KR20190050242A - Operating method of dongle, the dongle and operating method of network apparatus - Google Patents

Abstract

Provided are a dongle operating method, a dongle, and a network device operating method. The dongle operating method, capable of operating a dongle operated by at least one processor and connected to a host terminal to relay the communication of the host terminal, includes: a step of triggering an exclusive mode; a step of conducting authentication for determining access privileges to an exclusive network by accessing a core device of a first network connected with the exclusive network, and then, conducting an exclusive network access process through the first network; a step of conducting an access process to a second network which is different from the first network; a step of generating a multinetwork integration session by accessing a network device connected to the first and second networks and the exclusive network to integrate and deliver traffic received through the first and second networks to the exclusive network and to divide and transmit traffic received from the exclusive network to the first and second networks; and a step of transmitting traffic received from the host terminal to the network device through the multinetwork integration session, and transmitting traffic received from the network device to the host terminal through the multinetwork integration session.

Description

OPERATING METHOD OF DONGLE AND OPERATING METHOD OF NETWORK APPARATUS BACKGROUND OF THE INVENTION 1. Field of the Invention < RTI ID = 0.0 >

The present invention relates to a method of operating a dongle, a dongle and a method of operating a network device.

Smart phones, tablets, PCs, and other wireless devices are increasing, traffic fees are cheaper, and high-capacity traffic services are increasing at the same time. As the network load ratio of telecom operators increases sharply, they are threatened in terms of network investment expenditure and service stability. Accordingly, in a heterogeneous network environment including a LTE (Long Term Evolution) network and a WiFi (Wireless Fidelity) network, the UEs are actively selected according to the state of the network, and efficient traffic transmission using the selected network A new service plan is required.

As a proposed technique according to this demand, there is a proposed aggregation transmission technique in a heterogeneous or multi-network accessable terminal environment. The merged transmission technique is a technique for transmitting traffic using a plurality of communication networks at the same time, and can transmit and receive a large amount of traffic using a plurality of available network resources. It can be called MultiNet Aggregation in the sense of merging a plurality of networks.

On the other hand, there is an increasing demand for establishing a dedicated network in units of enterprise, specific area, and local government to provide specialized services for users in the enterprise, users in the specific area, and users in the municipality. In addition, as the broadband mobile communication market becomes more active and smartphones become more widespread, attempts to introduce broadband mobile communication and smart phones into private network services are actively being made. In order to efficiently transmit traffic in such a dedicated network service, a method is required.

Generally, a personal computer (PC) does not have a mobile communication module and a universal subscriber identity module (USIM), so that it is impossible to directly connect to a mobile communication network. Further, although the subscriber terminal of another communication company has a mobile communication module, since there is no USIM of the mobile communication network to which the subscriber terminal of another communication subscriber wants to connect, connection authentication of the mobile communication network to be connected can not be performed. In this case, it is possible to connect to the mobile communication network through a connection (or relay) terminal such as a dongle. Considering that the private network service is mainly used in a business environment, it is expected that a need for a terminal such as a notebook computer to access a private network is large.

SUMMARY OF THE INVENTION It is an object of the present invention to provide a method of operating a dongle for controlling various types of host terminals to be connected to a private network and controlling a dedicated network connection so that efficient traffic transmission can be performed using a multi- To provide a method of operation.

According to one aspect of the present invention, a method of operating a dongle is a method of operating a dongle that is operated by at least one processor and is connected to a host terminal to relay communications of the host terminal, Connecting to a core network of a first network connected to the first network, performing an authentication for determining a right to access a dedicated network, and then performing a dedicated network connection procedure through the first network, Wherein the first network and the second network are connected to the first network, the second network, and the private network, and combines the traffic received through the first network and the second network, Accessing a network device that divides and transmits traffic to the first network and the second network, respectively, to generate a multi-network merging session, And transmitting the traffic received from the network terminal to the host terminal through the multi-network merging session.

The triggering may be triggered by a user input signal generation or dongle control policy requesting the dedicated mode.

Wherein the step of generating the multi-network merging session comprises the steps of: transmitting a multi-network merging service activation request including the subscriber information and the dongle ID stored in the dongle to the network device; Receiving a multi-network merging service activation response from the network device when authentication to determine whether the network merging service is successful, transmitting a multi-network merging authentication request including the dongle ID and dongle hardware information to the network device Receiving a multi-network merging connection response from the network device when authentication is successful to determine a multi-network merging connection right of the dongle based on the dongle ID and the dongle hardware information, Step < / RTI >

The method comprising: receiving a TC (Traffic) flag indicating a traffic control mode from the network device and executing a traffic control mode according to the instruction information recorded in the TC flag; Wherein the traffic control mode may comprise traffic traffic rate adjustment.

The TC flag may be included in the multi-network merge connection response.

The step of driving the traffic control mode may include: turning off the traffic control mode if the TC flag is a first value, measuring a traffic state and a network state when the TC flag is a second value, And adjusting the traffic transmission rate according to the network quality. When the TC flag is the third value, the location information, the measured traffic state information, and the network status information are transmitted to the integrated network device, And setting a traffic transmission rate received from the network device.

Wherein the first network includes a mobile communication network and the second network includes a short-range wireless network, wherein the traffic transmission rate is a transmission rate of mobile communication network traffic, and the mobile communication network traffic, If the short range wireless network quality satisfies the predefined condition, it can be reduced or increased based on the short range wireless network quality determined based on the network state and the short-range wireless network condition.

Further comprising the step of exchanging an authentication key using an IP security protocol (IPsec protocol) with the network device after the step of generating the multi-network merging session, wherein the authentication key is transmitted through the second network And can be used in the network device and the created virtual private network (VPN) tunnel.

The method comprising the steps of: when a connection attempt is made from the host terminal, requesting the dongle authentication server to authenticate a user of the host terminal to determine a dedicated network access right based on the user information and the dongle information, Receiving the authentication result, and, when the user authentication result is successful, connecting to the host terminal.

According to another aspect of the present invention, a dongle includes a first communication interface connected to a first network, a second communication interface connected to a second network other than the first network, at least one third communication interface A memory for storing subscriber information, a memory for storing a dongle control program, and at least one processor for executing the dongle control program, wherein, when the dedicated mode is triggered, Wherein the first network and the second network are connected to each other through a first network and a second network, and are connected to the first network, the second network, and the dedicated network, Merges received traffic to the dedicated network, and divides the traffic received from the dedicated network into the first network and the second network Wherein the first communication interface and the second communication interface create a multi-network merging session by connecting to the transmitting network device through the first communication interface and the second communication interface, And outputting the traffic received from the dedicated network via the first communication interface and the second communication interface through the third communication interface.

The dongle may further include an input device for triggering the dedicated mode.

Wherein the dongle control program receives a TC (Traffic) flag indicating a traffic control mode from the network device, turns off the traffic control mode if the TC flag is a first value, And if the TC flag is a third value, the traffic state and the network state are measured to determine the network quality, and the traffic rate is adjusted according to the network quality. If the TC flag is the third value, And transmitting the location information to the integrated network device and setting a traffic transmission rate received from the integrated network device.

Wherein the dongle control program requests the network device to activate a multiplexing service for multiplexing based on the subscriber information and the dongle ID to determine whether the multiplexing service can be merged based on the subscriber information and the dongle ID, Requesting authentication for determining a multi-network merging access right of the dongle based on hardware information, and receiving the multi-network merging access response from the integrated network device, the multi-network merging session can be created.

Wherein the second network includes a short-range wireless network, wherein the dongle control program exchanges an authentication key using an IP security protocol (IPsec) with the network device, And generating virtual private network (VPN) tunneling with the network device and performing encryption / decryption of the short-range wireless network traffic transmitted / received through the virtual private network (VPN) tunnel using the authentication key.

The dongle may further include an internet security protocol (IPsec) acceleration module that hardware-accelerates the short-range wireless network traffic that is encrypted using the authentication key.

Wherein the dongle control program transmits account information and dongle information acquired through authentication protocol communication with the host terminal to the dongle authentication server when attempting connection from the host terminal through the at least one third communication interface, Requesting user authentication to determine a dedicated network access right of the terminal and granting access to the host terminal when a user authentication success response is received from the dongle authentication server.

Wherein the dongle further comprises a fingerprint sensor for receiving a user fingerprint, and when the dongle control program attempts connection from the host terminal through the at least one third communication interface, the fingerprint information input through the fingerprint sensor And transmits the delegation information to the dongle authentication server to request the user authentication to determine the access authorization to the access terminal of the host terminal and to permit the connection of the host terminal when the user authentication success response is received from the dongle authentication server .

According to another aspect of the present invention, an operating method of a network device is operated by at least one processor and is connected to a first network, a second network different from the first network, and a private network, 2 is a flowchart illustrating a method of operating a network device according to an exemplary embodiment of the present invention; Receiving a multi-network merging access request from a dongle connected to the second network, performing authentication for determining a multi-network merging access right of the dongle, and transmitting the authentication result to the dongle, The method comprising: generating a multi-network merging session with the dongle; and extracting traffic received through the multi-network merging session from the dongle through a dedicated network And transmitting traffic received from the dedicated network to the dongle through the multi-network merging session, wherein the traffic is transmitted and received to a host terminal connected to the dongle, And is received from the dongle which has succeeded in authenticating the access authorization to the dedicated network.

Further comprising the step of receiving a host terminal authentication result from the dongle authentication server prior to the step of transmitting to the dongle, wherein before the step of transmitting to the dongle, whether or not the host terminal authentication result is received or the host terminal authentication result is And determining whether to transmit / receive traffic between the dedicated network and the dongle according to whether the mobile terminal is a mobile terminal or a mobile terminal.

Wherein the multi-network merging session includes a first sub-flow coupled with the dongle through the first network, and a second sub-flow coupled with the dongle through the second network and being added to the first sub-flow Exchanging an authentication key using an IP security protocol (IPsec) with the dongle prior to the step of transmitting the authentication key to the dongle, and transmitting the traffic transmitted and received through the second sub- And encrypting and decrypting the encrypted data.

According to the embodiment of the present invention, it is possible to provide a customer using a host terminal such as a notebook computer with a convenient, stable and security-enhanced dedicated network access environment through multilevel authentication of a dongle, multiplexing of multiple networks, and intelligent traffic control.

In addition, by expanding leased-network service subscribers and offloading LTE traffic with WiFi, LTE base stations can provide carriers with the investment cost savings for LTE base station expansion.

1 is a configuration diagram of a communication system according to an embodiment of the present invention.
2 is a configuration diagram of a communication system according to another embodiment of the present invention.
3 is a hardware block diagram of a dongle according to an embodiment of the present invention.
4 is a detailed configuration diagram of a dongle according to another embodiment of the present invention.
5 is a flowchart of a communication method according to an embodiment of the present invention.
FIG. 6 is a flowchart showing details of step S103 of FIG.
7 is a flowchart showing in detail the step S105 of FIG.
8 is a flowchart illustrating details of steps S107 and S109 of FIG.
FIG. 9 is a flowchart showing in detail the step S111 of FIG.
10 is a flowchart showing in detail the step S113 of FIG.
11 is a detailed flowchart illustrating steps S115 and S117 of FIG. 5 according to an embodiment of the present invention.
12 is a detailed flowchart illustrating steps S115 and S117 of FIG. 5 according to another embodiment of the present invention.
13 is a flowchart illustrating an operation of a network device according to an embodiment of the present invention.
FIG. 14 is a flowchart illustrating a traffic control operation of a dongle according to an embodiment of the present invention.
15 is a flowchart illustrating a traffic control operation of a dongle according to another embodiment of the present invention.
16 is a hardware block diagram of a server apparatus according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when an element is referred to as " comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise. Also, the terms " part, " " ... ", " module ", and the like described in the specification mean a unit for processing at least one function or operation and may be implemented by hardware or software or a combination of hardware and software .

As used herein, " transmission or provision " may include direct transmission or provision, as well as indirect transmission or provision through other devices or by way of bypass.

In this specification, a terminal is a generic concept of a user terminal in communication, and includes a user equipment (UE), a mobile station (MS), a mobile terminal (MT), a subscriber station (SS), a portable subscriber station (PSS) A mobile station, an AT, an access terminal, a mobile station, a mobile terminal, a subscriber station, a mobile subscriber station, a user equipment, an access terminal, , A subscriber station, a mobile subscriber station, a user equipment, an access terminal, a radio equipment, and the like.

A terminal includes a base station (BS), an access point (AP), a radio access station (RAS), a node B, an evolved NodeB (eNodeB) A Base Transceiver Station (BTS), a Mobile Multihop Relay (MMR) -BS, and the like.

A base station or a cell refers to a fixed point for communication with a terminal and includes a base station (BS), a Node B, an evolved Node B (BN), an access point (AP) A Node B, an Advanced Node B, an Access Point, a Radio Access Station (RAS), a Radio Access Station (RAS), a Base Transceiver Station (BTS), a Mobile Multihop Relay Transmission / reception base stations, MMR-BS, and the like.

The terminal of the present specification may be a mobile terminal such as a smart phone, a tablet terminal such as a smart pad and a tablet PC, a communication terminal such as a computer and a television, and may have a plurality of communication interfaces.

The communication interface may vary. For example, the communication interface may include a short-range wireless network interface such as a WiFi / wireless local area network (WLAN) / bluetooth, a long term evolution (3G / LTE) Evolution-Advanced), and the terminal manufacturer can add various communication interfaces. In this specification, the WiFi interface and the LTE interface are described as an example, but the communication interface is not limited thereto.

Embodiments of the present invention may be supported by standard documents related to at least one of a 3rd Generation Partnership Project (3GPP), 3GPP Long Term Evolution (LTE) and LTE-A, 3GPP2, and Institute of Electrical and Electronics Engineers . That is, the steps or portions of the embodiments of the present invention that are not described in order to clearly illustrate the technical idea of the present invention can be supported by the documents. In addition, all terms disclosed in this document may be described by the standard document.

Also, for clarity, the 3GPP LTE system is mainly described, but the technical idea of the present invention is not limited thereto and can be used in various wireless communication systems.

The high-level architecture of LTE includes three main components, which can be described as including UE, Evolved UMTS Terrestrial Radio Access Network (E-UTRAN) and Evolved Packet Core (EPC). Here, EPS (Evolved Packet System) refers to E-UTRAN and EPC.

The EPC includes a Mobility Management Entity (MME), a Serving Gateway (S-GW), and a Packet Data Network Gateway (P-GW), and the concepts of communication technology and network device configurations used in the LTE communication system ≪ / RTI >

Private LTE (Long Term Evolution) technology can be used in the embodiment of the present invention. Private LTE technology separates PDN (Packet Data Network) through EPC of LTE communication system.

Here, the PDN includes a public network and a private network. The Dedicated Network provides a mobile communication service with limited access to a specific subscriber, and may be referred to as a dedicated network, a private network, an intranet, or a dedicated LTE network. This dedicated network is distinguished from a public network that provides an unspecified number of mobile communication services. The public network can be called a public network, the Internet, or a general LTE network.

The public PGW and the dedicated PGW may be implemented as separate devices, but may be implemented to branch to the public network and the private network through one PGW according to an embodiment. The method of separating the public network and the private network is not particularly limited.

At this time, it is defined that a service provider provides Private LTE (Long Term Evolution) service to a corporate subscriber as a corporate private network service. Company subscribers refer to subscribers who subscribe or subscribe to such corporate network services.

In this specification, multi-network aggregation is a technology for transmitting traffic using a plurality of wireless networks at the same time, and processes traffic transmitted through each path into one session. Through the multi-network merging technique, a terminal can be connected to a plurality of wireless networks at a time, and one service / application merges a plurality of networks as a single network regardless of the type of network or number of networks. Therefore, the multi - network merging technique can transmit and receive a large amount of traffic using a plurality of available network resources.

FIG. 1 is a configuration diagram of a communication system according to an embodiment of the present invention, and FIG. 2 is a configuration diagram of a communication system according to another embodiment of the present invention.

Referring to FIG. 1, the dongle 100 is connected to the host terminal 200 by wire or wirelessly. The dongle 100 has a plurality of communication interfaces and is connected to a plurality of networks, for example, a Wi-Fi network and an LTE network at one time via multiple communication interfaces.

The dongle 100 accesses the dedicated network 600 through the base station 300, the EPC 400, and the integrated network device 500. The dongle 100 accesses the dedicated network 600 through the WiFi AP (Access Point) 700 and the integrated network device 500. As such, the dongle 100 connects the host terminal 200 to the private network 600.

When the dedicated mode is triggered, the dongle 100 generates a multi-network merging session with the integrated network device 500, and transmits the traffic transmitted / received through the multi-network merging session to the host terminal 200 do. Here, the multi-network merging session is connected to the dedicated network 600 through the base station 300, the EPC 400, and the WiFi AP 700.

The dongle 100 transmits the traffic received from the host terminal 200 to the dedicated network 600 through a multi-network merging session. The dongle 100 transmits the traffic received from the dedicated network 600 to the host terminal 200 through the multi-network merging session.

Here, the dedicated mode is defined to use a multiplexing service when a dedicated network 600 using the dongle 100 is connected. The term " Biz Mode " may be used for the dedicated mode, but various embodiments are possible, and therefore, the specific mode is not limited thereto.

According to one embodiment, the dedicated mode may be triggered by user input signal generation requesting a dedicated mode.

According to another embodiment, the dedicated mode may be triggered by a dongle control policy. Here, the dongle control policy may be an execution of an application included in the whitelist, or may be variously configured.

In addition, the multi-network merging session includes a first sub-flow connected between the dongle 100 and the integrated network device 500 through a mobile communication network, that is, an LTE network, and a first sub- 500, and includes a second sub-flow added to the first sub-flow.

The dongle 100 can perform USB (Universal Serial Bus) communication with the host terminal 200. The dongle 100 may be connected to the host terminal 200 through a short-range wireless communication interface such as WiFi, Bluetooth, or ZIGBEE. The dongle 100 may be connected to the host terminal 200 through a wired cable such as a LAN (Local Area Network) cable.

The host terminal 200 is a terminal at the user's point of contact, but does not have an LTE communication module or does not have a Universal Subscriber Identity Module (USIM). The host terminal 200 includes, for example, a PC, a notebook, a smart pad, and the like. The host terminal 200 includes a communication terminal (e.g., a smart phone) on which a subscriber module (USIM) is mounted but can not receive LTE authentication because the communication provider is wrong. Since the host terminal 200 does not have a subscriber module or is a terminal of another communication company, the host terminal 200 can not directly connect to the LTE network of the provider. Therefore, the host terminal 200 is connected to the dongle 100, (400) and the integrated network device (500).

The base station 300 is connected to the MME 401 and the S-GW 403 and the S-GW 403 is connected to the P-GW 405. The P-GW 405 directly connects to the private network 600 or connects to the private network 600 through the integrated network device 500. At this time, the P-GW 405 may be a dedicated P-GW connected only to the dedicated network 600, but is not limited thereto.

The integrated network device 500 is located at the contact point of the multi-network, for example, at the contact point of the LTE network and the WiFi network.

The integrated network device 500 is implemented as a server computer and performs functions of merging LTE and WiFi traffic, VPN (Virtual Private Network) gateway (GW, GateWay), multi-level authentication, and TC (Traffic Control).

The integrated network device 500 may perform a multi-network aggregation-gateway (MA-GW) function. The integrated network device 500 divides the data to transfer the traffic received in the private network 600 to the multiple communication interfaces of the dongle 100. The integrated network device 500 may transmit some data to the dongle 100 through the LTE network and transmit the remaining data to the dongle 100 through the WiFi network. The integrated network device 500 authenticates the dongle 100 by determining whether the dongle 100 is in a multi-network mergeable service state.

The integrated network device 500 includes a first sub-flow that is coupled to the dongle 100 via an LTE network and a second sub-flow that is coupled to the dongle 100 via the WiFi network and is added to the first sub- Create a multi-network merge session.

The integrated network device 500 performs a VPN gateway function, and is connected to the dongle 100 through a VPN tunnel to transmit and receive encrypted traffic.

The integrated network device 500 exchanges the authentication key using the IPsec with the dongle 100 and encrypts and decrypts the traffic transmitted and received through the second subflow of the multi-network merging session using the authentication key.

The integrated network device 500 performs multi-level authentication, i.e., multi-network connection authentication, IPSec authentication, and host authentication.

The integrated network device 500 determines the TC policy and sends the TC policy to the dongle 100 via the TC flag negotiated with the dongle 100 in advance.

The operation of this integrated network device 500 will be described below with reference to FIGS. 5 to 15. FIG.

The WiFi AP 700 connects to the integrated network device 500 and the AAA server 800. At this time, the WiFi AP 700 directly creates VPN tunneling with the integrated network device 500. 2, if a third party VPN gateway 1000 is already installed in an area where the WiFi AP 700 is installed, the WiFi AP 700 can access the integrated network device 500 through the third party VPN gateway 1000, . At this time, the integrated network device 500 is provided with an interface capable of interworking with the third party VPN gateway 1000.

The AAA server 800 performs WiFi access authorization.

The dongle authentication server 900 stores the authenticated dongle information and performs authentication of the access right of the user in conjunction with the dongle 100.

FIG. 3 is a block diagram illustrating a hardware configuration of a dongle according to an embodiment of the present invention, and FIG. 4 is a block diagram illustrating a detailed configuration of a dongle according to another embodiment of the present invention.

3, the dongle 100 includes a memory 101, at least one processor 103, a mobile communication interface 105, a first WiFi interface 107, a second WiFi interface 109, A port 111, an Ethernet interface 113, an internal interface 115, a UICC (Universal IC Card) 117, a fingerprint sensor 119, an IPSec (Internet Protocol Security) acceleration module 121, An I / O interface 123, an input device 125, a display device 127 and a peripheral interface 129. These components communicate through one or more communication buses or signal lines. The various components shown in FIG. 3 may be implemented in hardware, software, or a combination of both hardware and software, including one or more signal processing and / or application specific integrated circuits.

The memory 101 may include a high-speed random access memory, and may also include one or more magnetic disk storage devices, non-volatile memory such as a flash memory device, or other non-volatile semiconductor memory device.

The memory 101 is accessed by the processor 103 and the reading / recording / modification / deletion / update of data by the processor 103 and the like can be performed. The memory 101 may include a ROM (not shown), a RAM (not shown), a memory card (not shown) (e.g., micro SD card, memory stick) .

The memory 101 stores various programs and data necessary for the operation of the dongle 100. The memory 101 stores programs and data for configuring various screens to be displayed in a display area of the display device 127. [

Referring to FIG. 4, the memory 101 includes software components of the dongle 100. The software component includes programs for executing the configuration and / or the method according to the embodiments of the present invention. The software component includes a mobile communication network connection control unit 131, a WiFi connection control unit 133, A multiplexing network connection control unit 135, an IPsec client module 137, a host authentication unit 139, a traffic control unit 141, a whitelist management unit 143 and a user interface control unit 145.

The memory 101 includes a mobile communication network connection control unit 131, a WiFi connection control unit 133, a multi-network merging connection control unit 135, an IPsec client module 137, a host authentication unit 139, The traffic control unit 141, the whitelist management unit 143, and the user interface control unit 145 may be performed.

The mobile communication network access control unit 131 controls the operation of the mobile communication interface 105. [ When the power of the dongle 100 is turned on, the mobile communication network access control unit 131 accesses the base station 300 and the EPC 400 based on the subscriber information stored in the UICC 117, performs LTE authentication, Complete.

When the dedicated mode is triggered, the mobile communication network access control unit 131 accesses the base station 300 and the EPC 400 based on the subscriber information stored in the UICC 117, performs the dedicated network connection authentication, (600).

The WiFi connection control unit 133 controls the operations of the first WiFi interface 107 and the second WiFi interface 109. When the dedicated mode is triggered, the WiFi connection control unit 133 accesses the WiFi AP 700 and the AAA server 800 based on the subscriber information stored in the UICC 117, performs WiFi connection authentication, and completes the WiFi connection do.

When the dedicated mode is triggered, the multi-network merging connection controller 135 performs multi-network access authorization authentication in cooperation with the integrated network device 500, and performs multi-network merging, which is connected to the dedicated network 600 through the LTE network and the Wi- Create a session.

The multiple network merging connection control unit 135 merges the data received from the mobile communication interface 105 and the first WiFi interface 107 and then transmits the merged data to the second WiFi interface 109, the input / output port 111, the Ethernet interface 113 output the merged data through the interface to which the host terminal 200 is connected. The multiple network merging connection controller 135 divides the data received from the interfaces 109, 111 and 113 to which the host terminal 200 is connected and transmits the divided data to the integrated network 100 via the mobile communication interface 105 and the first WiFi interface 107, To the device (500).

The IPsec client module 137 operates in conjunction with the integrated network device 500 to generate IPSec VPN tunneling. The IPsec client module 137 processes the encrypted traffic transmitted and received through the VPN tunneling through the first WiFi interface 107. The IPsec client module 137 encrypts and decrypts traffic transmitted and received through the second subflow of the multi-network merging session using the authentication key exchanged with the integrated network device 500 using IPsec.

The host authentication unit 139 determines whether the host terminal 200 is authorized to access the dedicated network 600 through the dongle 100 in cooperation with the dongle authentication server 900 Host authentication is performed.

The traffic control unit 141 controls traffic transmitted and received through the mobile communication interface 105 and the first WiFi interface 107 on the basis of the TC (Traffic Control) policy received from the integrated network device 500. Here, the traffic control unit 141 receives the TC flag (Flag) defined in advance from the integrated network device 500, and discriminates and operates the TC policy based on the value set in the TC flag.

A white list management unit 143 manages a whitelist, for example, a list of multi-network merging services and / or applications. That is, the whitelist may be the information of the multiple network merge application applications via the integrated network device 500. [ The whitelist may be set by user selection or carrier policy.

The white list management unit 143 may selectively transmit traffic of a service or an application included in the whitelist among the traffic received from the host terminal 200 to the integrated network device 500.

The user interface control unit 145 provides a web-based UI (user interface) / UX (user experience) through the screen of the display device 127.

3, the processor 103 executes a program stored in the memory 101, which is a processor configured to perform an operation associated with the dongle 100 and to execute instructions. The processor 103 includes a mobile communication network connection control unit 131, a WiFi connection control unit 133, a multiplexing network connection control unit 135, an IPsec client module 137, a host authentication unit 139, a traffic control unit 141, And executes a program command for implementing at least some functions of the functions of the list management unit 143 and the user interface control unit 145. [

The mobile communication interface 105 transmits and receives data to and from a mobile communication network, for example, an LTE network. The mobile communication interface 105 is connected to the base station 300 and the EPC 400 to transmit and receive data.

The first WiFi interface 107 and the second WiFi interface 109 transmit and receive data to and from the WiFi network. At this time, the first WiFi interface 107 is connected to the WiFi AP 700. The second WiFi interface 109 performs WiFi communication with the host terminal 200. At this time, the dongle 100 operates as a WiFi AP to the host terminal 200.

The first WiFi interface 107 and the second WiFi interface 109 use different IP addresses.

The first WiFi interface 107 is assigned a first IP address from the WiFi AP 700.

The second WiFi interface 109 performs WiFi communication with the host terminal 200 using a preset second IP address.

The WiFi connection control unit 133 distinguishes the traffic of the first WiFi interface 107 from the traffic of the second WiFi interface 109 based on the IP address of the traffic.

At this time, the second WiFi interface 109 may be a short-range wireless communication interface of another communication standard such as a Bluetooth interface or a ZigBee interface.

The input / output port 111 is a terminal directly physically connected to the host terminal 200, such as a USB terminal, and transmits / receives traffic to / from the host terminal 200.

The Ethernet interface 113 is connected to the host terminal 200 and a wired cable such as a LAN cable to transmit / receive traffic to / from the host terminal 200.

The internal interface 115 is connected to the UICC 117 and the fingerprint sensor 119 and connects the UICC 117 and the fingerprint sensor 119 to the peripheral interface 129.

The UICC 117 stores a subscriber identity module (USIM). The subscriber identity module (USIM) is a module in the form of a card. The subscriber identity module (USIM) includes a telephone number so as to provide various services such as authentication, charging, It stores personal information. Although the USIM is described as an example of the subscriber identity module in the embodiment of the present invention, the present invention is not limited thereto, and other types of subscriber identity module for mobile communication service, for example, a subscriber identity module (SIM), may also be applied.

The IPSec acceleration module 121 is constituted by a dedicated hardware engine. When the IPSec data is received from the processor 103, the IPSec acceleration module 121 performs hardware acceleration processing on the IPSec data. The IPSec acceleration module 121 hardware-accelerates the short-range wireless network traffic that is encrypted by the IPSec client module 137 using the authentication key exchanged with the integrated network device 500.

The I / O interface 123 provides an interface between the input / output peripheral devices such as the input device 125 and the display device 127 and the peripheral interface 129.

The input device 125 receives various user commands. The input device 125 may include a touch sensor, an acceleration sensor, a gyro sensor, an illuminance sensor, a proximity sensor, a pressure sensor, a noise sensor A keyboard, a pointing device, a microphone, a microphone, a microphone, a noise sensor (e.g., a microphone), a pen sensor, a keypad, a button,

The display device 127 may be a liquid crystal display (LCD) technology or a light emitting polymer display (LPD) technology. The display device 127 may be a capacitive type, a resistive type, or an infrared type. The display device 127 outputs the operation result of the program executed by the processor 103 on the screen.

The peripheral interface 129 includes a mobile communication interface 105, a first WiFi interface 107, a second WiFi interface 109, an input / output port 111, an Ethernet interface 113, an internal interface 115, a UICC 117 A fingerprint sensor 119, an IPSec acceleration module 121, an I / O interface 123, an input device 125, and a display device 127 with the processor 103.

According to one embodiment, the peripheral interface 129 may be a Peripheral Component Interconnect (PCI) interface.

Now, a communication method according to an embodiment of the present invention will be described based on the above-described configurations. The same reference numerals will be used in connection with the configurations of Figs.

5 is a flowchart of a communication method according to an embodiment of the present invention.

At this time, when the power of the dongle 100 is turned on, it is assumed that the access authentication procedure is completed by being connected to the mobile communication network, that is, the EPC 400 as a default.

5, the processor 103 of the dongle 100 receives a user input signal requesting a dedicated mode from the input device 125 or receives a dedicated mode button (not shown) provided separately in the dongle 100, The dongle 100 is triggered in a dedicated mode (S101). That is, it generates a dedicated mode trigger signal.

When the dedicated mode is triggered (S101), the mobile communication network connection control unit 131 of the dongle 100 accesses the base station 300 and the EPC 400 via the mobile communication interface 105, and performs a dedicated network connection procedure through the mobile communication network (S103).

The WiFi connection control unit 133 of the dongle 100 accesses the WiFi AP 700 and the AAA server 800 and performs a WiFi connection procedure (S105).

The multi-network merging connection controller 135 of the dongle 100 accesses the integrated network device 500 and requests multi-network merging activation (S107).

The integrated network device 500 performs authentication to determine whether the dongle 100 is capable of multi-network merging activation, and then when the authentication is successful, the integrated network device 500 transmits the information of the multi-network merging enabled dongle 100 to the dongle authentication server 900 (S109).

The multi-network merging connection controller 135 of the dongle 100 performs multi-network merging authentication in cooperation with the integrated network device 500 (S111).

The multi-network merging connection controller 135 of the dongle 100 creates a multi-network merging session with the integrated network device 500 when the steps S107 and S111 are completed.

The IPsec client module 137 of the dongle 100 performs an IPSec VPN key exchange procedure in cooperation with the integrated network device 500 (S113).

The host authentication unit 139 of the dongle 100 does not operate when the host terminal 200 is not connected even if the dedicated mode is triggered. When the host terminal 200 is connected after the dedicated mode is triggered, the host authentication unit 139 of the dongle 100 performs the host terminal authentication in cooperation with the dongle authentication server 900 (S115).

When the host terminal authentication is successful, the dongle authentication server 900 registers the authenticated dongle information in the integrated network device 500 as status information (S117). At this time, even if all of the steps S101 to S113 are performed, the multi-network connection is not permitted if the host terminal authentication is not performed. That is, even if traffic is received from the dongle 100, if the dongle information in which the state information is registered through the step S117 is not provided, the traffic is not transmitted to the dedicated network 600 or the traffic received from the dedicated network 600 is transmitted to the dongle 100 It may not be delivered.

After performing the above steps S101 to S117, the dongle 100 transmits the traffic to / from the host terminal 200 via the LTE network and the WiFi network via the integrated network device 500 to the dedicated network 600 ).

FIG. 6 is a flowchart showing details of step S103 of FIG.

Referring to FIG. 6, the mobile communication network access control unit 131 of the dongle 100 transmits an access request message (Attach Request) to the MME 401 (S201). At this time, the connection request message may include an access point name (APN) for a dedicated network connection.

The MME 401 transmits a bearer setup message for transmitting user traffic to the S-GW 403 and the P-GW 405 (S203, S205)

The P-GW 405 determines whether the dongle 100 has a dedicated network access right or a dedicated network service subscriber based on the dongle information included in the bearer setup message, for example, the USIM information of the dongle 100 (S207) .

In step S207, if the P-GW 405 determines that the dongle 100 has a dedicated network access right, the P-GW 405 performs a process for a dedicated network connection, such as assigning a dedicated IP address of the dongle 100 accessing the dedicated network 600 And transmits a bearer setup response message including a processing result such as a dedicated IP address to the S-GW 403 and the MME 401 (S209, S211).

The MME 401 transmits a connection response message to the bearer setup response message to the dongle 100 (S213).

The mobile communication network connection control section 131 of the dongle 100 establishes a communication session to access the dedicated network 600 via the S-GW 403 and the P-GW 405. [

7 is a flowchart showing in detail the step S105 of FIG.

7, the WiFi connection controller 133 of the dongle 100 extracts an SSID (AP name), a MAC (medium access control) address of the AP, and an encryption (encryption) value for the SSID from the beacon message broadcast from the WiFi AP 700 (E.g., WPA2). The WiFi connection control unit 133 of the dongle 100 requests connection to the WiFi AP 700 based on the acquired information (S301). At this time, in step S301, the WiFi connection control unit 133 of the dongle 100 transmits USIM information, for example, IMSI, and a K (Security Key) used for authentication to the WiFi AP 700. [

The WiFi AP 700 requests authentication from the AAA server 800 through an Access Request, which is a RADIUS protocol message (S303). Since the IMSI and K for each subscriber are provisioned in advance in the AAA server 800, the AAA server 800 determines whether the information received in step S303 is provisioned in advance and determines whether the dongle 100 has the WiFi access right (S305).

If the authentication succeeds in step S305, the AAA server 800 transmits an authentication response indicating completion of authentication to the WiFi AP 700 (S307). The WiFi AP 700 transmits a connection response according to the authentication success to the dongle 100 (S309). At this time, the connection response may include the IP address assigned by the WiFi AP 700. [

Thereafter, the WiFi connection control unit 133 of the dongle 100 establishes a communication session with the WiFi AP 700. [

8 is a flowchart illustrating details of steps S107 and S109 of FIG.

Referring to FIG. 8, the multi-network merging connection controller 135 of the dongle 100 transmits a multi-network merging activation request message to the integrated network device 500 (S401). At this time, the multi-network merge activation request message may include subscriber information included in the USIM or the like, for example, an IMSI, an LTE IP address / WiFi IP address, a dongle ID, and a dongle model / version.

In step S403, the integrated network device 500 performs multi-network merging activation authentication to determine whether the multi-network merging access right exists and whether the multi-network merging access right exists in the dongle 100 based on the information received in step S401. .

When the integrated network device 500 succeeds in performing the multiple network merging activation authentication, the integrated network device 500 transmits a multi-network merging activation response message including the multi-network merging session IP and the port to the multi-network merging connection controller 135 of the dongle 100 S405). If the dongle 100 is in a state where the multiple networks can not be merged, the integrated network device 500 may transmit the authentication status and the notification information to the multi-network merging connection controller 135 of the dongle 100 (S405).

If the multi-network merging authentication (S403) is successful, the integrated network device (500) transmits the multi-network merging authentication information including the authenticated dongle information to the dongle authentication server (900) (S407).

The dongle authentication server 900 stores the authenticated dongle information (S409), and then transmits a multi-network merging authentication information registration response to the integrated network device 500 (S411).

FIG. 9 is a flowchart showing in detail the step S111 of FIG.

9, the multi-network merging connection controller 135 of the dongle 100 transmits a multi-network merging authentication request message including the dongle ID and the dongle hardware information to the integrated network device 500 (S501). Here, the dongle hardware information may include the MAC address of the dongle.

The integrated network device 500 requests and receives the dongle completion information corresponding to the dongle ID received in step S501 from the dongle authentication server 900 in step S503.

The integrated network device 500 performs authentication in step S503 to determine whether the dongle completion information exists and whether the dongle is a multi-network merging access right based on the dongle hardware information (S505).

If the authentication (S505) is successful, the integrated network device 500 sets the TC flag according to the TC policy (S507). The integrated network device 500 transmits a multi-network merging authentication response message including the TC flag set in step S507 to the multi-network merging connection controller 135 of the dongle 100 (S509).

8 and 9, the multi-network merge connection controller 135 may be connected to the WiFi network, and may be configured to communicate with the integrated network device 500 through the LTE network when performing steps S107 to S111 .

10 is a flowchart showing in detail the step S113 of FIG.

Referring to FIG. 10, the IPsec client module 137 of the dongle 100 accesses the integrated network device 500 and transmits a connection request (S601). At this time, the connection request may include the subscriber information recorded in the USIM of the dongle 100 and the previously stored authentication information. Here, the authentication information may include key information necessary for generating the IPsec tunnel.

The integrated network device 500 performs authentication for determining whether or not the user authentication of the dongle 100 is permitted based on the subscriber information, and then transmits the authentication result to the IPSec communication method (security mode Encryption and integrity algorithm, and various keys), and transmits them to the dongle 100 in the connection response (S603).

The traffic transmitted and received via the first WiFi interface 107 of the dongle 100 then undergoes tunneling communication with the integrated network device 500 and the IPSec security method under the control of the IPsec client module 137 in the secure data packet.

In this case, it is described that Internet Key Exchange version 2 (IKEv2) is used to create an IPsec tunnel and EAP is used in the mutual authentication process of IKEv2. However, the present invention is not limited to this, Of course, the protocol is also applicable.

FIG. 11 is a detailed flowchart of steps S115 and S117 of FIG. 5 according to an embodiment of the present invention, and corresponds to an embodiment of the host terminal authentication.

11, when the host terminal 200 is wirelessly connected to the dongle 100, the host terminal 200 transmits a connection request to the host authentication unit 139 of the dongle 100 (S701).

The host authentication unit 139 of the dongle 100 requests the host terminal 200 for EAP (Extensible Authentication Protocol) authentication (S703).

The host terminal 200 requests an account input for authentication on the screen and transmits an authentication response including the account information input by the user (S705), that is, the ID and the PassWord (PW) 139 (S707).

The host authentication unit 139 of the dongle 100 transmits a user authentication request including the ID / PW and the dongle ID received (S707) to the dongle authentication server 900 (S709).

The dongle authentication server 900 performs user access authorization to determine whether the host terminal 200 is a legitimate user based on the ID / PW and the dongle ID received (S709) (S711).

The dongle authentication server 900 transmits a user authentication response including the authentication result to the host authentication unit 139 of the dongle 100 (S713).

At this time, if the authentication is successful, the host authentication unit 139 of the dongle 100 transmits a connection permission for the connection request (S701) to the host terminal 200 (S715).

In addition, the dongle authentication server 900 transmits the user authentication completion information to the integrated network device 500 (S717). Here, if the authentication is successful, the user authentication completion information may include the dongle information that has been authenticated, that is, the dongle ID.

The integrated network device 500 prepares for the traffic transmission / reception operation with the dongle 100 based on the dongle completion information (S719). The integrated network device 500 may discard or block the traffic received from the dongle 100 or the traffic directed to the dongle 100 without forwarding, if the dongle completion information is not received.

FIG. 12 is a detailed flowchart of steps S115 and S117 of FIG. 5 according to another embodiment of the present invention, and corresponds to another embodiment of the host terminal authentication.

12, when a connection request is received from the host terminal 200 connected to the dongle 100 by wire or wireless (S801), the host authentication unit 139 of the dongle 100 requests the fingerprint input, (Step S803).

The host authentication unit 139 of the dongle 100 transmits a user authentication request including the received fingerprint information and the dongle ID to the dongle authentication server 900 (S805).

The dongle authentication server 900 performs user access authorization to determine whether the host terminal 200 is a legitimate user based on the fingerprint information and the dongle ID (S807).

The dongle authentication server 900 transmits a user authentication response including the authentication result to the host authentication unit 139 of the dongle 100 (S809).

At this time, if the authentication is successful, the host authentication unit 139 of the dongle 100 transmits a connection permission for the connection request (S801) to the host terminal 200 (S811).

In addition, the dongle authentication server 900 transmits the user authentication completion information to the integrated network device 500 (S813). The step S813 is the same as the step S717 of FIG.

The integrated network device 500 prepares for the traffic transmission / reception operation with the dongle 100 based on the dongle completion information (S815). The step S815 is the same as the step S719 of FIG.

The operation of the integrated network device 500 in steps S719 and S815 will now be described with reference to FIG.

13 is a flowchart illustrating an operation of an integrated network device according to an embodiment of the present invention.

13, when the integrated network device 500 receives traffic from the dongle 100 or receives traffic directed to the dongle 100 (S901), the integrated network device 500 determines whether authentication completion information of the dongle 100 is stored (S903).

At this time, if the authentication completion information of the dongle 100 is stored, the received traffic is transmitted to the dongle 100 or the private network 600 (S905). On the other hand, if the authentication completion information of the dongle 100 is not stored, the received traffic is discarded or blocked (S907). At this time, it may be temporarily stored for a certain period of time until the host terminal authentication is completed, and may be discarded after a certain period of time, without unconditionally discarding or blocking.

FIG. 14 is a flowchart illustrating a traffic control operation of a dongle according to an embodiment of the present invention, and FIG. 15 is a flowchart illustrating a traffic control operation of a dongle according to another embodiment of the present invention.

The integrated network device 500 can set the TC Flag (flag) to one of 0, 1, and 2. The TC flag may be included in the multi-network merging authentication response message and transmitted to the dongle 100 in step S509 of FIG. However, the present invention is not limited to this, and the TC flag may be transmitted to the dongle 100 through a separate procedure.

14, the traffic control unit 141 of the dongle 100 checks the value of the TC flag received from the integrated network device 500 (S1001) to determine whether it is 0, 1, or 2 (S1003 ).

The traffic control unit 141 of the dongle 100 turns off the TC function itself when the TC Flag is determined to be 0 (S1005).

The traffic control unit 141 of the dongle 100 executes the dongle control mode when the TC flag is 1 (S1007). The dongle control mode is a mode in which the amount of LTE traffic is controlled by determining the LTE and WiFi resource usage itself in the dongle 100 itself.

The traffic control unit 141 of the dongle 100 determines whether a preset period of time has come (S1009). When the period arrives, the traffic control unit 141 of the dongle 100 determines the WiFi propagation state, the current WiFi traffic transmission amount, the LTE traffic transmission amount, Status information related to LTE and WiFi traffic transmission such as a latency state of the WiFi network is checked (S1011).

The traffic control unit 141 of the dongle 100 analyzes the WiFi traffic transmission environment based on the checked information (S1011) and determines whether the current WiFi quality is good (S1013). At this time, the reference information for determining whether or not it is good is set in advance.

If it is determined that the current WiFi quality is good, the traffic control unit 141 of the dongle 100 decreases the maximum transmission rate of the LTE traffic to a low level, for example, 1 Mbps (S1015). That is, the maximum transmission rate of the mobile communication interface 105 is set low.

On the other hand, if it is determined that the current WiFi quality is bad, the maximum transmission rate of the LTE traffic is increased again (S1017).

Here, the maximum transmission rate value to be decreased or increased may be automatically set according to the state of the LTE network or may be a value preset by the operator / user to a certain value.

In step S1003, the traffic control unit 141 of the dongle 100 executes the network control mode when the TC flag is 2 (S1019). Here, the network control mode is a mode for controlling traffic under the control of the integrated network device 500. Step S1019 will be described with reference to FIG.

15, when the traffic control unit 141 of the dongle 100 executes the network control mode (S1101), the WiFi propagation state, the current WiFi traffic transmission amount, the LTE traffic transmission amount, the LTE network latency state, the WiFi State information related to the LTE and WiFi traffic transmission such as the latency state of the network and its own location information are collected (S1113).

The traffic control unit 141 of the dongle 100 generates a multi-network merge status message (MA-STATUS) including the collected information (S1103), i.e., the network status information and the location information (S1105) (S1107).

WiFi status of the dongle 100 and the status of the base stations 300 and 700 based on the LTE / WiFi status information and the location information included in the multi-network merge status message (MA-STATUS) And determines whether the WiFi quality is good (S1109).

If it is determined that the WiFi quality is good, the integrated network device 500 decreases the maximum transmission rate of the LTE traffic (S1111) and increases the maximum transmission rate of the LTE traffic (S1113) if it is determined that the WiFi quality is poor. At this time, the criterion for determining whether the WiFi quality is good is preset in the integrated network device 500.

The integrated network device 500 generates a multi-network merging policy (MA-POLICY) message including the maximum transmission rate of the LTE traffic determined in step S1111 or step S1113 (S1115) and transmits the message to the dongle 100 (S1117).

The traffic control unit 141 of the dongle 100 controls the LTE maximum transmission rate based on the TC policy included in the received message (S1117) (S1119).

16 is a hardware block diagram of a server device according to an embodiment of the present invention. The hardware configuration of the integrated network device 500, the AAA server 800, and the dongle authentication server 900 described in Figs. 1 to 15 .

16, a server apparatus 1100 includes a communication apparatus 1101, a memory 1103, a storage apparatus 1105, and at least one processor 1107.

The communication device 1101 is connected to at least one processor 1107 to transmit and / or receive traffic over an LTE network and / or a WiFi network. Memory 1103 is coupled to at least one processor 1107 to store a program that includes instructions to cause the configuration and / or method in accordance with the embodiments described in Figs. 1-15 to be executed. The program is implemented in combination with hardware, such as memory 1103 and at least one processor 1107, to implement the present invention.

The storage device 1105 includes dongle information (100), authentication information, and the like necessary for operation of the server device. The processor 1107 executes the present invention in combination with hardware such as the memory 1103, the storage device 1105, and the like.

Through the configuration of the present invention as described above, various types of host terminals 200 can be connected to the private network 600 through the dongle 100 through the multi-level authentication, multi-network merging technology, and intelligent traffic control, Stability can be ensured.

The embodiments of the present invention described above are not implemented only by the apparatus and method, but may be implemented through a program for realizing the function corresponding to the configuration of the embodiment of the present invention or a recording medium on which the program is recorded.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.

Claims (20)

A method of operating a dongle that is operated by at least one processor and is connected to a host terminal to relay communications of the host terminal,
A step in which a dedicated mode is triggered,
Connecting to a core network of a first network connected to a private network, performing an authentication for determining a private network access right, and then performing an access network access procedure through the first network,
Performing a connection procedure to the second network different from the first network,
The first network, the second network, and the private network, merging the traffic received through the first network and the second network, and delivering the combined traffic to the dedicated network, Creating a multi-network merging session by accessing a network device that divides the network into the first network and the second network,
Transmitting traffic received from the host terminal to the network device through the multi-network merging session, and transmitting traffic received from the network device through the multi-network merging session to the host terminal
Gt; a < / RTI > The method of claim 1,
Wherein the triggering comprises:
And triggered by a user input signal generation or dongle control policy requesting the dedicated mode. The method of claim 1,
Wherein the generating the multi-network merging session comprises:
Transmitting a multi-network merge service activation request including the subscriber information and the dongle ID stored in the dongle to the network device,
Receiving a multi-network merge service activation response from the network device when authentication to determine whether the multi-network merge service of the dongle based on the subscriber information and the dongle ID is successful,
Transmitting a multi-network merging authentication request including the dongle ID and dongle hardware information to the network device,
Receiving a multi-network merging connection response from the network device when authentication to determine a multi-network merging connection right of the dongle based on the dongle ID and dongle hardware information is successful; and
Generating the multi-network merge session
Gt; a < / RTI > 4. The method of claim 3,
After performing the connection procedure to the second network,
Receiving a TC (Traffic) flag (Flag) indicating a traffic control mode from the network device and driving a traffic control mode according to the instruction information recorded in the TC flag,
The traffic control mode includes:
A method of operating a dongle, the method comprising: adjusting a traffic transmission rate. 5. The method of claim 4,
The TC flag,
Wherein the multi-network merged connection response is included in the multi-network merged connection response. 5. The method of claim 4,
Wherein driving the traffic control mode comprises:
Turning off the traffic control mode if the TC flag is a first value,
Determining a network quality by measuring a traffic state and a network state if the TC flag is a second value and adjusting a traffic transmission rate according to the network quality,
And setting the traffic transmission rate received from the integrated network device by transmitting the location information, the measured traffic state information and the network status information to the integrated network device if the TC flag is a third value
Gt; a < / RTI > The method of claim 6,
Wherein the first network includes a mobile communication network,
Wherein the second network includes a short-range wireless network,
The traffic transmission rate may be,
The transmission rate of the mobile communication network traffic,
Wherein the short range wireless network quality is reduced or increased when the short range wireless network quality satisfies a predefined condition based on the short range wireless network quality determined based on the mobile communication network traffic and the short-range wireless network traffic, How the dongle works. 8. The method of claim 7,
After generating the multi-network merge session,
Further comprising exchanging an authentication key using the Internet security protocol (IPsec protocol) with the network device,
The authentication key includes:
Wherein the tunnel is used in a virtual private network (VPN) tunnel created with the network device through the second network. 9. The method of claim 8,
After generating the multi-network merge session,
Receiving a user authentication result by requesting a dongle authentication server to perform user authentication for determining a dongle access right of the host terminal based on user information and the dongle information when a connection attempt is made from the host terminal;
If the user authentication result is successful, connecting to the host terminal
Gt; a < / RTI > A first communication interface connected to the first network,
A second communication interface connected to a second network different from the first network,
At least one third communication interface coupled to the host terminal,
A storage device for storing subscriber information,
A memory for storing the dongle control program, and
And at least one processor for executing the dongle control program,
Wherein the dongle control program comprises:
When the dedicated mode is triggered, performs an access network access procedure through the first network and a connection procedure with the second network based on the subscriber information,
The first network, the second network, and the private network, merging the traffic received through the first network and the second network, and delivering the combined traffic to the dedicated network, And a second network, wherein the network device is connected through the first communication interface and the second communication interface to generate a multi-network merging session,
And transmits the traffic received from the third communication interface to the dedicated network via the first communication interface and the second communication interface and transmits traffic received from the dedicated network through the first communication interface and the second communication interface Outputting via a third communication interface, and comprising instructions. 11. The method of claim 10,
An input device that triggers the dedicated mode
Further comprising a dongle. 11. The method of claim 10,
Wherein the dongle control program comprises:
Receives a TC (Traffic) flag (Flag) indicating a traffic control mode from the network device,
If the TC flag is the first value, the traffic control mode is turned off,
If the TC flag is a second value, determines a network quality by measuring a traffic state and a network state, adjusts a traffic transmission rate according to the network quality,
And transmitting location information to the integrated network device together with the traffic state and the network state to set a traffic transmission rate received from the integrated network device if the TC flag is a third value. 11. The method of claim 10,
Wherein the dongle control program comprises:
Requesting the network device to activate a multi-network merging service for determining whether multi-network merging is possible based on the subscriber information and the dongle ID, and upon receipt of a multi-network merging service activation response, Requesting authentication to determine a multi-network merging access right of the integrated network device, and receiving the multi-network merging access response from the integrated network device, generates the multi-network merging session. 11. The method of claim 10,
Wherein the second network comprises a short-range wireless network,
Wherein the dongle control program comprises:
Exchanges an authentication key using the Internet security protocol (IPsec protocol) with the network device,
And generating a virtual private network (VPN) tunneling with the network device through the second communication interface,
And decrypting short-range wireless network traffic transmitted through the virtual private network (VPN) tunnel using the authentication key. The method of claim 14,
(IPsec) acceleration module that hardware-accelerates the short-range wireless network traffic that is decrypted using the authentication key,
Further comprising a dongle. 11. The method of claim 10,
Wherein the dongle control program comprises:
And transmits the account information and the dongle information acquired through the authentication protocol communication with the host terminal to the dongle authentication server when attempting connection from the host terminal through the at least one third communication interface, And judges instructions for permitting connection of the host terminal when a user authentication success response is received from the dongle authentication server. 11. The method of claim 10,
Further comprising a fingerprint sensor for receiving a user fingerprint,
Wherein the dongle control program comprises:
A fingerprint information input unit that transmits fingerprint information and dongle information received through the fingerprint sensor to the dongle authentication server when a connection is attempted from the host terminal through the at least one third communication interface, And granting a connection of the host terminal when a user authentication success response is received from the dongle authentication server. The method as claimed in claim 1, wherein the first network and the second network are connected to a first network, a second network, and a private network, respectively, and the traffic received through the first network and the second network is merged and delivered to the dedicated network And dividing the traffic received from the dedicated network into the first network and the second network and transmitting the divided traffic,
Receiving a multi-network merge access request from a dongle connected to the first network and the second network,
Performing authentication for determining a multi-network merge access right of the dongle, and transmitting an authentication result to the dongle;
Generating a multi-network merging session with the dongle if the authentication result is successful, and
Transmitting the traffic received through the multi-network merging session from the dongle to a private network, and transmitting traffic received from the private network to the dongle through the multi-network merging session,
The traffic,
A host terminal connected to the dongle,
The multi-network merging access request includes:
And receives from the dongle that has succeeded in authentication of the dedicated network access authority. The method of claim 18,
Prior to the step of transmitting to the dongle,
Further comprising receiving a host terminal authentication result from the dongle authentication server,
Prior to the step of transmitting to the dongle,
Determining whether to transmit / receive a traffic between the dedicated network and the dongle according to whether the host terminal authentication result is received or the host terminal authentication result is successful
Further comprising the steps of: The method of claim 18,
The multi-network merging session includes:
A first sub-flow coupled to the dongle through the first network, and a second sub-flow coupled to the dongle through the second network and being added to the first sub-flow,
Prior to the step of transmitting to the dongle,
Exchanging an authentication key using the IP security protocol (IPsec) with the dongle, and
And encrypting and decrypting traffic transmitted and received through the second subflow using the authentication key
Further comprising the steps of:

Images