KR100360820B1 - Computer Program and Method for Authorizing Network Access - Google Patents

Abstract

Network access control program installed and executed on a normal data terminal that does not have a separate mechanism for payment, and allows a third party other than the terminal owner to access the open network through payment of the fee, and the data on which the program is installed. It provides a network access authorization method that allows users to pay for the terminal and access the open network.

The network access control program is loaded into a data terminal that can be connected to an open network and executed, and allows a user to use network services based on payment by electronic payment. In one aspect, the program comprises blocking means and safety check means. The blocking means allows the data terminal to access the open network when the user inputs the authentication key given through the electronic payment while the data terminal blocks the connection to the open network. The safety check means prevents the user from deactivating the blocking means without using the authentication key.

Description

Network Access Control Program and Network Access Authorization {Computer Program and Method for Authorizing Network Access}

The present invention relates to a computer program and a network connection approval method, and more particularly, a computer program that allows a client terminal to selectively connect to an open network such as, for example, the Internet, and a client terminal to selectively connect to the open network. It is about how to grant access.

As computer and internet users gradually diversify, and the demand for services continues to spread, businesses that provide computing power or Internet-use services to the general public, such as game rooms and PC rooms, have emerged. However, since game rooms and PC rooms usually charge a fee of 30 minutes to 1 hour, users who simply send or receive e-mail or use the Internet for a short time for other purposes pay excessive fees compared to the actual time spent. There are many cases. In addition, since the location of the game room and the PC room is ubiquitous, a user who suddenly needs to use the Internet has a problem of having to navigate the game room or the PC room or move a long distance.

In this regard, in recent years, there has also been emerged a so-called "public computer" for providing Internet access to the public at hand. Public PCs are installed in businesses such as coffee shops, cafes, billiards, hairdressers or convenience stores, allowing business users to use the Internet for a short time. Most public PCs are operated for a fee. In the conventional paid public PCs, almost all are paid by coins and some are paid by prepaid cards in the form of IC cards. An example of a public PC operating by coin is described in Korean Utility Model Publication No. 20-208952.

As such, a public PC operated by a coin or an IC card requires a mechanism for processing coins or reading an IC card in addition to the basic hardware for performing computer functions. Therefore, the structure is complicated and expensive. Accordingly, there is a problem that the burden of karma owners who want to install this is large. In particular, the owner or employee of a farm where a coin-type public PC is installed has the inconvenience of having to meet the customer's coin exchange requirements while securing and maintaining a considerable amount of coins.

The present invention is to solve this problem, it is installed and executed in a conventional data terminal that does not have a separate mechanism for payment, so that a third party other than the terminal owner can access the open network through payment. The technical problem is to provide a network access control program.

Another object of the present invention is to provide a network access approval method that allows the data terminal to access the open network only when the data terminal user pays a fee.

1 is a view showing an example of a network environment in which the present invention is implemented.

FIG. 2 shows program modules and a database loaded on and executed by the authentication server shown in FIG.

3 is a block diagram of a connection control program installed and executed in a client computer in the embodiment of FIG.

4 is a view for explaining an embodiment of the monitoring and blocking module shown in Figure 3 in more detail.

5A and 5B are flowcharts illustrating an operation process of an access control program according to an embodiment of the present invention.

6 is a flowchart illustrating a connection / blocking determination process performed by the charging check module.

7 is a flow chart showing one embodiment of an authentication method performed by an authentication server.

8A and 8B are flowcharts illustrating an operation of an access control program according to another embodiment of the present invention.

9 is a flowchart showing another embodiment of an authentication method performed by the authentication server.

10 is a view showing another example of a network environment in which the present invention is implemented.

FIG. 11 is a flow chart showing an internet access approval process performed by the gateway server shown in FIG. 10. FIG.

12 is a flowchart showing a payment processing process in FIG. 11 in more detail.

The network access control program for achieving the above technical problem is loaded on a data terminal that can be connected to an open network and executed, and enables a user to use a network service based on a payment by an electronic payment.

In one aspect of the program according to the invention, the program comprises blocking means and safety check means. The blocking means allows the data terminal to access the open network when the user inputs the authentication key given through the electronic payment while the data terminal blocks the connection to the open network. The safety check means prevents the user from deactivating the blocking means without using the authentication key.

In a preferred embodiment, the blocking means allows the data terminal to access an open network when the user enters an authentication key granted through electronic payment. The program further includes expiration date storage means for storing the expiration date of the authentication key in predetermined storage means provided in the data terminal. In such a case, the blocking means allows the data terminal to access the open network if the user enters an authentication key granted through electronic payment and the valid period has not elapsed.

In a preferred embodiment, the blocking means may include a monitoring and blocking unit and the determination unit. The monitoring and blocking unit detects data transmitted and received through the open network and allows the data terminal to connect to the open network in response to a predetermined control signal. The determination unit determines whether the authentication key is input and whether the valid period has elapsed, and a control signal for allowing the data terminal to access the open network when the authentication key is input and the valid period has not elapsed. Outputs

The program may comprise user interface means. The user interface means receives the personal information for the electronic payment and the desired time of use data from the user, requests the external authentication server for payment of the fee corresponding to the desired time of use, and the authentication key given by the user through the electronic payment. In the case of inputting, the inputted authentication key and the validity period of the authentication key are stored in predetermined storage means provided in the data terminal. In such a case, the blocking means allows the user to access the open network when the authentication key is stored in the storage means and the valid period has not elapsed. Further, the user interface means requests and receives an authentication key registered in the authentication server, and stores the input authentication key and the validity period in the storage means when the input authentication key and the received authentication key are the same. It may be.

When the user makes a payment by credit card, prepaid card or other electronic payment means, the blocking means allows the data terminal to access the open network after receiving the authentication data from a given authentication server.

According to another aspect of the program according to the present invention, the program includes: (a) a function of setting a desired connection time and paying a fee through electronic payment corresponding to the desired connection time; And (b) allowing the data terminal to access the open network for as long as the connection desired time when the user pays the usage fee while the data terminal blocks the access to the open network. do.

In one embodiment, the (a) function includes (a1) a function of accepting from the user an authentication key given to the user through electronic payment; And (a2) a function of checking whether an authentication key input by the user and an authentication key registered in an external authentication server in the electronic payment process are the same. In this case, in implementing the function (b), when the data terminal is blocked from accessing the open network, when the input authentication key and the registered authentication key are the same, the data terminal is connected for the desired time. Allowing access to open networks. This embodiment is suitable for providing the authentication key to a user, for example, via a mobile phone.

In implementing the function (a2), the authentication key input by the user is transmitted to the authentication server so that the authentication server compares the authentication keys, and then receives a signal indicating the same from the authentication server. However, in another embodiment, the program requests and receives an authentication key registered with the authentication server, and compares the authentication keys.

In a preferred embodiment, the function (a1) accepts personal information and connection desired time data for electronic payment from the user, requests the authentication server to charge a fee corresponding to the connection desired time, and an authentication key is sent to the user. Include functionality to be provided.

In another embodiment, the (a) function includes (a1) a function of allowing a user to pay a usage fee; And (a2) a function of receiving authentication data from a predetermined authentication server. In this case, in implementing the function (b), after accepting the authentication data, the data terminal is allowed to access the open network for the connection desired time. This embodiment is suitable when the user is making a payment by credit card, prepaid card or other electronic payment means.

On the other hand, the network connection approval method for achieving the other technical problem is a computer system that can be connected via a remote network and a data terminal located in a remote location, the user of the data terminal based on the payment of the electronic payment for the network service Make it available.

One form of network connection approval method is suitable when the connection control program is installed on the data terminal. In one example of such a network connection approval method, an authentication request including personal information of the user is first accepted from the data terminal. Then, a predetermined payment processing process is performed based on the personal information, and when the payment processing is successfully completed, an authentication key is assigned to the user and the authentication key is stored in a predetermined storage means. The data terminal then provides the registered authentication key to the data terminal when the data terminal requires the authentication key, so that the data terminal can be connected to the open network when the user uses a true authentication key. Let the program control the connection.

In another example of the network connection approval method for providing a service to a data terminal provided with a connection control program, first, an authentication request including personal information of the user is received from the data terminal. Then, a predetermined payment processing process is performed based on the personal information, and when the payment processing is successfully completed, a first authentication key is assigned to the user and the first authentication key is stored in a predetermined storage means. Finally, when the data terminal transmits an identity verification request including a second authentication key, the data terminal receives the identification request signal, compares the first and second authentication keys, and outputs a confirmation request signal indicating the identity of the first and second authentication keys. By providing the terminal, the program allows the program to control the access so that the data terminal can be connected to the open network only when the user uses the same second authentication key as the first authentication key.

The network access approval method may be implemented by only the network server system regardless of whether or not the access control program is installed in the client terminal. In this case, it is preferable that the network server system providing the connection approval service is an Internet access service providing (ISP) server providing Internet access service to a client computer connected by dial-up modem connection or LAN connection. .

In this method, first, (a) accept personal information for payment from a plurality of terminals, wherein at least one of a desired connection time and corresponding fee data is received together, and (b) each of the plurality of terminals The billing fee is charged by the electronic payment method, and the payment processing result for each terminal is stored in a predetermined storage means. In this state, (c) only the terminal having successfully completed the payment processing process is allowed to access the open network during the access desired time.

In a preferred embodiment, step (c) comprises: (c1) accepting a network access service request from the data terminal; (c2) determining, based on the unique information of the data terminal included in the request, whether the user has paid a fee and whether an access desired time corresponding to the fee has expired; And (c3) route the request to a destination address included in the request if the user has paid the fee and the connection desired time has not expired, and the user has not paid the fee or is determined to have expired. If the request is ignored.

Hereinafter, with reference to the accompanying drawings will be described in detail a preferred embodiment of the present invention. In the accompanying drawings and the following description, the same or similar reference numerals will be given to the same reference numerals and detailed description thereof will be omitted.

1 shows an example of a network environment in which the present invention is implemented. The client computer 10 may be installed in a business establishment such as an inn, motel, hotel, coffee shop, cafe, billiard room, beauty salon, convenience store, fast food store, or other places where there is a general public computer use demand for general public use. do. The client computer 10 is a conventional computer (PC) similar to that commonly used in offices or homes, but may be utilized as a public PC with the support of an authentication server 20. In this way, the owner of a business establishment intending to utilize the conventional computer 10 as a public PC installs the connection control program according to the present invention in the computer 10. The program blocks the client computer 10 from accessing the Internet in a normal state, and the computer 10 for a time corresponding to the fee only when the user pays a fee by an electronic payment method and receives and inputs an authentication key. ) To connect to the Internet.

In other words, the user can use the client computer 10 only after paying the fee through the electronic payment method through the authentication server 20 to use an unspecified number of Internet servers 40a-40n such as a content providing server, a merchant server, a file. You can connect to a server or mail server to receive Internet services. In the present specification, the term "electronic payment" means online payment by credit card, payment by mobile phone bill by online authentication, online payment by prepaid card, and other things that are currently or may be made on the Internet. Used to include the payment method of. 1 illustrates an example in which an authentication key is given through a mobile phone and the Internet usage fee is charged through a mobile phone bill.

In the example of FIG. 1, a user who wants to use the Internet through the computer 10 first applies for a payment authentication by inputting his or her social security number, mobile phone number and a desired time to the computer 10, and then the mobile phone ( 12) is given an authentication key. When the application for use is received from the client computer 10, the authentication server 20 stores the application details in its own database and makes an authentication request to the payment server 30. The payment server 30 applies a billing request to the wireless telecommunication company server 40 in response to the authentication request. The wireless communication company server 40 determines whether the resident registration number and the mobile phone number associated with the billing request application are valid, stores the billing information in the billing database, and transmits a billing permission message to the billing server 30. The payment server 30 transmits a payment completion message to the authentication server 20 in response. The wireless telecommunication company server 40 transmits the authentication key to the user mobile phone 12 through the short message service (SMS) immediately after transmitting the charge acceptance message to the payment server 30, which is the payment server 30. Also provided via or directly to the authentication server 20. In FIG. 1, the authentication server 20, the payment server 30, the payment server 30, and the wireless telecommunication company server 40 are connected through a dedicated line or the Internet, respectively.

On the other hand, in another embodiment in which the present embodiment is modified, the authentication key transmission by the SMS may be made by the payment server or the authentication server 20. Further, in another embodiment of the present invention, the payment server 30 may be integrated into the wireless telecommunication company server 40 or the authentication server 20. That is, the specific payment process may be modified in various ways, and the present patent application does not claim a patent for the payment process itself.

2 shows program modules and a database loaded on and executed by the authentication server 20 shown in FIG. 1. In this embodiment, the server-side programs 100 include a membership management module 102, a program download module 104, a payment module 106, a settlement module 108 and a usage fee inquiry module 110. . These program modules are implemented by a server script or a separate application included in a web document. Meanwhile, the database 120 includes a member table 122, an authentication list table 124, a usage history table 126, and a settlement table 128. Such a database 120 is linked to the programs 100 by an interlocking means such as CGI, ODBC, JDBC.

The membership management module 102 receives a membership registration request from each client computer 10 owner via the Internet, and stores the member information in the member table 122 of the database 120. In addition, the member management module 102 modifies or deletes the stored member information according to the request of each client computer 10.

The program download module 104 reads the latest version of the installation program for installing the connection control program or the patch file of the connection control program from the hard disk and downloads it to the client terminal 10 according to the request of each client computer 10. . When the download request signal is received from the client computer 10, the program download module 104 determines whether the program of the computer 10 is the latest version, and then selects the latest version or patch file of the installation program according to the user's selection. Provides a message stating that the program being downloaded or currently installed is the latest version.

The payment module 106 accepts the mobile phone number and social security number together with the Internet use time desired from the client computer 10, calculates the fee and requests the payment server 30 for payment. Upon receipt of a payment complete message from the payment server 30, the payment module 206 records the IP address and usage time data of the client computer 10 in the authentication list table 244 of the database, wherein the payment completion message is The included authentication key is registered together.

The settlement module 108 stores the payment amount data for each client computer 10 whose usage time expires with reference to the data stored in the authentication list table 124 in the usage history table 126. In addition, the settlement module 108 calculates, for a certain period of time, the computer usage fee to be paid to the owner for each client computer 10 and the connection approval service provision fee to be deducted by the server operator. The calculated computer usage fee and fee data is stored in the settlement table 128. On the other hand, the usage fee inquiry module 110 allows each client computer 10 owner to check the revenue obtained or already secured through his or her computer.

As described above, the client computer 10 utilized as a public PC through the support of the authentication server 20 is provided with a connection control program according to the present invention. 3 shows one embodiment of a connection control program. The connection control program 150 is installed in the client computer 10 by executing a separate installation program 140. The installation program 140 is a program created using Install Shield in addition to the computer owner or the karma employee (hereinafter, abbreviated as owner) to easily and automatically install the access control program 150, the authentication server 20 It may be distributed as recorded on a compact disc (CD) by the operator or downloaded from the authentication server 20 by the computer owner. In addition, when the operator of the authentication server 20 modifies the access control program 150, the modification may be downloaded to the client computer 10 in the form of a program patch file 142. The installation program 140 or the program patch file 142 may be executed by a double click of a mouse or a separate execution command by a general method provided by a computer operating system.

In the present embodiment, the access control program 150 is the Internet use application module 152, monitoring and blocking module 156, billing check module 158, safety check module 160, log recording module 162 , Activation / deactivation module 166, password setting / change module 168, program download module 170, and deletion / update module 172. In addition, in the course of the program operation, the access control program 150 generates a billing information table 154 for recording information paid by the user and a log table 164 for recording usage records on the hard disk. Record it. The information recorded in at least the billing information table 154 of the tables 154 and 164 is preferably recorded in an encrypted form.

Such a connection control program is automatically executed every time the system is driven. If the program works normally, the program logo is displayed in the tray on the right side of the task bar at the bottom of the screen. By clicking on the logo, the user can select and execute various additional functions provided by the above modules.

The internet application module 152 is activated when the computer 10 is booted or when an application program such as a web browser, an e-mail transmission / reception program, or a file transmission program is executed. Immediately after being activated, the internet application module 152 allows the user to provide a screen for payment to enter the resident registration number, the mobile phone number and the desired time of use. After the user inputs such information and presses the "send" button displayed on the screen, the Internet application module 152 encrypts the information and transmits the information to the authentication server 20.

Then, the Internet use application module 152 provides an authentication key input window to request the user to input the authentication key received through the mobile phone 12. When the user inputs the authentication key, the Internet application module 152 requests the authentication key registered in the authentication server 20, and receives and decrypts the registered authentication key in an encrypted state. If the authentication key entered by the user is the same as the registered authentication key, the Internet use application module 152 stores the use time or use time expiration time in an encrypted state in the billing information table 154, and then transmits the Internet to the user. Provide a message that it is available.

The monitoring and blocking module 156 detects whether an Internet packet is transmitted or received through a network protocol installed in the computer 10, and selectively passes or blocks the packet under the control of the charging check module 158. When the charging check module 158 receives the Internet packet detection signal from the monitoring and blocking module 156, the monitoring and blocking module 156 causes the monitoring and blocking module 156 to detect the packet based on the charging information stored in the charging information table 154. You will be instructed to pass or block.

The safety check module 160 continuously checks whether the user attempts to use the illegal Internet by disabling the program instead of using the Internet after paying a normal fee. Examples of such illegal use attempts are to forcibly execute the access control program according to the present invention by using the "CNTL-ALT-Del" key, the "CNTL-Esc" key, the "CNTL_Tap" key or the "Windows" key on the keyboard. Attempting to exit or deleting a program. When such an illegal use attempt is detected, the safety check module 160 disables the command execution by the key input, displays a guide message, and then shuts down the system. On the other hand, the log recording module 162 records in the log table 164 a list of the time at which the application program transmits and receives the Internet packet or data about the time of the last transmission and reception.

The program download module 166 allows the computer owner to download and install the latest version of the program as a whole or to download patch files for the latest version. When the owner clicks the program logo on the taskbar tray and then clicks the "Download Program" button on the management menu, the program download module 166 generates and transmits a download request signal including the current program version information. In response to the download request signal, the authentication server 20 determines whether the corresponding program is the latest version, and downloads the latest version or patch file of the installation program according to the user's selection, or informs that the currently installed program is the latest version. to provide.

The delete / update module 168 allows a computer owner to delete the program. In order to prevent the user from illegally deleting a program as described above, the safety check module 160 allows the user to delete the program or delete the executable file or directory of the program through the "add / delete program" utility. To prevent them. Therefore, the deletion of the program of the present invention can proceed normally only when the "Delete program" button is clicked on the management menu. When the owner or the like presses the "Delete Program" button, the delete / update module 168 restores the protocol chain (which will be described later) adjusted at the time of program installation to its original state prior to program installation, and then the safety check module 160. Will be disabled. Then, the owner or the like can delete the program completely by deleting the directory where the program is stored. In addition, the delete / update module 168 may execute a downloaded program or a program patch to update a program. In another embodiment, the update process may be automatically executed immediately after the download.

On the other hand, if the computer owner wants to use the computer 10 directly, it is preferable to switch to the free use mode. After clicking the program logo on the taskbar tray and pressing the "Disable access blocking" button on the management menu, a password input window is displayed. By entering a password in the input window, the user can cancel the access blocking function. As such, when the user instructs deactivation while inputting the correct password, the activation / deactivation module 170 restores the protocol chain to its original state so that the monitoring and blocking module 156 does not operate. In order to prevent unauthorized use of a computer by grasping a password by trial and error, it is desirable not to allow a password input error more than a certain number of times. Reactivating is similar to deactivating. Meanwhile, the password setting / changing module 168 allows a computer owner to set or change a password used for deleting or deactivating a program.

4 is a view for explaining in more detail an embodiment of the monitoring and blocking module 156 shown in FIG. For simplicity, only part of the connection control program 150 is shown in FIG.

In general, between applications (web browsers, remote terminals, file transfer programs, etc.) and the underlying protocols (network protocols natively supported by the operating system, such as TCP / IP, IPX / SPX, etc.), the application by connecting data between them As a programming interface and supporting program for handling input and output requests of a program, a socket such as Winsock is operated. In the embodiment of Figure 4, the monitoring and blocking module 156 is implemented utilizing the Layered Service Provider (LSP) technology, which is a concept introduced in WinSock2, a type of socket. Briefly mention LSP.

WinSock2 provides an interface to all communication protocols, allowing you to create and add LSPs with specific functionality between WinSock2 and the underlying protocol. All Winsock commands such as CONNECT (), SEND () and RECV () executed by all network applications in the upper layer of WinSock2 DLL communicate with the basic protocol via WinSock2 DLL. It is a Layered Protocol that adds a service that monitors the contents of data sent and received in real time while allowing requests and data to be transmitted without filtering. Such LSP is physically produced in the form of a dynamic loader library (DLL). One or more LSPs can exist in the layer between the base protocol and the WinSock2 DLL and can support more than one protocol simultaneously.

When an application calls a network function, the request is passed to the WinSock2 DLL, which in turn passes to the protocol underneath the WinSock2 DLL. In general, the request is passed directly to the underlying protocol (eg TCP / IP), but with an LSP installed. Will go through the LSP DLL. Thus, LSP technology can add the functionality we want between the WinSock DLL and the underlying operating system-level protocols and effectively monitor what network functions are called internally.

Referring back to FIG. 4, in this embodiment, the monitoring and blocking module 156 is implemented as an LSP DLL installed between the WinSock2 DLL 182 and the basic protocol 184. The installation program 142 illustrated in FIG. 3 monitors and blocks the existing network flow LSP 156 by referring to existing protocol chain information (information indicating a connection between the basic protocol and the Layered Protocol) during the connection control program installation process. ) Will be installed between the WinSock2 DLL 182 and the base protocol 184 and a new protocol chain will be established. On the other hand, WinSock2 is installed by default in Windows 98, but WinSock2 is not installed in Windows 95. Therefore, the installer 142 adds a new WinSock2 module to use LSP technology when the operating system installed in the computer is Windows 95. Will be installed.

Once installed, network flows continue based on newly established protocol chain information, and the monitoring and blocking LSPs 156 in the middle of the flow accept all network flows (function calls, data exchanges) without loss, and up and down. Since the existing protocol existing in the well connected to the monitoring and blocking LSP (156) to the existing flow communication between the application 180 and the WinSock2 DLL 182 and the basic protocol 184 can be made smoothly.

In particular, according to the program according to the present invention, the monitoring and blocking LSP 156 connects the applications 180 to the WinSock2 DLL 182 to the network or blocks the network connection by itself based on the charging information stored in the charging table 154. Done. That is, when the application 180 calls winsock functions such as the CONNECT (), SEND (), and RECV () functions, the function call fact is passed to the monitoring and blocking LSP 156. Immediately after being notified of the function call, the monitoring and blocking LSP 156 inquires about the function call fact and the URL information included in the function to the billing check module 158 to query whether the function is accessed or blocked. The billing check module 158 determines whether the packet related to the current request is legitimate based on the billing information recorded in the billing information table 154, and then determines whether to pass or block the packet, thereby monitoring and blocking the result LSP 156 ). Based on the returned value, the monitoring and blocking LSP 156 maintains or blocks the current connection.

Hereinafter, the operation of the access control program and the authentication process of the authentication server according to the present invention will be described in more detail with reference to FIGS. 5A to 9.

5A and 5B illustrate an operation of an access control program according to an embodiment of the present invention. Immediately after the computer is booted and the program starts to run, or immediately after an application such as a web browser starts to run, a guide screen for payment is displayed (step 200). The information screen includes a message that the internet is paid, a brief price information, and a "subscription for Internet use" button. If the user wishes to make a payment by pressing the "internet usage request" button (step 202), the internet usage application module 152 of the program will request to input the resident registration number, the mobile phone number and the desired time of use. When the user inputs these data and presses the "send" button (step 204), a payment processing operation is performed through the authentication server 20, the payment server 30, etc. (step 206). When the payment processing is completed, the authentication key is provided to the user cellular phone 12 by SMS via the wireless communication network.

On the other hand, immediately after the user presses the "send" button in step 204, the Internet use application module 152 of the program is required to input the received authentication key with the standby guidance message. In this state, the program continuously monitors whether an authentication key is input (step 208). When the user inputs the authentication key, the use application module 152 requests and receives the authentication key registered in the authentication server 20, and then determines whether the input authentication key and the registered authentication key are the same. Step 210, step 212). If the input authentication key and the registered authentication key is the same, the use application module 152 stores the billing information including the use time or expiration time for the user in the billing information table 154 and the Internet during the use time. Blocking access to the server is released (step 214). At this time, the billing checking module 158 provides a small remaining time display screen while counting the remaining time, so that the user can use the Internet while referring to the displayed time (step 216).

On the other hand, if the authentication key and the registered authentication key input in step 212 is not the same, the application module 152 determines whether the number of wrong input exceeds a predetermined criterion and requires to re-enter the authentication key. (Step 218, Step 220). If the input key is re-entered, it is determined whether the input authentication key and the registered authentication key are the same by repeating step 212 again. In order to prevent the authentication key from being acquired by trial and error, when the number of wrong inputs in step 218 exceeds a predetermined criterion, the application program or the system is terminated.

The billing checking module 158 continuously determines whether the usage time set by the user has ended while counting the remaining time (step 222). When the usage time is over, the billing check module 158 displays the timeout guide message and then asks the user whether to continue using it after additional payment (step 226). If the user wishes to make an additional payment, the payment processing procedure of step 206 is performed again, which may be simplified compared to the original payment processing procedure. If the user does not wish to make a further payment, the billing check module 158 blocks the computer 10's Internet connection by preventing the monitoring and blocking LSP 156 from passing the packet anymore.

As described above, the monitoring and blocking of the connection control program in the client computer 10 LSP 156 maintains or blocks the connection under the control of the charging check module 158. 6 shows a connection / blocking determination process performed by the charging check module 158.

The billing check module 158 continuously monitors whether a packet detection signal is received from the monitoring and blocking LSP 156 (operation 250). In the preferred embodiment, the packet detection signal includes the function call fact and the URL information included in the function. Each time a packet detection signal is received, the charge checking module 158 is recorded in the charging information table 154. The billing information is read to determine whether billing has been made, and whether the usage time has expired (steps 254 and 258).

If it is determined that the charging information exists but the usage time has expired, the charging check module 158 returns a result indicating that the packet is blocked to the monitoring and blocking LSP 156 and terminates the process (260). step). If it is determined that the billing information exists and the usage time has not expired, the billing check module 158 returns a result indicating that the packet is to be passed to the monitoring and blocking LSP 156 and terminates the process. (Step 262). On the other hand, if it is determined in step 254 that there is no charging information, it is determined whether the transmitted / received packet is a charging packet, that is, a packet transmitted / received with the authentication server 20 for authentication (step 256). If the transmission / reception packet is a charging packet, the charging check module 158 returns a result indicating that the packet is to be passed. However, if the transmission / reception packet is not a charging packet, the charging check module 158 returns a result indicating that the packet is to be blocked. Based on this result, the monitoring and blocking LSP 156 maintains or blocks the current connection.

FIG. 7 shows an embodiment of an authentication method performed by the authentication server 20 of FIG. 1.

When the authentication request packet is received from the client computer 10 (step 300), the authentication server 20 transmits the resident registration number, mobile phone number and fee information included in the authentication request packet to the payment server 30 to make a payment. A request is made (step 302). When the payment process ends, the authentication server 20 receives the payment end signal from the payment server 30 (step 304). The payment end signal includes information on payment success / failure, and when the payment is successful, the payment authentication serial number and the authentication key transmitted to the client terminal 10 by SMS. Next, the authentication server 20 determines whether the payment was successfully completed or the payment failed based on the payment end signal (step 306). If the payment is successfully completed, the payment amount, the terminal information and the authentication key are registered in the database (step 308). However, if the payment fails, the authentication failure signal is transmitted to the client computer 10 to allow the user to try the payment processing again (step 310). On the other hand, as mentioned above, the payment processing of steps 302 to 310 may be performed by the authentication server 20, of course.

Thereafter, the authentication server 20 waits for a registered authentication key request signal from the client computer 10 (step 312). When the authentication key request signal is received, the authentication server 20 encrypts the authentication key registered in the database and provides the encrypted authentication key to the client computer 10, whereby the connection control program on the client computer 10 is input by the user. It is possible to determine whether an authentication key is true (steps 314 and 316).

Meanwhile, in the embodiments shown in FIGS. 5 to 7, the billing information is stored in the billing information table 154 and based on the billing information, it is determined whether the packet passes / blocks based on the billing information for each access session. In another modified embodiment, the application request module 152 or the billing check module 158 may alter the protocol chain itself during a set usage time such that the monitoring and blocking DLL 156 itself is disabled.

On the other hand, in the embodiment shown in Figs. 5A to 7, although the access control program on the client terminal side compared the authentication key entered by the user and the authentication key registered in the authentication server, the authenticity of the authentication key is verified. In another embodiment of the present invention, the authentication server may perform such verification. 8A and 8B and 9 illustrate such an embodiment, and FIGS. 8A and 8B show an operation process of a connection control program according to another embodiment of the present invention, and FIG. 9 is an authentication method performed by an authentication server. Another example of is shown.

8A and 8B, when the user inputs the authentication key in step 208, the application module 152 transmits the authentication key to the authentication server 20 to request whether the authentication key is authentic. (Step 240). When the authentication server 20 notifies that the authentication key is correct (step 242), the use application module 152 stores the charging information including the use time or expiration time for the user in the charging information table 154. In step 244, access to the Internet is released during the use time. On the other hand, if the authentication server 20 notifies that the authentication key is incorrect in step 242, the use application module 152 determines whether the number of wrong input exceeds a predetermined criterion and then requests to re-enter the authentication key. (Step 246, Step 248). If the input key is re-entered, it is determined whether the input authentication key and the registered authentication key are the same by repeating step 240 again. Meanwhile, in FIGS. 8A and 8B, steps 200 through 206 and steps 216 through 226 are similar to those in FIGS. 5A and 5B, and thus description thereof will be omitted.

Referring to FIG. 9, when the client computer 10 inquires whether the authentication key is authentic in step 330, the authentication server 10 determines whether the authentication key and the registered authentication key included in the confirmation request are the same. After that (step 332), an acknowledgment signal indicating the same or not identical is transmitted to the client computer 10 (step 334, step 336). In FIG. 9, steps 300 to 310 and steps 216 to 226 are similar to the corresponding steps in FIG. 7, and thus description thereof will be omitted.

On the other hand, in another embodiment of the program according to the present invention, the use application module 152 of FIG. 2 accepts authentication data directly from the authentication server 20. The application module 152 stores the authentication data or the data thereof modified in the charging information table 154. Therefore, the user does not need to receive and enter the authentication key through the mobile phone. Even in this case, the monitoring and blocking module 156 and the charging status checking module 158 block or pass the packet based on the data stored in the charging information table 158. Such an embodiment is suitable for the case where payment is made by credit card, prepaid card or other electronic payment means.

10 shows another example of a network environment in which the present invention is implemented. In Fig. 10, a client computer 10 can be connected by dial-up modem connection or by a LAN connection, and an Internet access service providing (ISP) server providing Internet access service to the client computer 10 ( 60: hereinafter referred to as "gateway server" is shown. In the example shown in FIG. 10, the Internet access approval procedure of the present invention is performed through the gateway server 60. As in FIG. 1, the gateway server 60, the payment server 30, the payment server 30, and the wireless telecommunication company server 40 are each connected through a dedicated line or the Internet. On the other hand, as in FIG. 1, although FIG. 10 is shown based on a payment system in which the Internet usage fee is included in the mobile phone bill, the payment method is not limited thereto, and a credit card or other electronic payment method is employed. Can be.

The gateway server 60, in principle, blocks Internet traffic transmitted from all subscribed client computers 10. When the Internet service request is received from the client computer 10, the gateway server 60 analyzes the sender's IP address and requests payment for the user, and only if the payment is successful, the Internet from the computer 10 is received. Pass the traffic. Such a gateway server 60 has a program and a database similar to that shown in FIG. 2, but a detailed description of the configuration of the gateway server 60 will be omitted since those skilled in the art can easily implement from FIG. .

11 shows an internet access approval process performed by the gateway server 60. Whenever an Internet service request signal is received from any client computer 10 (step 500), the gateway server 60 analyzes the sender, that is, the user, based on the sender's IP address included in the request signal (step 502). step). In steps 504 and 506, it is determined whether the client computer 10 is a member computer and a paid user, respectively. Here, the "member computer" refers to a computer to which the owner or the like has previously applied for the Internet access approval service according to the present invention. In principle, Internet packets from such computers are blocked, and the packets are only passed if the owner enters his password in the payment screen and releases the blocking action. In the above, the "paid user" refers to a user who wants to use the Internet in a state in which such a password release setting is not made. If it is determined in step 504 that the terminal requesting the service is not a member computer, or in step 506 it is determined that the free use is set, the packet related to the service request is routed to the URL included in the service request. The terminal may receive the Internet service (step 512).

On the other hand, if it is determined in step 504 that the terminal requesting the service is a member computer and it is determined in step 506 that the free use setting is not made, whether the user has previously paid the fee and the use time expired. In operation 508 and operation 510, it is determined. If the user has previously paid the fee and the usage time associated with the payment fee has not expired, the terminal can receive the Internet service by routing a packet regarding the service request to the URL included in the service request (step 512). step).

If it is determined in step 508 that the user has not previously paid the fee, or it is determined in step 510 that the usage time associated with the payment fee has expired, the client computer 10 sends a guide message corresponding to each case. In step 514, the user is requested to perform a payment. The guide message includes a guide on the usage fee, a "payment" button for selecting a payment function, and a "free use setting" button for free use setting. When the user presses the "payment" button (step 516), the payment process of step 518 is performed. On the other hand, the user can press the "free use setting" button, and then set the free use after pressing the password as described above. In the case of setting the free use as described above, the user can switch back to the paid use mode through the same process.

12 shows the payment processing process (step 518) in FIG. 11 in more detail. First, the gateway server 60 provides a payment screen to an application program of the client computer 10 to require the user to input the resident registration number and the mobile phone number and the desired time or fee (steps 550 and 552). ). After the user inputs these data and presses the "send" button, the gateway server 60 transmits the resident registration number, the mobile phone number and the fee information to the payment server 30 to request payment (step 554). When the settlement process is completed, the gateway server 20 receives the settlement end signal from the settlement server 30. The payment end signal includes information on payment success / failure, and payment success serial number when the payment is successful. Next, the gateway server 60 determines whether payment has been completed successfully or payment has failed (step 556) based on the payment end signal. If the payment is successfully completed, the authentication completion message is provided to the client computer 10 so that the user can use the Internet (step 558). If the payment is not successful, the unusable message is transmitted to the client computer 10. The user tries to process the payment again (step 5600).

Meanwhile, in another embodiment in which the embodiments of FIG. 11 and FIG. 12 are modified, a cookie may be transmitted by inserting a set-cookie field into an authentication completion message and including an encrypted authentication key in the cookie information. In this case, each time an application on the client computer requests the Internet service, the gateway server 60 can determine whether to block / pass the packet only with the encrypted cookie value.

As described above, the access control program 150 or its installation program is distributed by the authentication server 20 operator, for example, recorded on a compact disc (CD) or downloaded from the authentication server 20 by the computer owner. Can be. In the following description, the term " recording medium recording a program " should be interpreted as including not only a portable recording medium such as a compact disc (CD) but also a medium in which the authentication server 20 stores files for download. .

Those skilled in the art to which the present invention pertains will understand that the present invention can be implemented in other specific forms without changing the technical spirit or essential features. Therefore, the above-described embodiments are to be understood as illustrative in all respects and not as restrictive. The scope of the present invention is shown by the following claims rather than the detailed description, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included in the scope of the present invention. do.

As described above, according to the present invention, a third party other than the owner can use the Internet service through payment of a fee by using a conventional computer having no mechanism for payment. Where there are public computer demands, such as inns, hotels, and cafes, computer owners can provide their computers as public PCs to increase sales. In addition, the program and service providing method according to the present invention can be applied in places where a large number of pay-use computers are installed, such as a PC room or a game room. In this case, manpower and effort for collecting and managing charges can be greatly reduced.

In particular, since the present invention can arbitrarily adopt various types of electronic payment methods suitable for micropayments, those who have to use the Internet for a short time or those who want to enjoy the Internet service by using unspecified time are actually You can use the Internet after paying only for the time you use.

Claims (17)

It is a program that is loaded on a data terminal that can be connected to an open network and executed, and allows a user to use a network service based on payment of an electronic payment. In the state where the data terminal is blocked from accessing the open network, the data terminal is connected to the open network when the user pays a fee corresponding to the time to be used by the user through the electronic payment. Blocking means for allowing; And Safety checking means for preventing the user from deactivating the blocking means without paying the fee; Recording medium recording a program comprising a. 2. The recording medium of claim 1, wherein the blocking means records a program allowing the data terminal to access the open network when the user inputs an authentication key granted through the electronic payment. The method of claim 2, Expiration date storage means for storing the expiration date of the authentication key in a predetermined storage means provided in the data terminal; And the blocking means records a program for allowing the data terminal to access the open network when the user inputs an authentication key granted through the electronic payment and the valid period has not elapsed. media. The method of claim 3, wherein the blocking means A monitoring and blocking unit for detecting data transmitted and received through the open network by the data terminal and allowing the data terminal to access the open network in response to a predetermined control signal; And It is determined whether the authentication key is input and whether the validity period has elapsed, and outputs a control signal for allowing the data terminal to access the open network when the authentication key is entered and the validity period has not elapsed. Decision unit; Recording medium recording a program comprising a. The method of claim 2, When the user receives the personal information for the electronic payment and the desired time of use data from the user, requests a payment for a fee corresponding to the desired time of use from an external authentication server, and the user inputs the authentication key granted through the electronic payment. User interface means for storing the inputted authentication key and the validity period of the authentication key in a predetermined storage means provided in the data terminal; The blocking means further comprises a recording medium for recording a program for allowing the user to access the open network when the user has stored an authentication key in the storage means and the valid period has not elapsed. The method according to claim 5, wherein the user interface means requests and receives an authentication key registered in the authentication server, and the inputted authentication key and the validity period are entered only when the input authentication key and the received authentication key are the same. Recording medium recording a program to be stored in the storage means. The recording medium of claim 1, wherein the blocking means records a program that allows the data terminal to access the open network after receiving authentication data from a predetermined authentication server. It is a program that is loaded on a data terminal that can be connected to an open network and executed, and allows a user to use a network service based on payment of an electronic payment. (a) allowing a user to set an access desired time and to pay a charge through electronic payment corresponding to the desired access time; And (b) a function of allowing the data terminal to access the open network for the connection desired time when the user pays the service fee while the data terminal blocks access to the open network; Recording medium recording a program for implementing the. The method of claim 8, wherein the (a) function is (a1) an authentication key given to the user through electronic payment and a function to accept from the user; And (a2) a function of checking whether an authentication key input by the user and an authentication key registered in an external authentication server in the electronic payment process are the same; In the implementation of the function (b), in the state where the data terminal is blocked from accessing the open network, when the input authentication key and the registered authentication key are the same as the connection desired time. A recording medium having recorded thereon a program allowing the data terminal to access the open network. The method according to claim 9, wherein the (a2) function is (a2a) transmitting the authentication key input by the user to the authentication server, so that the authentication server compares the authentication key input by the user with the registered authentication key; And (a2b) receiving a signal indicating identity from the authentication server; Recording medium recording a program comprising a. The method according to claim 9, wherein the (a2) function is (a2a) requesting and receiving the registered authentication key from the authentication server; And (a2b) comparing the authentication key input by the user with the registered authentication key; Recording medium recording a program comprising a. The method according to any one of claims 9 to 11, wherein the function (a1) Receiving personal information for the electronic payment and the connection desired time data from the user, and requesting the authentication server to pay a fee corresponding to the connection desired time, so that the authentication key is provided to the user; Recording medium recording a program comprising a. The method of claim 8, wherein the (a) function is (a1) allowing the user to pay the fee; And (a2) a function of receiving authentication data from a predetermined authentication server; In implementing the function (b), a recording medium having recorded thereon a program which allows the data terminal to access the open network for the connection desired time after receiving the authentication data. In a computer system that is located at a remote location and can be accessed through an open network with a data terminal on which a predetermined access control program is installed, a network access authorization that allows a user of the data terminal to use a network service based on payment of an electronic payment. As a method, Accepting from the data terminal an authentication request containing the user's personal information for the electronic payment; Performing a predetermined payment processing process based on the personal information, allowing the user to be given an authentication key when the payment processing is successfully completed, and storing the authentication key in a predetermined storage means; And When the data terminal requests the registered authentication key, the registered data authentication terminal provides the registered data authentication terminal to the data terminal so that the data terminal can be connected to the open network only when the user uses a true authentication key. Causing the program to control the connection; Network connection approval method comprising a. In a computer system that is located at a remote location and can be accessed through an open network with a data terminal on which a predetermined access control program is installed, a network access authorization that allows a user of the data terminal to use a network service based on payment of an electronic payment. As a method, Accepting from the data terminal an authentication request containing the user's personal information for the electronic payment; Performing a predetermined payment processing process based on the personal information, allowing the user to be given a first authentication key when the payment processing is successfully completed, and storing the first authentication key in a predetermined storage means; And When the data terminal transmits an identity verification request including a second authentication key, the data terminal receives the identification request signal, compares the first and second authentication keys, and outputs a confirmation request signal indicating the identity of the first and second authentication keys. Providing the terminal so that the program controls the connection so that the data terminal can be connected to the open network only when the user uses the same second authentication key as the first authentication key; Network connection approval method comprising a. In a computer system that can be accessed through an open network with a data terminal located remotely, a network connection authorization that allows the data terminal to be connected to the open network only when the user of the data terminal pays by electronic payment. As a method, (a) accepting personal information for payment from a plurality of terminals, wherein accepting at least one of a desired access time and corresponding fee data; (b) payment processing for each of the plurality of terminals by an electronic payment method, and storing the payment processing result for each terminal in a predetermined storage means; And (c) allowing access to the open network only for the terminal for which the payment processing is successfully completed during the access desired time; Network connection approval method comprising a. The method of claim 16, wherein step (c) (c1) accepting a network access service request from the data terminal; (c2) determining whether the user has paid a fee and whether the connection desired time corresponding to the fee has expired, based on the unique information of the data terminal included in the request; And (c3) if the user has paid a fee in step (c2) and the connection desired time has not expired, route the request to a destination address included in the request, and the user has not paid the fee or the connection Ignoring the request if it is determined that the desired time has expired; Network connection approval method comprising a.