the volunteer network 1. At this time, the provision fee of the volunteer network 1 may be paid by the second Internet connection operator ISP2 or the roaming service operator RSP.

In the first embodiment, as the first network 1, a wireless LAN operated by an individual or a small company or a regional community has been described as an example. However, the first network 1 is not limited to this. The network 1 may be a network service installed by the first internet connection operator ISP1.

Although the present invention has been specifically described based on the above embodiment, the present invention is not limited to the above embodiment, and various modifications can be made without departing from the scope of the invention. Of course.

[0107]

The effects obtained by the invention disclosed in the present application are as follows. (1) In a volunteer network that provides a third party with network use via a wireless LAN, the third party's network use can be restricted.

(2) In a volunteer network that provides a third party with network use via a wireless LAN, it is possible to prevent leakage or alteration of the communication content of the third party.

(3) In a volunteer network that provides a third party with network use via a wireless LAN, it is possible to manage the use status of the volunteer network by the third party.

[Brief description of drawings]

FIG. 1 is a schematic diagram showing a schematic configuration of a network according to a first embodiment of the present invention.

FIG. 2 is a schematic diagram for explaining a method of using the volunteer network according to the first embodiment, and is a flow chart of steps until a third party terminal device is connected to an arbitrary host computer on the Internet.

FIG. 3 is a schematic diagram for explaining a method of using the volunteer network according to the first embodiment, and is a block diagram of steps for recognizing a third party terminal device.

FIG. 4 is a schematic diagram for explaining a method of using the volunteer network according to the first embodiment, and is a block diagram of a step of acquiring a first IP address.

FIG. 5 is a schematic diagram for explaining a method of using the volunteer network according to the first embodiment, and is a block diagram of steps for connecting a third party terminal device and a tunnel server.

FIG. 6 is a schematic diagram for explaining a method of using the volunteer network according to the first embodiment, and is a block diagram of a step of acquiring a second IP address.

FIG. 7 is a schematic diagram for explaining a method of using the volunteer network according to the first embodiment, and is a block diagram of a step of acquiring a second IP address.

FIG. 8 is a schematic diagram for explaining a method of using the volunteer network according to the first embodiment, and is a block diagram of steps for connecting a third party terminal device to an arbitrary host computer on the Internet.

FIG. 9 is a schematic block diagram showing a modified example of the network according to the first embodiment.

FIG. 10 is a schematic diagram showing a schematic configuration of a network according to a second embodiment of the present invention.

FIG. 11 is a schematic diagram for explaining a method of using the volunteer network according to the second embodiment, and is a flow chart of steps until the third party terminal device is connected to an arbitrary host computer on the Internet.

FIG. 12 is a schematic diagram for explaining a method of using the volunteer network according to the second embodiment, and is a block diagram of steps for recognizing a third party terminal device.

FIG. 13 is a schematic diagram for explaining a method of using the volunteer network according to the second embodiment, and is a block diagram of steps for connecting a third-party terminal device and a home agent.

FIG. 14 is a schematic diagram for explaining a method of using the volunteer network according to the second embodiment, and is a block diagram of steps for connecting a third party terminal device to an arbitrary host computer on the Internet.

FIG. 15 is a schematic block diagram showing a schematic configuration of a conventional volunteer network.

[Explanation of symbols]

1 ... First network (volunteer network),
101 ... Terminal device, 102 ... Wireless base station, 102A ... Wireless communication means, 102B ... Communication partner limiting means, 102C ...
Traffic limiting means, 103 ... First IP address assigning means, 2 ... Connection line, 3 ... Second network (Internet), 4 ... Third party terminal device, 5 ... Access point,
601 ... Access server (tunnel server), 602 ...
Second IP address assigning means, 603 ... Fee calculating means,
Reference numeral 604 ... Home agent, 605 ... Access point, 7 ... Authentication server, 8 ... Host computer (network terminal), ISP1 ... First Internet connection operator, ISP2 ... Second Internet connection operator, ISP
3 ... Third Internet connection operator, RSP ... Roaming service operator.

   ─────────────────────────────────────────────────── ─── Continued front page    (72) Inventor Katsuyuki Kawase             2-3-1, Otemachi, Chiyoda-ku, Tokyo             Inside Telegraph and Telephone Corporation (72) Inventor Nozuna Kikuchi             2-3-1, Otemachi, Chiyoda-ku, Tokyo             Inside Telegraph and Telephone Corporation F-term (reference) 5K030 GA11 HC01 HD01 HD06 JL01                       JT09 LB13 LC09 LD19 MD06                 5K033 CB01 CB06 CB08 DA05 DA17                       DB16 EC02 EC03

Claims (6)

[Claims] 1. A first network composed of a plurality of terminal devices, a second network connected to the first network by a connection line, connectable to the first network and the second network, and In a volunteer network, which comprises a third-party terminal device different from the terminal device configuring the first network, and connects the third-party terminal device and the second network using the connection line, the third-party terminal Only a terminal authenticating unit that authenticates the device and a third party terminal device authenticated by the terminal authenticating unit limit the terminal connecting unit that maintains the connection and the communication partner (connection destination terminal) of the third party terminal device. A communication partner limiting unit; and a communication traffic limiting unit that limits communication traffic between the third party terminal device and the communication partner. Volunteer network characterized by. 2. The volunteer network according to claim 1, wherein communication information is extracted only between the third party terminal device and the communication partner by two points, the third party terminal device and the communication partner. A volunteer network characterized by comprising secret communication means for setting a communication channel capable of communication. 3. The volunteer network according to claim 1 or 2, wherein the communication partner limiting means stores an IP address of a transmission destination of transmission information which is first transmitted from the third party terminal device. IP address storage means and destination I of information transmitted by the third party terminal device
The P address or the source IP address of the information transmitted to the third party terminal device is collated with the IP address stored in the IP address storage means, and if the IP address is different, the information is deleted. A volunteer network, comprising: 4. The volunteer network according to claim 2, further comprising a tunnel communication unit that enables communication between a network terminal other than the communication partner and the third party terminal device via the communication partner. Volunteer network. 5. The volunteer network according to claim 4, wherein the tunnel communication unit adds information to be transmitted and received between the third party terminal device and the communication partner to information to be transmitted and received between the network terminal. A volunteer network comprising information multiplexing means for multiplexing. 6. The volunteer network according to claim 2, wherein the communication channel between the terminal device and the communication partner is established, or the amount of communication information transferred. A volunteer network comprising a fee calculation means for calculating a fee according to the above.