KR100641896B1 - Method and system for providing internet service using proxy gateways sharing common modules - Google Patents

Abstract

An Internet service method and system using proxy gateways sharing a common module are provided to basically restrain unreasonable charging when subscriber identification information in header information of an HTTP(Hyper Text Transfer Protocol) request is ill-intentionally changed. A subscriber management unit(220) receives a charging start request including IP address information and the first subscriber identification information from a network service device(210). A request processing unit(240) receives a source HTTP request including the IP address information, the second subscriber identification information and connection request address information from the network service device(210), and performs a processing to provide an Internet service by using an update HTTP request. A common module unit(230) checks whether the first and second subscriber identification information are identical, and when they are not identical, the common module unit(230) generates the update HTTP request including the first subscriber identification information and the connection request address information.

Description

Method and system for providing Internet service using proxy gateways sharing common modules}

1 is a schematic diagram of a conventional wireless data service system.

2 is a diagram schematically showing the configuration of a wireless Internet service system according to an embodiment of the present invention.

3 is a view schematically showing the configuration of a common module unit according to an embodiment of the present invention.

4 is a view showing a subscriber identification information correction process according to an embodiment of the present invention.

5 is a data flow diagram illustrating a process of applying a service policy according to an embodiment of the present invention.

6 is a diagram illustrating a process of applying a service policy for adult site management according to an embodiment of the present invention.

7 is a data flow diagram illustrating a process of applying a service policy according to another preferred embodiment of the present invention.

8 is a data flow diagram illustrating a network service execution process according to an embodiment of the present invention.

The present invention relates to Internet services, and more particularly to Internet services using proxy gateways in wireless Internet services.

BACKGROUND With the recent rapid development of science and technology, wireless communication terminals (eg, mobile communication terminals, personal digital assistants, etc.) have evolved to have various functions. That is, a user can use not only voice calls but also wireless Internet access, video communication, and video message transmission using a wireless communication terminal. In particular, in addition to voice calls, wireless data services (ie, services that provide services such as news, life information (eg, stock news, etc.), games, etc. using a wireless communication terminal) may be used by users because of their convenience and usefulness. It is growing rapidly.

1 is a view schematically showing a conventional wireless data service system.

As shown in FIG. 1, a system for providing a wireless data service to a user of a wireless communication terminal 105 includes a base station / base station controller 110, a switchboard 115, and an interworking function (IWF) 120. Packet data serving node 125 and N gateways 125.

That is, a network interworking device (IWF) 120 and a packet data serving node 125 for providing a wireless data service are respectively coupled to N gateways 125 so that the wireless communication terminal 105 may request an HTTP request (HTTP). Request to any content provider 140 corresponding to the request or to be provided with any content data from the content provider 140. The N gateways 125 have different application programming interfaces (APIs) so as to correspond to platforms or the like installed in the system or the wireless communication terminal 105.

The network interworking device 120 and / or the packet data serving node 130 of the wireless data service system includes a charging start data record (Start UDR) indicating the start of charging when the wireless communication terminal 105 is connected to the mobile communication network and subscriber authentication is completed. ) To start the session, create an interim settlement data record (Interim UDR) at regular intervals after the billing start data record is created, and generate a billing end data record (Stop UDR) when the session ends. Then, charging is performed for the subscriber by using the generated charging information (ie, charging start data record, intermediate settlement data record, charging end data record).

However, the conventional billing method has a problem in that the fee for using the wireless Internet service is unfairly charged to other users when the header information (ie, subscriber identification information) of the HTTP request is maliciously changed.

In addition, in the conventional billing method, even when using a legitimate wireless Internet service, a billing leak or a billing phenomenon occurs due to a mismatch between subscriber identification information transmitted when a call is requested from a user terminal and subscriber identification information transmitted when an HTTP request is made. There was also.

In addition, since the gateways of the conventional billing system have different APIs (Application Programming Interfaces) corresponding to the systems or platforms, the gateways must be included even if they are redundant components, thereby increasing the complexity and manufacturing cost. There was also a problem.

In addition, gateways of the conventional billing system are designed to operate independently of each gateway, so when a new service or system is added, a specific gateway should be changed or additional gateways suitable for the corresponding system should be provided. Therefore, it is not easy to add a new service, and there is a problem in that a high cost is required when managing or maintaining the entire system.

In addition, the gateways of the conventional billing system have a problem that it is not easy to perform the service of the content providers by providing different information to the content providers for each system.

In addition, the gateways of the conventional billing system also have a problem that the access control list (ACL) management for the appropriate use of the wireless data service of the wireless communication terminal users are not integrated.

Therefore, an object of the present invention for solving the above-described problems can be charged to the actual user even when the subscriber identification information between the call connection request and the HTTP request is inconsistent, it is possible to prevent the charge leakage and billing phenomenon The present invention provides a method and system for internet service using proxy gateways that share a common module.

It is another object of the present invention to provide an Internet service method and system using proxy gateways that share a common module that can fundamentally suppress an unfair charging case that may be caused by a malicious change of subscriber identification information in header information in an HTTP request. It is.

Yet another object of the present invention is to simplify system configuration and reduce management / maintenance costs by sharing common components of each proxy gateway despite the variety of platforms installed in each system or wireless communication terminal. The present invention provides a method and system for internet service using proxy gateways that share common modules.

It is still another object of the present invention to provide an internet service method and system using proxy gateways that share a common module that facilitates development and addition of a proxy gateway for a new service or system by allowing overlapping components to be shared as a common module. .

It is still another object of the present invention to use proxy gateways that share a common module that allows each proxy gateway to unify the format of information provided to the content provider and to easily control various aspects of the information provided according to the characteristics of the content provider. It is to provide an Internet service method and system.

It is still another object of the present invention to provide an Internet service method and system using proxy gateways that share a common module that can collectively perform an access control list (ACL) management for each user of a wireless communication terminal. It is.

Still other objects of the present invention will be readily understood through the following description of the embodiments.

In order to achieve the above object, according to an aspect of the present invention, there is provided a subscriber identification information correction method and / or access control list processing method for performing the Internet service.

According to a preferred embodiment of the present invention, in a method of calibrating subscriber identification information for providing an Internet service in a communication service system, the subscriber management unit starts charging including IP address information and first subscriber identification information from a network service device. Receiving a request; Receiving, by the request processing unit, a raw HTTP request including IP address information, second subscriber identification information, and access request address information from the network service device; Determining, by the common module unit, whether the first subscriber identification information and the second subscriber identification information match; If there is a mismatch, generating, by the common module unit, an update HTTP request including first subscriber identification information and the access request address information; And a request processing unit performing a process for providing the Internet service by using the update HTTP request, and providing a recording medium recording a method for calibrating subscriber identification information by a common module unit and a program for performing the method. do.

The first subscriber identification information may be at least one of a mobile identification number (MIN), a network access identifier (NAI), an electrical serial number (ESN), and a mobile directory number (MDN), and the second subscriber identification information may be a client. At least one of an ID, a Mobile Identification Number (MIN), a Network Access Identifier (NAI), an Electrical Serial Number (ESN), and a Mobile Directory Number (MDN). Here, the client ID may be information generated to be mapped to the first subscriber identification information.

When the charging start request further includes a content reference identifier (CRID), the common module unit may retrieve device information of a user terminal corresponding to the content identifier from a storage unit and insert it into the update HTTP request. . Here, the device information may be inserted to correspond to the device information related header of the update HTTP request.

The charging start request may be received via a usage data collection device or an authentication authorization and accounting (AAA) server.

The network service device includes at least one of a network interworking device (IWF), a packet data serving node (PDSN), a packet gateway switching device (GGSN), an AAA server, an access point (AP), an access control router (ACR), and the like. It can be either.

According to another preferred embodiment of the present invention, in the method of processing an access control list (ACL) for an Internet service in a communication service system, the storage unit pre-stores at least one service policy information, wherein The service policy information includes static policy information corresponding to the access control list and dynamic policy information for subscriber-specific service authentication; Receiving, by the request processing unit, an HTTP request including first subscriber identification information and access request address information from the network service device; Determining whether the access request address information is included in the access control list by a common module unit; If included, determining whether the dynamic policy information includes service authentication permission information corresponding to the subscriber identification information and outputting a determination result; And if the determination result indicates a service authentication permission, performing, by the request processing unit, a process for providing the Internet service using the access request address information, and a method for processing an access control list by a common module unit. Provided is a recording medium having recorded thereon a program for performing the above.

When the determination result indicates that service authentication is not allowed, the request processing unit may transmit a preset error message or a connection instruction to a preset access address to the user terminal that has transmitted the HTTP request.

The access control list processing method may further include determining whether the common module unit matches the second subscriber identification information included in the charging start request and the first subscriber identification information; And in case of inconsistency, generating, by the common module unit, an update HTTP request including second subscriber identification information and the access request address information, and forwarding the updated HTTP request to the request processing unit.

When the charging start request further includes a content reference identifier (CRID), the common module unit may retrieve device information of a user terminal corresponding to the content identifier from the storage unit and insert it into the update HTTP request. have. Here, the device information may be inserted to correspond to the device information related header of the update HTTP request.

According to another embodiment of the present invention, a method of processing an access control list (ACL) for an Internet service in a communication service system, the storage unit pre-store one or more service policy information (service policy) information, wherein The service policy information includes static policy information corresponding to the access control list and dynamic policy information for subscriber-specific service authentication; Receiving, by the application routing interface, an HTTP request including subscriber identification information and access request address information from the network service device; Determining, by the application routing interface, whether the access request address information is included in the access control list; If included, determining, by the application routing interface, whether the dynamic policy information includes service authentication permission information corresponding to the subscriber identification information; And when the service authentication permission information is included, forwarding the HTTP request to an arbitrary request processor configured to correspond to a user terminal, wherein the request processor provides the Internet service using the access request address information. There is provided an access control list processing method for performing a processing for a recording medium and a program recording the program for performing the method.

According to another aspect of the present invention, there is provided a communication service system capable of performing subscriber identification information correction, device information insertion and / or access control list processing for performing data services.

According to a preferred embodiment of the present invention, a communication service system for calibrating subscriber identification information for providing an Internet service, comprising: a subscriber receiving a billing start request including IP address information and first subscriber identification information from a network service device; Management; A request processing unit which receives a raw HTTP request including IP address information, second subscriber identification information, and access request address information from the network service device, and performs a process for providing the Internet service using an update HTTP request; ; And judging whether the first subscriber identification information and the second subscriber identification information match by a request of the request processing unit, and generating the update HTTP request including the first subscriber identification information and the access request address information if there is a mismatch. A communication service system including a common module unit is provided.

The first subscriber identification information may be at least one of a mobile identification number (MIN), a network access identifier (NAI), an electrical serial number (ESN), and a mobile directory number (MDN), and the second subscriber identification information may be a client. At least one of an ID, a Mobile Identification Number (MIN), a Network Access Identifier (NAI), an Electrical Serial Number (ESN), and a Mobile Directory Number (MDN). Here, the client ID may be information generated to be mapped to the first subscriber identification information.

When the charging start request further includes a content reference identifier (CRID), the common module unit may retrieve device information of a user terminal corresponding to the content identifier from a storage unit and insert it into the update HTTP request. . Here, the device information may be inserted to correspond to the device information related header of the update HTTP request.

The network service device may be at least one of a network interworking device (IWF), a packet data serving node (PDSN), a packet gateway switching device (GGSN), an AAA server, an access point (AP), an access control router (ACR), and the like. have.

According to another preferred embodiment of the present invention, in a communication service system for processing an access control list (ACL) for an Internet service, a storage unit for storing one or more service policy information, wherein the service policy information is Static policy information corresponding to an access control list and dynamic policy information for subscriber-specific service authentication; A request processing unit for receiving an HTTP request including first subscriber identification information and access request address information from the network service device; The common module determines whether the access request address information is included in the access control list, and if so, determines whether the dynamic policy information includes service authentication permission information corresponding to the subscriber identification information and outputs a determination result. The communication service system including a unit, wherein if the determination result indicates the service authentication permission, the request processing unit performs a process for providing the Internet service using the access request address information.

The common module unit determines whether the second subscriber identification information included in the charging start request and the first subscriber identification information match, and if there is a mismatch, the common module unit includes second subscriber identification information and the access request address information. An update HTTP request may be generated and delivered to the request processing unit.

When the charging start request further includes a content reference identifier (CRID), the common module unit may retrieve device information of a user terminal corresponding to the content identifier from the storage unit and insert it into the update HTTP request. have. Here, the device information may be inserted to correspond to the device information related header of the update HTTP request.

According to another preferred embodiment of the present invention, a communication service system for processing an access control list (ACL) for an Internet service, the storage unit for storing one or more service policy information, wherein the service policy information Includes static policy information corresponding to the access control list and dynamic policy information for subscriber-specific service authentication; Receive an HTTP request including subscriber identification information and access request address information from a network service device, determine whether the access request address information is included in the access control list, and if so, the dynamic policy information Application routing interface for determining whether to include the service authentication authorization information corresponding to the subscriber identification information, and if the service authentication authorization information is included, and forwards the HTTP request to any request processing unit preset to correspond to the user terminal ; And a request processing unit which receives the HTTP request from the application routing interface and performs a process for providing the Internet service using the access request address information.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, the same reference numerals will be used for the same means regardless of the reference numerals in order to facilitate the overall understanding.

The Internet service method and system using proxy gateways sharing a common module according to the present invention can be used universally in a wireless Internet service system as well as a wired Internet service system. However, the data service apparatus for performing the Internet service may be different depending on whether it is a wired Internet system or a wireless Internet service system.

For example, in the case of a wireless Internet service system, the data service device may be an interworking function (IWF), a packet data serving node (PDSN), a gateway gateway switching device (GGSN), The outbound call may include any one of an AAA (Authentication, Authorization and Accounting) server. In the wired Internet service system, the data service device is at least one of an access point (AP) for a high-speed wireless network such as Wi-Fi and an access control router (ACR) for WiBro. It may include. In addition, the data service device may be integrated with wired and wireless Internet services.

However, hereinafter, the description will focus on the case of the wireless Internet service system for convenience of explanation and understanding.

2 is a diagram schematically showing a configuration of a wireless Internet service system according to an exemplary embodiment of the present invention, and FIG. 3 is a diagram schematically showing a configuration of a common module unit according to an exemplary embodiment of the present invention.

2, the wireless Internet service system according to the present invention is a network service device 210, usage data collection device 215, subscriber management unit 220, storage unit 225, common module unit 230, applications The routing interface 235, the request processing unit 240, the content provider 140, and the charging processing device 245 are included.

The network service device 210 is a device that enables wireless Internet service in response to a wireless Internet service request of a mobile communication service subscriber. The network service device 210 may be an interworking function (IWF), a packet data serving node (PDSN), a gateway GPRS support node (GGSN), or the like. In addition, as described above, the network service device 210 may vary depending on whether it is a wired or wireless Internet service system.

Usage data collection unit (UDA: Usage Data Aggregator, 215) receives a message for billing from the network service device 210 and delivers to the subscriber management unit 220. The message for charging received from the network service device 210 may be a message of a predetermined format. For example, the message for charging may be one of a RADIUS message and a diameter message. However, hereinafter, it is assumed that the message is a Radius message. The Radius message may include at least one of subscriber identification information (for example, telephone number, IP address information, mobile identification number (MIN), network access identifier (NAI), electrical serial number (ESN), mobile directory number (MDN), etc.). Any one) may include at least one of a content reference identifier (CRID). The Radius message may be, for example, a usage data record (UDR).

The subscriber manager 220 includes an ID manager 260 and a session / policy manager 265. The session / policy manager 265 may be divided into a session manager and a policy manager.

The identifier manager 260 acquires tuple information from the received RADIUS message and requests any component (eg, session / policy) for requesting subscriber identification information (eg, MIN). Management department). The tuple information may be, for example, a MIN / IP address tuple.

The session / policy manager 265 maintains / manages a session state and a policy cache of a subscriber. In addition, the session / policy management unit 265 uses the subscriber identification information provided from the identifier management unit 260 to provide a service policy (Service Policy—see FIGS. 5 and 6) and the content provider 140 from the storage unit 225. According to a characteristic (for example, reliability), a binding list set for differential provision of subscriber information and mapping information between subscriber identification information and client ID are retrieved. The client ID is any subscriber identification key generated to correspond to the subscriber identification information. For example, the client ID may be information generated by encrypting the subscriber identification information. The session / policy management unit 265 may provide service policy information, client ID, subscriber identification information, binding list, and the like to the application routing interface 235 and / or the common module unit 230.

The storage unit 225 stores service policy information, device information, and the like corresponding to each subscriber.

The common module unit 230 extracts a common function that overlaps with each gateway corresponding to each system and / or platform, thereby providing a common interface in the request processor 240 corresponding to each system and / or platform. It is a means to make it shared. Therefore, when each request processing unit 240 and the common module unit 230 is integrated as one, even if there is a functional difference, it can be regarded as corresponding to a specific gateway of the related art.

The common module unit 230 includes a data converter 310, a subscriber information updater 320, a device information updater 330, a subscriber processor 340, and an interface unit 350 as shown in FIG. 3. can do.

The data converter 310 performs a function of converting data into a data corresponding to the user terminal 105 of each subscriber, and may be an improved or commonly extracted ATS (Auto Coding System) included in a conventional gateway. The data converter 310 may be provided in the request processor 240.

If the subscriber information update unit 320 is inconsistent with the subscriber identification information in the HTTP request received from the request processing unit 240 and the subscriber identification information in the Radius message received from the usage data collection device 215, Radius Correct with subscriber identification information in the message. This is to prevent the unfairly generated or missing billing data according to the use of the service. In addition, the subscriber information update unit 320 inserts subscriber information (eg, MIN itself and / or client ID) at a level corresponding to the characteristics (eg, reliability, contract relationship, etc.) of the content provider 140. do. The HTTP request transmitted to the content provider 140 by the operation of the subscriber information update unit 320 includes at least one of a client ID and subscriber identification information.

The device information updater 330 interprets a resource description framework (RDF: a rule for describing a resource on a URI) stored in the storage 225, and the content provider 140 provides the requested service provision. The subscriber's user terminal 105 information is generated and inserted into the device information related header field of the HTTP request in the form of a profile. Hereinafter, the device information related header will be referred to as a devcap header for convenience.

The subscriber processing unit 340 performs subscriber authentication and access control list (ACL) processing. Of course, the application routing interface 235 may perform the processing of the access control list as described below.

The interface unit 350 is configured such that each request processing unit 240 corresponding to a different system and / or platform is a component of the common module unit 230 (eg, the data conversion unit 310 and the subscriber information update unit 320). ), At least one of the device information updating unit 330 and the subscriber processing unit 340). The interface unit 350 may include a software development kit (SDK) and a sub service framework (SSF).

The application routing interface 235 receives a plurality of requests for an HTTP request (ie, a request for providing content or a service by any content provider 140 received from the user terminal 105) received from the network service device 210. The processor 240 transmits the request processor 240 corresponding to the system and / or platform among the processors 240 (eg, WAP 1.x, WAP 2.0, PDA, HTTP service, download service, etc.). The application routing interface 235 may perform a function of applying the service policy information corresponding to the subscriber identification information from the subscriber manager 220. The service policy information may include static policy information corresponding to the access control list and dynamic policy information for performing authentication corresponding to each subscriber. The service policy application process by the application routing interface 235 will be described in detail later with reference to the accompanying drawings.

The request processing unit 240 is a communication device that is provided separately to correspond to each system and / or platforms, and has a common function removed from the plurality of gateways. The individual request processor 240 may perform a log management function, a different protocol processing function, an interface function, and the like. That is, the request processing unit 240 transmits an HTTP request having the header information updated by the common module unit 230 to the content provider 140, and transmits the content or service data received from the content provider 140 to the application routing interface. It transmits to the network service device 210 via the (235). In addition, the request processing unit 240 transmits the billing information corresponding to the HTTP request of the subscriber to the billing processing device 245 so that billing can be performed. Of course, it is apparent that the connection relationship with the charging processing device 245 may be configured differently from FIG. 2, but the actual charging step is somewhat different from the gist of the present invention, and thus a detailed description thereof will be omitted. As described above, when the request processing unit 240 and the common module unit 230 are integrated, their functions may be regarded as corresponding to the conventional gateways in appearance even though their functions are different.

The content provider 140 extracts web data (eg, content or service data) corresponding to the HTTP request received from the request processor 240 and transmits the extracted web data to the request processor 240. The web data transmitted from the content provider 140 is delivered to the user terminal 105 via the network service device 210 or the like.

The billing processing device 245 is a device for billing according to the use of the wireless Internet service of the subscriber by using billing information received from the request processing unit 240 or the like.

4 is a diagram illustrating a subscriber identification information correction process according to an embodiment of the present invention.

Conventional subscriber identification method for charging according to the use of wireless data service has a problem such as charging error as a method using a combination of the UA (User Agent) header and MIN. That is, the packet data serving node PDSN sends an HTTP request (ie, a URL request including a UA header) from the subscriber's user terminal 105 with the Radius message indicating the start of charging to the usage data collection device 215. When received, the HTTP request is forwarded to the gateway to be delivered to the content provider 140. In this process, charging is performed using subscriber identification information included in the HTTP request. Therefore, there is a problem in that a charging error occurs when the subscriber identification information included in the Radius message and the subscriber identification information included in the HTTP request are different.

However, in the wireless data service system according to the present invention, since the subscriber identification information correction process is performed in the common module unit 230, the charging error due to inconsistency of the subscriber identification information may be eliminated. This will be described in detail with reference to FIG. 4.

As shown in FIG. 4, when a call connection request is received from the user terminal 105, the network service device 210 establishes a PPP session with the user terminal 105, and notifies the start of a session for performing a wireless Internet service. The Radius message (for example, the Radius message corresponding to the Start Account) is transmitted to the subscriber management unit 220 via the usage data collection device 215. In the Radius message, subscriber identification information (for example, MIN such as 0111234567) is included. Also, the Radius message may further include IP address information of the user terminal 105.

The subscriber management unit 220 converts the Radius message received from the network service device 210 into a diameter message, and tuple information (for example, a MIN / IP address tuple) in the converted diameter message. Information). Thereafter, the obtained tuple information may be provided to the common module unit 230 by a provision request. In addition, the subscriber management unit 220 receives and manages service policy information about the connected user terminal 105 from the storage unit 225, and manages the information to the application routing interface 235 and / or the common module unit 230. Can provide.

When the request processing unit 240 receives the HTTP request transmitted from the user terminal 105 to request any service or content provision from the network service device 210, the request processing unit 240 receives the subscriber identification information included in the HTTP request (the common module unit ( It transmits to the subscriber information update unit 320 of 230. The HTTP request may include subscriber identification information (eg, 0173456790) in correspondence with a user agent (UA) header, and may further include IP address information.

The subscriber information updater 320 requests the subscriber manager 220 to provide subscriber identification information corresponding to the IP address information in order to determine whether the subscriber identification information received from the request processor 240 is valid. Subsequently, the subscriber information update unit 320 may not match subscriber identification information (eg, 0173456790) provided from the subscriber management unit 220 with subscriber identification information (eg, 0111234567) received from the request processing unit 240. In this case, the subscriber identification information received from the subscriber management unit 220 is corrected.

The revised subscriber identification information is transmitted to the request processing unit 240, and the request processing unit 240 transmits an HTTP request including the revised subscriber identification information to the corresponding content provider 140.

As described above, the subscriber information update unit 320 is a subscriber provided from the subscriber management unit 220 when the subscriber identification information received from the request processing unit 240 does not match the subscriber identification information provided from the subscriber management unit 220. Correct with identification information. In this case, the subscriber information updater 320 may correct the client ID generated to be mapped 1: 1 with the subscriber identification information instead of the corresponding subscriber identification information. In addition, when the HTTP request itself is received from the request processing unit 240, the subscriber information updating unit 320 corrects the correct subscriber identification information or regenerates the HTTP request in which the client ID is mapped to the subscriber identification information. Can also be sent.

5 is a data flow diagram illustrating a process of applying a service policy according to an exemplary embodiment of the present invention, and FIG. 6 is a diagram illustrating a process of applying a service policy for managing an adult site according to an exemplary embodiment of the present invention.

Referring to FIG. 5, in operation 510, the subscriber management unit 220 may use the storage unit 225 using subscriber identification information included in a Radius message (for example, a charging start message) received from the network service device 210. Retrieve service policy information stored in). As described above, the format of the message received from the network service device 210 may vary. As shown in FIG. 6, the service policy information in the present invention may include an access control list (ACL) and an access URL (Redirect URL, for example, http: //). static policy information including custom.nate.com/warning.htm) and dynamic policy information which is information set to correspond to each subscriber. 6 illustrates an example where the access control list includes one or more adult site access addresses (eg, adult.nate.com, love.nate.com, sex.nate.com). The storage unit 225 may include a schema manager for managing the service policy information.

In operation 515, the user terminal 105 may transmit an HTTP request (eg, http://adult.nate.com?xxx) to receive a service or content provided from an arbitrary content provider 140. And transmits to the application routing interface 235 through 210. As described above, subscriber identification information may be included in the HTTP request.

The application routing interface 235 receives service policy information, that is, static policy information and dynamic policy information, from the subscriber manager 220 (ie, session / policy manager 265) in step 520. At this time, subscriber identification information may be used. That is, if the service policy information is equally applied to all subscribers, the subscriber identification information will not be necessary, but if the service policy information is classified by subscribers, the subscriber identification information may be used.

In step 525, the application routing interface 235 determines whether the access request address included in the HTTP request received in step 515 is service authenticated by the service policy information.

When the service is authenticated, the application routing interface 235 performs the corresponding network service by causing the HTTP request to be transmitted to the corresponding content provider 140 through the request processing unit 240 in step 530. In this case, the header information of the HTTP request may be updated by the subscriber information update unit 320 and the device information update unit 330.

However, if the service is not authenticated, in step 535, the application routing interface 235 sends the user terminal 105 a preset error message (e.g., a connection instruction to a redirect URL to allow access inaccessible). To send).

Hereinafter, operation 525 to operation 535 of FIG. 5 will be described in detail with reference to FIG. 6.

As illustrated in FIG. 6, the application routing interface 235 receives an HTTP request that includes a connection request address "http://adult.nate.com?xxx" from any user terminal 105. The corresponding service policy information is provided from the subscriber manager 220 using the subscriber identification information included in the HTTP request.

Subsequently, the application routing interface 235 may correspond to any one of an access control list (eg, adult.nate.com, love.nate.com, sex.nate.com) whose connection request address is included in the static policy information. Determine whether or not.

If not one of the above, the application routing interface 235 will perform the network service by allowing the HTTP request to be delivered to the content provider 140 through the request processing unit 240.

However, in FIG. 6, since the access request address is included in the access control list, the application routing interface 235 determines whether a service should be provided to the user terminal 105 using the dynamic policy information. The dynamic policy information is set to enable service authentication for each subscriber identification information (eg, service is allowed in case of 011-xxx-xxxx and service is not allowed in case of 017-xxx-xxxx). Accordingly, subscriber identification information is used when determining whether to authenticate a service using dynamic policy information, and the subscriber identification information used may be subscriber identification information inserted in an HTTP request or information inserted in a Radius message corresponding to a charging start request. have. The application routing interface transmits the HTTP request to the content provider 140 when the subscriber identification information determines that the service is allowed by the dynamic policy information, so that the network service is provided. 105).

So far, the method of performing the service policy processing including the access control list (ACL) by the application routing interface 235 has been described with reference to FIGS. 5 and 6. However, service policy processing may also be performed in the subscriber processing unit 340 of the common module unit 230, which will be briefly described with reference to FIG.

7 is a data flow diagram illustrating a process of applying a service policy according to another exemplary embodiment of the present invention.

Referring to FIG. 7, first, at step 710, the subscriber manager 220 uses the subscriber identification information included in the redis message (eg, the charging start message) received from the network service device 210 to store the subscriber unit 225. Retrieve service policy information stored in). Since the configuration of the service policy information or the configuration of the storage unit 225 in the present invention is as described above, a description thereof will be omitted.

In operation 715, the user terminal 105 issues an HTTP request (eg, http://adult.nate.com?xxx) to receive a service or content provided from an arbitrary content provider 140. 210 and the request routing unit 240 through the application routing interface 235. As described above, subscriber identification information may be included in the HTTP request.

The request processor 240 transmits the service authentication request to the subscriber processor 340 of the common module 230 in step 720. The service authentication request may include the HTTP request itself or may include an access request address and subscriber identification information.

The subscriber processor 340 receives service policy information, that is, static policy information and dynamic policy information, from the subscriber manager 220 (ie, the session / policy manager 265) in step 725.

In step 730, the subscriber processing unit 340 uses the subscriber identification information (or subscriber identification information corrected by the subscriber information update unit 320) included in the HTTP request and the network service for the HTTP request using the service policy information. It is determined whether the performance is allowed, and the service authentication response including the determination result is transmitted to the request processor 240. Determination of whether or not to perform the network service has been described in detail above with reference to FIGS. 5 and 6, and thus description thereof will be omitted.

In step 735, the request processing unit 240 determines whether the service authentication response received from the subscriber processing unit 340 means service authentication success.

If the service authentication is successful, the process proceeds to step 740 to transmit the corresponding HTTP request to the content provider 140 to perform the corresponding network service. In this case, the header information of the HTTP request may be updated by the subscriber information update unit 320 and the device information update unit 330.

However, if the service authentication is not allowed, the flow proceeds to step 745 to transmit a preset error message (for example, a connection instruction to the access URL (Redirect URL) to be accessed without access) to the user terminal 105. do.

8 is a data flow diagram illustrating a network service execution process according to an embodiment of the present invention.

Referring to FIG. 8, the network service apparatus 210 receives a call connection request from the user terminal 105 in step 810, and proceeds to step 815 to display a usage data collecting device 215 for a Radius message corresponding to the charging start request. Transmit to the subscriber management unit 220 through.

The subscriber manager 220 extracts charging basic information from the received Radius message (step 820). Here, the charging basic information may include IP address information allocated to the user terminal 105, subscriber identification information (eg, MIN, NAI), content identifier (CRID), and the like. The subscriber manager 220 may precede the process of converting the Radius message to the diameter message to extract the charging basic information.

In operation 825, the subscriber manager 220 retrieves service policy information, a binding list, subscriber identification information, and mapping information of the client ID from the storage unit 225 using the extracted billing basic information. The storage unit 225 may include the service policy information, the binding list, the mapping information of the subscriber identification information and the client ID, as well as the characteristic information of the content providers 140 (eg, reliability, contract relationship), the user. Device profile information and the like corresponding to the terminal 105 may be further stored. The amount or quality of subscriber information inserted into the HTTP request transmitted to the corresponding content provider 140 may vary according to the characteristic information of the content provider 140. For example, if a specific content provider is designated as a trusted content provider, the subscriber information update unit 320 of the common module unit 230 may insert the subscriber identification information itself into the header of the HTTP request, but the reliability Is a low content provider, the subscriber information updater 320 may insert only the client ID into the header of the HTTP request. In providing subscriber information to content providers, it is for more secure personal information protection. In addition, the storage unit 225 has subscriber information (eg, client ID, Network Access ID, Subscriber ID, MIN, IP address, bearer type, etc.) provided corresponding to the characteristic information of the content provider 140. ) Type or type may be further stored, and using the subscriber information, the subscriber information update unit 320 updates the header information of the HTTP request. The characteristic information of the content provider 140 and the provided subscriber information may be collectively set by the operator of the subscriber manager 220.

The network service device 210 receives a raw HTTP request from a user (step 830), and transmits the received raw HTTP request to the request processing unit 240 (step 835). In order to send the raw HTTP request to the request processing unit 240, the network service device 210 transmits the raw HTTP request to the application routing interface 235, the application routing interface 235 is the platform of the user terminal 105 Alternatively, the raw HTTP request is transmitted to the request processing unit 240 corresponding to the system of the user terminal 105.

The request processor 240 transmits the raw HTTP request to the common module 230 in step 840. As described above, the request processing unit 240 may transmit only the header information including the subscriber identification information and the IP address information included in the raw HTTP request instead of the original HTTP request.

In step 845, the common module unit 230 uses the IP address information to identify the subscriber identification information (ie, information obtained through the Radius message) held by the subscriber management unit 220 and other information (ie, through step 825). Searched information). In addition, the subscriber information update unit 320 of the common module unit 230 may provide the characteristic information of the content provider 140 corresponding to the HTTP request from the storage unit 225 or the subscriber manager 220 and the type of subscriber information to be provided. Recognizes the header and updates the header information so that the information can be inserted into the HTTP request. In addition, as described above, when the subscriber identification information recognized from the Radius message and the subscriber identification information recognized from the raw HTTP request are different from each other, the subscriber information update unit 320 is corrected to the subscriber identification information recognized from the Radius message. )do. The device information updating unit 330 of the common module unit 230 may refer to a Uniform Resource Identifier (URI) to provide the requested service or device information for the content provider 140 to HTTP. Create and insert corresponding to the devcap header of the request. The content provider 140 may provide the requested service or content using only the device information stored to correspond to the devcap header even without searching for additional device information. As described above, the common module unit 230 generates an update HTTP request by allowing subscriber information and device information corresponding to the characteristic information of the content provider 140 to be included in the header information of the original HTTP request in step 845. Of course, as described above, when the common module 230 generates subscriber information and device information and transmits it to the request processor 240, the request processor may generate an update HTTP request.

The common module 230 transmits the update HTTP request generated in operation 850 to the request processor 240.

Subsequently, the request processing unit 240 performs the requested network service from the user terminal 105 by using the received update HTTP request. As described above, the update HTTP request transmitted by the request processing unit 240 to the content provider 140 may be used as predetermined subscriber information (eg, a user identification key) according to the characteristic information of the content provider 140. Additional user terminal information is provided when the device information is insufficient due to the client ID, subscriber identification information such as unencrypted MIN, etc., device information (for example, devcap header information, which is basic information for performing a service, and devcap header information). Network-info information, such as address information for receiving), and the like.

As described above, the wireless Internet service system according to the present invention is configured to transmit subscriber information and device information corresponding to the characteristic information of the content provider 140, regardless of the system or platform corresponding to the user terminal 105. The data may be transmitted to the content provider 140 in a consistent format.

As a result, in the conventional information delivery method, the MIN information is included in the HTTP request without an encryption process, thereby causing a problem of personal information leakage, and data of different formats is generated for each communication generation (eg, 2G, 2.5G, 3G, etc.). The delivery of the content provider 140 may solve the problem of complicated interface structure. In addition, it is also possible to solve the problem that the interface structure becomes more complicated as the network types are diversified, whether the user terminal profile is applied, and the types of additional services are different.

As described above, the Internet service method and system using proxy gateways sharing a common module according to the present invention can be charged for the actual user even when the subscriber identification information at the call connection request and the HTTP request is inconsistent. There is an effect that can prevent leakage and billing phenomenon.

In addition, the present invention also has the effect that it is possible to fundamentally suppress the unfair charging case that can be caused by the malicious change of the subscriber identification information in the header information in the HTTP request.

In addition, the present invention, despite the variety of platforms installed in each system or wireless communication terminal to share the common components (component) that each proxy gateway has the effect of simplifying the system configuration and lowering the management / maintenance costs There is also.

In addition, the present invention also facilitates the development and addition of proxy gateways for new services or systems by allowing overlapping components to be shared as common modules.

In addition, the present invention has the effect of unifying the format of the information provided by each proxy gateway to the content provider and easily controlling the variety of information provided according to the characteristics of the content provider.

In addition, the present invention has the effect that can be integrated management of the access control list (ACL) for each of the users of the wireless communication terminal.

Although the above has been described with reference to a preferred embodiment of the present invention, those skilled in the art to which the present invention pertains without departing from the spirit and scope of the present invention as set forth in the claims below It will be appreciated that modifications and variations can be made.

Claims (22)

A method of correcting subscriber identification information for providing an Internet service in a communication service system, Receiving, by the subscriber management unit, a charging start request including IP address information and first subscriber identification information from the network service device; Receiving, by the request processing unit, a raw HTTP request including IP address information, second subscriber identification information, and access request address information from the network service device; Determining, by the common module unit, whether the first subscriber identification information and the second subscriber identification information match; If there is a mismatch, generating, by the common module unit, an update HTTP request including first subscriber identification information and the access request address information; And And the request processing unit performing a process for providing the Internet service by using the update HTTP request. The method of claim 1, The first subscriber identification information is at least one of a mobile identification number (MIN), a network access identifier (NAI), an electrical serial number (ESN), and a mobile directory number (MDN), The second subscriber identification information is at least one of a client ID, a mobile identification number (MIN), a network access identifier (NAI), an electrical serial number (ESN), and a mobile directory number (MDN), And the client ID is information generated to be mapped to the first subscriber identification information. The method of claim 1, When the charging start request further includes a content reference identifier (CRID), the common module unit retrieves device information of a user terminal corresponding to the content identifier from a storage unit and inserts it into the update HTTP request. A subscriber's identification information correction method by the book The method of claim 3, And the device information is inserted to correspond to the device information related header of the update HTTP request. The method of claim 1, And the charging start request is received via a usage data collection device or an authentication authorization and accounting (AAA) server. The method of claim 1, The network service device includes at least any one of an IWF, a packet data serving node (PDSN), a packet gateway switching device (GGSN), an AAA server, an access point (AP), and an access control router (ACR). Subscriber identification information correction method by one common module unit. A method of processing an access control list (ACL) for an internet service in a communication service system, A storage unit stores one or more service policy information in advance, wherein the service policy information includes static policy information corresponding to an access control list and dynamic policy information for service authentication for each subscriber. Comprising; Receiving, by the request processing unit, an HTTP request including first subscriber identification information and access request address information from the network service device; Determining whether the access request address information is included in the access control list by a common module unit; If included, determining whether the dynamic policy information includes service authentication permission information corresponding to the subscriber identification information and outputting a determination result; And And if the determination result indicates a service authentication permission, performing the processing for providing the Internet service using the access request address information by the request processing unit. The method of claim 7, wherein If the determination result indicates that the service authentication is not allowed, the request processing unit transmits a preset error message or a connection instruction to a preset access address to the user terminal that transmitted the HTTP request. . The method of claim 7, wherein Determining, by the common module unit, whether the second subscriber identification information included in the charging start request and the first subscriber identification information match; And If there is a mismatch, generating the updated HTTP request including the second subscriber identification information and the access request address information by the common module unit and transmitting the request to the request processing unit. The method of claim 8, If the charging start request further includes a Content Reference Identifier (CRID), the common module unit retrieves device information of a user terminal corresponding to the content identifier from the storage unit and inserts it into the update HTTP request. Access control list processing method by the module unit. The method of claim 8, And the device information is inserted to correspond to the device information related header of the update HTTP request. In the method of processing an access control list (ACL) for Internet services in a communication service system, A storage unit stores one or more service policy information in advance, wherein the service policy information includes static policy information corresponding to an access control list and dynamic policy information for service authentication for each subscriber. Comprising; Receiving, by the application routing interface, an HTTP request including subscriber identification information and access request address information from the network service device; Determining, by the application routing interface, whether the access request address information is included in the access control list; If included, determining, by the application routing interface, whether the dynamic policy information includes service authentication permission information corresponding to the subscriber identification information; And When the service authentication permission information is included, including the step of transmitting the HTTP request to any request processing unit that is set in advance corresponding to the user terminal And the request processing unit performs a process for providing the Internet service using the access request address information. A communication service system for correcting subscriber identification information for providing an Internet service, A subscriber management unit receiving a charging start request including IP address information and first subscriber identification information from the network service device; A request processing unit which receives a raw HTTP request including IP address information, second subscriber identification information, and access request address information from the network service device, and performs a process for providing the Internet service using an update HTTP request; ; And Determining whether the first subscriber identification information and the second subscriber identification information match by a request of the request processing unit, and generating an update HTTP request including the first subscriber identification information and the access request address information if there is a mismatch; Communication service system including a common module unit. The method of claim 13, The first subscriber identification information is at least one of a mobile identification number (MIN), a network access identifier (NAI), an electrical serial number (ESN), and a mobile directory number (MDN), The second subscriber identification information is at least one of a client ID, a mobile identification number (MIN), a network access identifier (NAI), an electrical serial number (ESN), and a mobile directory number (MDN), The client ID is information generated to be mapped to the first subscriber identification information. The method of claim 13, When the charging start request further includes a content reference identifier (CRID), the common module unit retrieves device information of a user terminal corresponding to the content identifier from a storage unit and inserts it into the update HTTP request. system. The method of claim 15, And the device information is inserted to correspond to a device information related header of the update HTTP request. The method of claim 13, The network service device may be at least one of a network interworking device (IWF), a packet data serving node (PDSN), a packet gateway switching device (GGSN), an AAA server, an access point (AP), and an access control router (ACR). system. A communication service system that processes an access control list (ACL) for an Internet service, Storage for storing one or more service policy information, where the service policy information includes static policy information corresponding to an access control list and dynamic policy information for subscriber-specific service authentication. box-; A request processing unit for receiving an HTTP request including first subscriber identification information and access request address information from the network service device; The common module determines whether the access request address information is included in the access control list, and if so, determines whether the dynamic policy information includes service authentication permission information corresponding to the subscriber identification information and outputs a determination result. Including wealth, And when the determination result indicates a service authentication permission, the request processing unit performs a process for providing the Internet service using the access request address information. The method of claim 18, The common module unit determines whether the second subscriber identification information included in the charging start request and the first subscriber identification information match, and if there is a mismatch, the common module unit includes second subscriber identification information and the access request address information. A communication service system for generating an update HTTP request to the request processing unit. The method of claim 18, When the charging start request further includes a content reference identifier (CRID), the common module unit retrieves the device information of the user terminal corresponding to the content identifier from the storage unit and inserts it into the update HTTP request. Service system. The method of claim 20, And the device information is inserted to correspond to a device information related header of the update HTTP request. A communication service system that processes an access control list (ACL) for an Internet service, Storage for storing one or more service policy information, where the service policy information includes static policy information corresponding to an access control list and dynamic policy information for subscriber-specific service authentication. box-; Receive an HTTP request including subscriber identification information and access request address information from a network service device, determine whether the access request address information is included in the access control list, and if so, the dynamic policy information An application routing interface that determines whether to include service authentication permission information corresponding to the subscriber identification information and, when the service authentication permission information is included, transmits the HTTP request to an arbitrary request processor configured to correspond to the user terminal; And And a request processing unit which receives the HTTP request from the application routing interface and performs a process for providing the Internet service using the access request address information.

Images