WO2000046966A2 - Systeme et procede d'acces internet prepaye et anonyme - Google Patents

Systeme et procede d'acces internet prepaye et anonyme Download PDF

Info

Publication number
WO2000046966A2
WO2000046966A2 PCT/US2000/002892 US0002892W WO0046966A2 WO 2000046966 A2 WO2000046966 A2 WO 2000046966A2 US 0002892 W US0002892 W US 0002892W WO 0046966 A2 WO0046966 A2 WO 0046966A2
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
computer
network
access
server
Prior art date
Application number
PCT/US2000/002892
Other languages
English (en)
Other versions
WO2000046966A3 (fr
Inventor
M. Scott Yoneyama
Original Assignee
Casual Technologies, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Casual Technologies, Inc. filed Critical Casual Technologies, Inc.
Priority to AU35888/00A priority Critical patent/AU3588800A/en
Publication of WO2000046966A2 publication Critical patent/WO2000046966A2/fr
Publication of WO2000046966A3 publication Critical patent/WO2000046966A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • the invention relates generally to telecommunication systems, and more particularly to systems and methods for providing prepaid and anonymous Internet access.
  • IP Internet Protocol
  • URL Universal Resource Locator
  • Web servers place temporary Internet files on a hard drive of the Internet user's personal computer (PC), including what are sometimes referred to as "cookies.”
  • a "cookie” is a set of data that a server stores in the Internet user's PC the first time the Internet user visits a web site, such as when the visited web site returns a graphic or screen to the Internet user's PC.
  • cookies allow the server to automatically identify the Internet user during subsequent Internet sessions, thereby shortening or eliminating Internet user identification elements involved in an initial log-in process and expediting the Internet user's interaction with the given web site.
  • Cookies are updated with each return visit, and may disclose information such as a username, password, or identification of which parts of the web site were visited by the Internet user.
  • the server saves the cookies as a text file in a system folder in the hard drive. Because cookies can be used to identify an Internet user, third parties frequently use the cookies to analyze the Internet user ' s browsing preferences and browsing history. Such use of cookies is a serious compromise of the Internet user's anonymity.
  • ZKS Zero-Knowledge Systems
  • Montreal employs a strong encryption system called FREEDOM 1 M and a network of servers using the encryption system.
  • An Internet user initially signs up for the ZKS service, and then receives multiple digital pseudonyms to hide the Internet user's email address or username.
  • Anonymity is accomplished by hiding the Internet user's IP address and routing all of the Internet user's communications through ZKS' servers.
  • this is not a truly anonymous system because the Internet user has to register with both a United States-based Internet Service Provider (ISP) and the ZKS service, and because the encryption system can be deciphered.
  • ISP Internet Service Provider
  • prepaid telecommunications services such as calling cards for long-distance calling
  • U.S. Patent No. 5,749,075 issued to Toader et al, describes a prepaid calling card for Internet access.
  • these Internet calling card systems require registration and do not provide anonymity.
  • the remailers, ZKS system, and calling cards typically require software downloads and modifications to the Internet user's existing PC software configurations. Such modifications are often too technical for an average Internet user to understand or easily use.
  • FIG. 1 shows a computer system suitable for practicing an embodiment of the invention.
  • FIG. 2 is a simplified block diagram showing how the computer system of FIG. 1 interfaces with a communication network.
  • FIG. 3 is a block diagram showing in more detail how the computer system of FIG. 1 interfaces with the network of FIG. 2.
  • FIG. 4 is a first flowchart of a sequence of seven flowcharts illustrating operation of an embodiment of the invention using the systems shown in FIGS. 1 - 3, and in particular shows an illustrative installation procedure for the embodiment.
  • FIG. 5 is a second flowchart of the sequence of seven flowcharts and is a continuance of the installation procedure shown in the flowchart of in FIG. 4.
  • FIG. 6 is a third flowchart of the sequence of seven flowcharts, and in particular shows an illustrative initial communication procedure for the embodiments shown in FIGS. 1 - 5.
  • FIG. 7 is a fourth flowchart of the sequence of seven flowcharts, and in particular shows an illustrative first authentication procedure for the embodiments shown in FIGS. 1 - 6.
  • FIG. 8 is a fifth flowchart of the sequence of seven flowcharts, and in particular shows an illustrative second authentication procedure for the embodiments shown in FIGS. 1 - 7.
  • FIG. 9 is a sixth flowchart of the sequence of seven flowcharts, and in particular shows an illustrative time-keeping procedure for the embodiments shown in FIGS. 1 - 8.
  • FIG. 10 is a seventh flowchart of the sequence of seven flowcharts and is a continuance of the time-keeping procedure shown in the flowchart of FIG. 9.
  • FIG. 1 1 is a flowchart illustrating operation of an illustrative deletion routine utilized by the embodiments shown in FIGS. 1 - 10.
  • Embodiments of the invention are directed towards a system and method to allow a computer user (e.g., an Internet user) to anonymously view web pages, such as HyperText Markup Language (HTML) pages, on the World Wide Web (WWW) via the Internet.
  • Embodiments of the invention also allow the Internet user to prepay for Internet access time.
  • Embodiments of the invention differ dramatically from the known solutions discussed above that address anonymity on the Internet.
  • a prepaid "Internet access disk" system allows anonymity from installation on the Internet user's personal computer (PC), without the need for the Internet user to sign-up for an account or a remailer service.
  • Such embodiments allow for simplified, convenient, and anonymous Internet access because Internet identity originates from the Internet access disk and is not tied to the Internet user's true identity.
  • Embodiments of the invention do not attempt to "take over" the Internet user's existing software system or conflict with existing system settings. This is a particular problem encountered by users of a remote corporate Local Area Network (LAN) who tend to cause conflicts with their system after installing new services to computers in the LAN.
  • Embodiments of the invention also delete temporary Internet files related to the Internet session (e.g., "cookies," bookmarks, and history folders) when ending the Internet session. This prohibits web sites from collecting additional information about the Internet user that show what the Internet user has done while online.
  • a computer system 100 includes a conventional PC 102 having a screen 104 to allow the Internet user to view data, such as HTML pages on the WWW.
  • the PC 102 has a keyboard 106 and a mouse 108 to assist the Internet user to browse through the WWW. While the PC 102 is shown and described herein for the sake of simplicity of explanation, it is understood that the PC 102 is merely illustrative of any type of microprocessor-controlled device or terminal that allow the Internet user to view HTML pages on the WWW. Other possible devices include hand-held computers, workstations, "dumb" terminals connected to a mainframe computer via a network, laptop computers, wireless devices including enhanced functionality wireless telephones, etc. Consequently, the invention is not limited by the type of device used to access the WWW.
  • the PC 102 further includes a memory and a CPU (not shown) to operate the PC 102, as well as a hard drive 1 10 to store information, including temporary Internet files (e.g.. cookies, bookmarks, and history folders).
  • the stored information can also include Internet communication software (including what is sometimes referred to as a "web browser") that moves documents from the WWW to the PC 102 using Hyper Text Transfer Protocol (HTTP) to allow the Internet user to view different web sites.
  • HTTP Hyper Text Transfer Protocol
  • the PC 102 can include a disk drive 1 12a to receive a floppy disk 112b, a compact disk read-only-memory (CD-ROM) drive 1 14a to receive a CD- ROM 114b, and/or a digital versatile disk (sometimes referred to as a "digital video disk” or DVD) drive 1 16a to receive a DVD 116b.
  • the floppy disk 1 12b, the CD-ROM 114b, or the CD-ROM 1 14b function as an "Internet access disk " as described herein. While the computer system 100 of FIG. 1 shows only the floppy disk 1 12b, the CD- ROM 114b, and the DVD 1 16b.
  • the computer system 100 can accommodate other types of computer-readable storage media that function equivalently as "Internet access disks.” These other types of Internet access disks can include a tape drive, Personal Computer Memory Card International Association (PCMCIA) card. Flash Programmable Read-Only-Memory (Flash PROM), Electronically Erasable Programmable Read-Only-Memory (EEPROM). microcode stored on chips, and other data storage devices and their corresponding readers and receptacles. Consequently, the invention is not limited by the type of storage media.
  • Flash PROM Flash Programmable Read-Only-Memory
  • EEPROM Electronically Erasable Programmable Read-Only-Memory
  • the computer system 100 communicates with a communication network 124 (e.g., a telecommunication network having other PCs, web servers, the Internet and WWW, etc.) via a modem 118 and a telephone line 120.
  • a communication network 124 e.g., a telecommunication network having other PCs, web servers, the Internet and WWW, etc.
  • the network 124 will be referred to as the Internet 124 for the sake of simplifying the description.
  • the computer system 100 can communicate to the Internet 124 via a dedicated high-speed data line 122, such as a line from the family of Digital Subscriber Lines (xDSL) or an Integrated Services Digital Network (ISDN) line.
  • xDSL Digital Subscriber Lines
  • ISDN Integrated Services Digital Network
  • the computer system 100 also can be a part of a LAN. with the LAN itself connected to the Internet 124.
  • FIG. 2 shows a simplified block diagram 200 of how the computer system 100 of FIG. 1 interfaces and communicates with the Internet 124.
  • the computer system 100 is connected to the Internet 124 by the dedicated high-speed data line 122 or the telephone line 120.
  • a stack 204 represents layers of software and hardware in the computer system 100 that allow the PC 102 to communicate with the Internet 124.
  • the stack 204 is similar to a conventional Operation Systems Interconnection (OSI) model, but it is understood that principles of the invention can be applied to variations or descendants of the OSI model, including those under Request for Comment (RFC) models.
  • OSI Operation Systems Interconnection
  • a driver layer 212 and a physical link layer 214 which include aspects of the modem 118, are closely bound together and are "seen" by the PC 102 as a single entity.
  • a protocol layer 210 is a set of standards and instructions related to format of data to be transmitted to and from the Internet 124, and relies on the driver layer 212 and the physical link layer 214 to complete an interface to the Internet 124.
  • An application layer 208 passes requests, such as Universal Resource Locator (URL) addresses to the protocol layer 210. Only a brief description of these layers in the stack 204 is provided herein because how the layers function is familiar to those skilled in the art.
  • URL Universal Resource Locator
  • protocol layer 210 and the driver layer 212 of embodiments of the invention are special protocol and driver layers (shown collectively as 216 in FIG. 2) that perform these same functions, but also perform an authentication process for the Internet access disk. This authentication process is illustrated in the flowcharts of FIGS. 7 - 8 and is described in detail below.
  • FIG. 3 shows a system with several illustrative connections to the
  • the Internet 124 for two PCs 102a and 102b both substantially similar to the PC 102.
  • One component of an illustrated embodiment resides in an authentication server 334 having a database 336.
  • the Internet 124 has one or more web servers 320 that store HTML files (e.g., graphics, text, audio, video, etc.), which the web server 320 can transmit to the PCs 102a or 102b using HTTP.
  • the PC 102a has a web browser 302 to allow its Internet user to view the HTML files.
  • the web browser 302 can be any of the popular web browsers currently in use, such as Netscape Corp.'s Internet Navigator ® or Microsoft Corp.'s Internet Explorer ® . Conventionally, the web browser 302 can directly interface with the modem 1 18.
  • the modem 118 is in turn connected to a terminal server 316 via a communication line 306.
  • the terminal server 316 alternatively has a communication line 312 to the authentication server 334 to enable the terminal server to access the database 336.
  • the authentication server in turn has a connection 330 to the Internet 124.
  • the terminal server 316 is an Internet Service Provider (ISP) 338, which is a vendor that provides Internet access, including Internet services and utilities like email and online newsgroups, to companies and private individuals.
  • ISP Internet Service Provider
  • the authentication server 334 is maintained either offsite or locally at the ISP 338.
  • the information in the database 336 includes unique identifiers for Internet users and prepaid Internet access time assigned to each unique identifier. Additionally, while FIG.
  • the database 336 residing in the authentication server 334, it is also possible for the database 336 to reside at another location, connected to the terminal server 316 by a high-speed connection. Consequently, the invention is not limited by a specific physical location of the database 336.
  • the present invention adds an access client module 304 to the connection for the PC 102a.
  • the access client module 304 includes the communication program, and may also include the licensed copy of a web browser, and other programs stored in the CD-ROM 114b that will allow the Internet user to use the CD-ROM 1 14b to access the Internet 124.
  • the Internet user of the PC 102a can access the Internet 124 by enabling the access module 304 directly (such as by launching the licensed copy of the web browser stored in the CD-ROM 114b) to send communications through the modem 1 18.
  • the Internet user can use an existing web browser installed in the PC 102a to enable the access client module 304 and employ the modem 1 18.
  • the communication path then goes from the modem 118 to the terminal server 316 via the communication line 306, and subsequently to the authentication server via the communication line 312.
  • the PC 102b is connected to a LAN 304 via the access client module 304.
  • the LAN 304 can include other PCs, network devices, firewalls, or a proxy server as understood by persons familiar in the art.
  • the PC 102b or the LAN 304 can also have a preexisting installed web browser in addition to the licensed copy of the web browser in the access client module 304.
  • the LAN 304 connects the PC 102b to the authentication server 334 via a communication line 308.
  • the various communication lines and connections shown in FIG. 3, such as the communication lines 306, 308, 312, 326, and 330 can be xDSL or ISDN lines, for example. While the FIG. 3 appears to represent these communication lines as hard wire connections (e.g., coaxial lines, fiber optic cables, twisted pairs, etc.), it is to be appreciated that one or more of these communication lines can be wireless communication links, such as satellite links or cellular telephone links. Consequently, the invention is not limited by the type of communication line.
  • FIGS. 1 - 3 Unless otherwise described herein, the construction and operation of the various components shown in FIGS. 1 - 3 are of conventional design. As a result, such components are not described in greater detail herein, as they will be understood by those skilled in the relevant art. Such description is omitted for purposes of brevity and so as not to obscure the detailed description of the invention. Any modifications necessary to the components in FIGS. 1 - 3 can be readily made by one skilled in the art based on the detailed description provided herein.
  • FIG. 4 Shown generally at 400 in FIG. 4 is a first of a sequence of seven flowcharts illustrating an installation procedure.
  • a company that maintains the database 336 assigns time values to a plurality of unique identifiers.
  • the assigned time values correspond to amounts of Internet access time to be purchased by an Internet user of the PCs 102a or 102b.
  • the assigned time values can be any allotment of time, such as three hours, five days, or ten weeks. In some situations, the time value may be an infinite amount of time, such as when an entity has been given unrestricted time access to the Internet 124.
  • Each unique identifier preferably has only one assigned time value and is in the form of an alphanumeric serial number, identification code, or any other scheme to distinguish one unique identifier from another.
  • a unique identifier could also correspond to a group time value, such as when an organization wishing to provide ten weeks of Internet access time to its employees under the same unique identifier purchases ten Internet access disks, with each of the ten Internet access disks having the same unique identifier for the organization's allotment of Internet access time.
  • several unique identifiers can correspond to the same group time value, so that each employee uses a different unique identifier against the same time allotment.
  • step 404 the company stores the unique identifier and corresponding assigned time value in the database 336 of the authentication server 334.
  • the authentication server 334 will look to the database 336 to confirm if Internet access time remains. This operation is described later below.
  • the company writes (e.g., programs) each unique identifier into a computer-readable storage medium, such as the floppy disk 112b, the CD-ROM 114b, or the DVD 1 16b shown in FIG. 1.
  • a computer-readable storage medium such as the floppy disk 112b, the CD-ROM 114b, or the DVD 1 16b shown in FIG. 1.
  • the CD-ROM 114b will be used as an example in this description, and it is understood that the other forms of storage media mentioned above can also be used.
  • the CD-ROM 1 14b also stores other data and executable instructions, like an installation program, the special protocol and driver layers 216 (see FIG. 2), a deletion routine to delete temporary Internet files, a licensed copy of a web browser, and other programs, like a communication program, that may be required to initiate a communication with the Internet 124.
  • the company distributes the CD-ROM 1 14b through conventional software marketing channels for purchase by Internet users.
  • These marketing channels can include the Internet 124 via online vendors, agents and resellers, retail chains, vending machines, mail order, etc.
  • This CD-ROM 1 14b having the unique identifier associated to the time value functions as the "Internet access disk.”
  • the unique identifier was programmed into the CD- ROM 114b. it is to be appreciated that the unique identifier can alternatively be printed on materials accompanying the CD-ROM 1 14b, such as on a label or on an instruction manual, instead of being programmed into the CD-ROM 114b.
  • the installation program stored in the CD-ROM 1 14b will request the Internet user to insert the unique identifier prior to accessing the Internet 124 and will then store the unique identifier.
  • This alternative option allows CD-ROMs 1 14b to be uniformly manufactured without the need to separately program a unique identifier into each CD- ROM 114b during manufacture.
  • Another alternative is to generate the unique identifier by modifying a pre-existing manufacturer ' s code and serial number on the unrecorded CD-ROM 114b or by appending additional identification data to the pre-existing manufacturer's code and serial number.
  • the Internet user To access the Internet 124, the Internet user first purchases the CD-ROM 114b programmed during step 406 at step 407.
  • the Internet user can decide to purchase a single CD-ROM 114b having one unique identifier associated with a large allotment of Internet access time (i.e., a large time value), or several CD-ROMs, with each CD- ROM 114b having different unique identifiers with shorter time values that can be used sequentially to aggregate Internet access time as each CD-ROM's time value expires.
  • Anonymity is ensured because the Internet user can make a cash payment for the CD- ROM 114b, and the unique identifier becomes invalid when the time value is used up.
  • the Internet user does not need to provide any personally identifying information at purchase and does not need to maintain an ongoing Internet account.
  • the Internet user Whenever access to the Internet 124 is desired, the Internet user inserts the CD-ROM 1 14b into the CD-ROM drive 1 14a (see FIG. 1) of the PCs 102 at step 408 and optionally initiates the installation program stored in the CD-ROM 114b.
  • the installation program checks if the special protocol and driver layers 216 already exist in the hard drive 1 10.
  • the installation procedure shown in the flowchart 400 of FIG. 4 continues to a flowchart 500 of FIG. 5, with a label number 1, shown at 412, indicating where the flowcharts 400 and 500 connect.
  • the installation program determines, for example at step 502, if the special protocol and driver layers 216 or other software needed to identify the CD-ROM 114b to the PC 102 are already registered in a network registry, for example like that found in a Microsoft Windows ® environment, in the PC 102.
  • the network registry contains, among other things, configurations for standard network components like dial- up devices and communication software used the PC 102, modem and hardware settings, peripheral identification, operating system settings, and network protocols like Transmission Control Protocol/Internet Protocol (TCP/IP), Internet Packet Exchange (IPX), or Network Basic Input/Output System Extended User Interface (NetBIOS).
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • IPX Internet Packet Exchange
  • NetBIOS Network Basic Input/Output System Extended User Interface
  • the installation program does not find the special protocol and driver layers 216 in the registry, then at step 506 the installation program includes the special protocol and driver layers 216 among the standard network components for the PC 1 2 mentioned above that exist in the registry. By doing this, the installation program at step 508 binds future Internet communication to the special protocol and driver layers 216, declaring and identifying the protocol and driver layers 216 as another available and/or a default device for Internet communication that will use existing communication system settings and equipment (e.g., the modem 118 shown in FIG. 3) of the PC 102.
  • the installation program includes the special protocol and driver layers 216 among the standard network components for the PC 1 2 mentioned above that exist in the registry.
  • the installation program at step 508 binds future Internet communication to the special protocol and driver layers 216, declaring and identifying the protocol and driver layers 216 as another available and/or a default device for Internet communication that will use existing communication system settings and equipment (e.g., the modem 118 shown in FIG. 3) of the PC 102.
  • the installation program then prompts the Internet user for site-specific and hardware-specific information (e.g., the Internet user's telephone area code, machine type, modem type, connection particulars, etc.) at step 510. However, the Internet user does not need to input any personally identifying information other than the aforementioned site-specific information.
  • the installation program prompts the Internet user to insert any optional information that the Internet user may wish to input but is not required to input (e.g., an Internet address of the Internet user's mail server, the Internet address of the Internet user's home page, etc.).
  • the invention is ready for use whenever the Internet user uses the communication program stored in the CD-ROM 114b to trigger an Internet connection at step 514.
  • the installation program determines that the special protocol and driver layers 216 are already installed, as would be the situation if the Internet user had previously purchased and installed a different CD-ROM 114b, then the installation program embeds or stores the unique identifier of the present CD-ROM 1 14b into the installed special protocol and driver layers 216 at step 504. After this step 504 is completed, the CD-ROM 114b is ready for use whenever the Internet user wishes to use the communication program stored in the CD-ROM 114b to trigger an Internet connection at step 514.
  • the preceding installation of information into the registry can be a permanent installation (e.g., the installed information will remain in the registry after the PC 102 is turned off), it is possible to make the installation temporary. That is, a temporary directory can be created in the registry to store the special protocol and driver layers 216 and other installed information, and then the temporary directory and its contents can be deleted/uninstalled when an Internet session is ended. Any original communication and system settings of the PC 102 existing prior to the installation are then restored after deletion of the temporary director ⁇ ', thereby not disrupting prior communication and system settings. Additionally, it is possible in some instances to initiate and execute Internet communication from the CD-ROM 114b without the need to install software into the PC 102.
  • an API is an interface between the PC 102's operating system and application programs, such as a communication program, stored in the CD-ROM 114b.
  • the API includes routines to allow the application programs to communicate with the operating system, thereby making the services provided by the operating system available to the application programs.
  • the flowchart 500 of FIG. 5 continues to a flowchart 600 of FIG. 6, with a label number 2, shown at 516, indicating where the flowcharts 500 and 600 connect.
  • the flowchart 600 illustrates an initial communication procedure.
  • the special protocol and driver layers 216 perform a dial-up session to a remote telephone number.
  • the dial-up session can be triggered automatically (e.g.. launched) by inserting the CD-ROM 1 14b into the CD-ROM drive 114a using known automatic execution techniques, or by using the CD-ROM 1 14b as a pointer to other communication routines installed elsewhere in the hard drive 1 10.
  • the remote telephone number is associated with a toll-free 800 or 888 remote telephone number service whose function is to provide the Internet user with a directory of access telephone numbers for the authentication server 334 or the terminal server 316 (see FIG. 3).
  • the remote telephone number can be geographically located anywhere and need not be physically located at the authentication server 334.
  • the speciai protocol and driver layers 216 Upon connection to the remote telephone number, the speciai protocol and driver layers 216 declare the Internet user's telephone area code installed at step 510 of FIG. 5, and the remote telephone number service responds with the access telephone number in that telephone area code and which the PC 102 stores. After receiving the access telephone number, the remote telephone number service or the special protocol and driver layers 216 hang up to end the connection at step 604. At step 606, the special protocol and driver layers 216 initiate a dial-up session to the access telephone number provided by the remote telephone number service during step 602.
  • the access telephone number can be obtained manually. That is, the Internet user can manually dial the remote telephone number to obtain the access telephone number or the Internet user can obtain the access telephone number from a printed telephone directory or from printed materials distributed together with the CD- ROM 114b. Consequently, the invention is not limited by the manner in which the access telephone number is obtained.
  • a server accessible via the access telephone number such as the terminal server 316 or the authentication server 334 in FIG. 3, answers and performs a conventional handshake to establish a communication link with the Internet user's PC 102. Once the communication link is established at step 608, the communication program in the CD-ROM 114b transmits, at step 610, the unique identifier to the authentication server 334 for verification against the database 336.
  • the flowchart 600 shown in FIG. 6 continues to a flowchart 700 of FIG. 7, with a label number 3, shown at 612, indicating where the flowcharts 600 and 700 connect.
  • the flowchart 700 shows a first authentication procedure.
  • the authentication server 334 checks to see if the received unique identifier is in the database 336. If the received unique identifier is not found in the database 336, then the authentication server 334 sends a notification to the Internet user at step 704 notifying the Internet user to call customer support. Such a situation would occur, for example, if the database 336 was not properly updated in step 404 of FIG. 4, or if an invalid or incorrect unique identifier was received by the authentication server 334.
  • the authentication server 334 disconnects the communication link at step 706, and the deletion routine in the CD-ROM 114b deletes any temporary Internet files at step 708 that may have been stored in the Internet user's hard drive 1 10 during the connection, described below with reference to FIG. 11. If at step 702 the authentication server 334 locates the received unique identifier in the database 336, then at step 710, the authentication server 334 checks if any prepaid Internet access time is still available (e.g., if the time value is > 0 minutes) for the received unique identifier. If it is determined that no Internet access time remains for that unique identifier, then the authentication server 334 returns a notification to this effect to the Internet user at step 712.
  • the Internet user is prompted by the authentication server 334 as to whether he/she wishes to purchase additional Internet access time under the same unique identifier. If the Internet user does not want to purchase additional time under the same unique identifier (by transmitting a "NO" to the authentication server 334), another notification is sent by the authentication server 334 at step 716 to notify the Internet user of an option to purchase a new CD-ROM 114b having a new identifier and assigned time value for future access to the Internet 124.
  • the authentication server 334 disconnects the communication at step 706, and at step 708, the deletion routine deletes any temporary Internet files that may have been stored in the hard drive 1 10 during the communication. The Internet user can then throw away or erase the CD-ROM 1 14b, which is now useless because the authentication server 334 will not accept a unique identifier that has no remaining Internet access time.
  • the authentication server 334 provides the Internet user with a telephone number through which payment can be made at step 721.
  • the Internet user pays at step 722 by dialing the telephone number provided by the authentication server 334 and by subsequently transmitting a credit card number or paying through some other conventional payment method.
  • the database 336 increments the stored time value by an amount equivalent to the amount paid for by the Internet user in step 722. The Internet user can then try to access the Internet 124 again, starting at step 606 in the flowchart 600 of FIG. 6.
  • the Internet session can begin at step 902 in a flowchart 900 of FIG. 9 and described further below.
  • an intermediate secondary authentication procedure can be started at step 726, after the first authentication procedure and before the Internet session is started at step 902.
  • An embodiment of the secondary authentication procedure is shown in a flowchart 800 in FIG. 8, which is continuation of the flowchart 700 in FIG. 7.
  • a label number 4, shown at 728, indicates where the flowcharts 700 and 800 connect.
  • the authentication server 334 first transmits a request to the PC 102 for transmission of a secondary identifier.
  • the secondary identifier will be a default secondary identifier.
  • the authentication server 334 compares the secondary identifier transmitted by the PC 102 against the database 336 and checks for a match at step 806.
  • the authentication server 334 If the transmitted secondary identifier does not match the stored secondary identifier in the database 336, then the authentication server 334 notifies the Internet user to call customer support at step 808. Usually, a match will not occur if an unauthorized Internet user is trying to use a stolen CD-ROM 1 14b and therefore does not have the secondary identifier created during a previous Internet session. At step 706, the authentication server 334 disconnects the Internet session, and at step 708, the deletion routine in the CD-ROM 114b deletes Internet files that may have been created during the Internet session. If at step 806 the transmitted secondary identifier matches the stored secondary identifier in the database 336, then the authentication server 334 creates a new, random secondary identifier at step 814.
  • the new, random secondary identifier is stored in the database 336 at step 816, and transmitted to the Internet user at step 818.
  • the protocol and driver layers 216 replace a prior secondary identifier from a previous Internet session with the transmitted new, random secondary identifier. It is advantageous to store the transmitted new, random secondary identifier in the hard drive 110 of the Internet user's PC 102 rather than in the CD-ROM 114b. In this fashion, if the CD-ROM 114b is stolen by an unauthorized Internet user, the new, random secondary identifier required for a future Internet session will not be available because it is stored in the authorized Internet user's hard drive 110. There are several rationales for using the secondary authentication in addition to the first authentication procedure.
  • the unique identifier identifies the CD-ROM 1 14b to the authentication server 336 and is written on the CD- ROM 114b upon creation, fraudulent use by an unauthorized Internet user is still possible if a secondary authentication procedure is not in place. For example, the unauthorized Internet user could use a stolen CD-ROM 1 14b to try to access the authentication server 336.
  • the Internet user receives a new identifier that is stored locally on the hard drive 110, rather than on the CD-ROM 1 14b. Because this secondary identifier is randomly generated and is stored on the hard drive 1 10, an unauthorized Internet user trying to access the authentication server 336 with the unique identifier will not be able to transmit the valid secondary identifier, and will be denied Internet access.
  • the flowchart 800 of FIG. 8 continues to the flowchart 900 of FIG. 9, with a label number 5, shown at 822. indicating where the flowcharts 800 and 900 connect.
  • the flowchart 900 shows a time-keeping procedure after the present Internet user has passed the first and second authentication procedures described above and shown in FIGS. 7 and 8.
  • the Internet sessions begins with transmission or activation of communication protocols, including the standard TCP/IP that may be required to initiate and continue the Internet communication.
  • the Internet user is free to browse the Internet 124 at step 904 by launching and using either the web browser in the CD-ROM 114b or a web browser already installed in the hard drive 110.
  • the authentication server 334 transmits a periodic query at step 906 to see if the Internet user is still connected for the purpose of tracking the Internet user's Internet access time.
  • the authentication server 334 can obtain information as to whether the Internet user is still connected by querying the PC 102 directly.
  • the authentication server 334 decrements the time value stored in the database 336 corresponding to the unique identifier at step 910 by an amount equivalent to the time elapsed since a previous query. For instance, the authentication server 334 can transmit queries to the PC 102 every minute, resulting in one-minute decrements to the time value. After decrementing the time value at step 910, the authentication server 334 checks at step 912 if any Internet access time is still available (e.g., whether the time value is ⁇ 0 minutes).
  • step 912 the authentication server 334 determines that there is no more Internet access time available under the unique identifier, the Internet user is notified to this effect at step 914.
  • the subsequent notification steps beginning at step 712 in the flowchart 700 of FIG. 7 repeat to allow the Internet user to decide whether to purchase additional Internet access time under the same unique identifier or whether to throw away the present CD-ROM 1 14b and purchase a new CD-ROM 1 14b with a new unique identifier.
  • the flowchart 1000 of FIG. 10 is a continuation of the time- keeping procedure illustrated by the flowchart 900 of FIG. 9, with a label number 6, shown at 916, indicating where the flowcharts 900 and 1000 connect.
  • the non-transmission of the "CONNECTED" statement indicates that the Internet user has logged off or that the Internet user's communication link has been disrupted. If the authentication server 334 does not receive the "CONNECTED” statement, then the time keeping under steps 906 and 910 ends at step 1002. The authentication server 334 disconnects the communication at step 706, and the deletion routine deletes temporary Internet files at step 708 which may have been stored in the Internet user's hard drive 110 during the Internet session. Whenever the Internet user wishes to use the remaining Internet access time under the unique identifier, the Internet user can insert the CD-ROM 114b into the CD-ROM drive 1 14a at step 1008, and the initial communication procedure described above repeats, starting at step 514 in the flowchart 500 of FIG.
  • this subsequent Internet session can utilize the new, randomly generated secondary identifier created at step 814 in the flowchart 800 of FIG. 8, in addition to the unique identifier existing in the CD-ROM 114b, if the Internet access disk system embodies the secondary identifier feature.
  • the time-keeping procedures illustrated in the flowcharts 900 and 1000 may not occur or may be disabled if an infinite time value has been assigned to the CD-ROM 114b (e.g., the Internet user has unrestricted Internet access time).
  • An embodiment for the deletion routine to delete temporary Internet files will now be described by making reference to the flowchart 1100 of FIG. 1 1.
  • the deletion routine is used to delete temporary Internet files stored in the hard drive 110 during an Internet session originated from the CD-ROM 114b.
  • the deletion routine is stored in the CD-ROM 1 14b purchased by the Internet user in step 407 of the flowchart 400 of FIG. 4.
  • the Internet user installs preferred settings into the deletion routine.
  • Step 1 101 can occur during step 510 of the installation procedure shown in the flowchart 500 of FIG. 5.
  • the preferred settings installed into the deletion routine can include, for instance, requiring the deletion routine to prompt the Internet user prior to deleting a cookie, requiring the deletion routine not to delete favorite Internet addresses saved from other Internet sessions unrelated to the current Internet session originated from the CD-ROM 1 14b, or requiring the deletion routine to delete history folders and bookmarks in addition to cookies.
  • the deletion routine creates a new, redirection directory in the hard drive 110. While the Internet user is accessing the Internet at step 1103, the protocol and driver layers 216 or the deletion routine stores temporary Internet files received during an Internet session in the redirection directory instead of in the default directory. Upon termination of the Internet session and a closing of the web browser 302 (see FIG. 3) at step 706, the deletion routine searches the redirection directory for temporary Internet files at step 1 105 which may have been stored during the Internet session. A default setting of the deletion routine will be to automatically delete all located temporary Internet files upon termination of the Internet session.
  • the default setting allows automatic deletion at step 1110 without further prompts to the Internet user, although it is also possible to set the deletion routine such that when the deletion routine locates the temporary Internet files, a listing of the temporary Internet file are displayed at step 1 106 on the screen 104 (see FIG. 1) of the PC 102 for review by the Internet user.
  • the Internet user can decide whether to delete the displayed temporary Internet files at step 1 108.
  • step 1 110 the files are deleted at step 1 110.
  • “Deletion” as described herein preferably means completely overwriting the temporary Internet files, rather than merely removing addressing information of the temporary Internet files Merely removing addressing information of the temporary Internet files does not result in a true deletion because memory regions in the hard drive 110 will continue to store the temporary Internet files until those memory regions are overwritten with new information.
  • the deletion routine restores the default directories to their previous settings at 1114 and deletes the redirection directory at step 1116.
  • deletion routine deletes the temporary Internet files as they are transmitted from the Internet 124, as opposed to deletion at the end of the Internet session.
  • the embodiments described above illustrate that the temporary Internet files are written into the hard drive 110 and are erased by the deletion routine in the CD-ROM 1 14b. It is possible to modify the invention such that the CD-ROM 114b contains a blocking routine as an alternative or in addition to the deletion routine. The blocking routine prevents temporary Internet files from even being written into the hard drive 110 at the start of the Internet session. Further, the CD-ROM 114b can have a disabling routine to intercept or disable user identification data, analogous to "caller identification" utilized by telephone systems, that is built into the PC 102 and is obtainable by a web site during an Internet session.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un système et un procédé d'accès à un réseau d'ordinateurs. Ce système comprend un serveur couplé au réseau afin de commander l'accès au réseau et une base de données accessible au serveur afin de stocker un premier identificateur et une valeur temps associée au premier identificateur. Le système comprend, en outre, un ordinateur destiné à lire un support d'enregistrement. Ce support d'enregistrement comprend une première instruction lisible par un ordinateur afin de traiter le premier identificateur, et une seconde instruction lisible par ordinateur ordonnant à l'ordinateur de transmettre automatiquement au le réseau le premier identificateur. Le serveur compare le premier identificateur transmis avec celui contenu dans la base de données, et autorise l'accès au réseau si les premiers identificateurs reçus et stockés correspondent et si la valeur temps excède une valeur sélectionnée. Si l'accès au réseau est autorisé et maintenu, la valeur temps est décrémentée d'une quantité correspondant à une quantité de temps pendant lequel l'accès au réseau est maintenu. Une routine de suppression associée au support d'enregistrement permet d'effacer l'information transmise à partir du réseau si l'accès au réseau est interrompu.
PCT/US2000/002892 1999-02-02 2000-02-02 Systeme et procede d'acces internet prepaye et anonyme WO2000046966A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU35888/00A AU3588800A (en) 1999-02-02 2000-02-02 System and method for prepaid and anonymous internet access

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US24310599A 1999-02-02 1999-02-02
US09/243,105 1999-02-02

Publications (2)

Publication Number Publication Date
WO2000046966A2 true WO2000046966A2 (fr) 2000-08-10
WO2000046966A3 WO2000046966A3 (fr) 2000-12-14

Family

ID=22917374

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/002892 WO2000046966A2 (fr) 1999-02-02 2000-02-02 Systeme et procede d'acces internet prepaye et anonyme

Country Status (2)

Country Link
AU (1) AU3588800A (fr)
WO (1) WO2000046966A2 (fr)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10008094A1 (de) * 2000-02-22 2001-08-30 Mundophone Telekommunikationsg Verfahren zum Auf- und Abbau einer Datenübertragungsstrecke und Datenübertragungseinrichtung zur Durchführung des Verfahrens
WO2002009394A2 (fr) * 2000-07-20 2002-01-31 Joseph Ron Systeme et procede de connexion automatique d'utilisateurs occasionnels d'internet a un service internet local
FR2817056A1 (fr) 2001-02-01 2002-05-24 Shok Procede d'acces prepaye a un reseau de communication
FR2830400A1 (fr) * 2001-09-28 2003-04-04 Republic Alley Technologies Procede et systeme d'acces en ligne au contenu de serveurs en reseau a partir d'un support du type cd-rom
WO2005116841A1 (fr) * 2004-05-26 2005-12-08 Matsushita Electric Industrial Co., Ltd. Systeme de reseau et procede de creation d'un environnement d'acces ad-hoc
FR2871316A1 (fr) * 2004-06-08 2005-12-09 France Telecom Procede et systeme de gestion d'acces a des services disponibles sur un reseau informatique
CN100438427C (zh) * 2003-02-10 2008-11-26 株式会社日立制作所 网络控制方法和设备
US7861091B2 (en) 2001-02-28 2010-12-28 O2Micro International Limited Smart card enabled secure computing environment system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0791888A2 (fr) * 1995-09-05 1997-08-27 Canon Kabushiki Kaisha Procédé et appareil pour la comptabilité, procédé et appareil pour recevoir des informations et système de communication
US5749075A (en) * 1995-06-06 1998-05-05 Interactive Media Works, L.L.C. Method for providing prepaid internet access and/or long distance calling including the distribution of specialized calling cards

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5749075A (en) * 1995-06-06 1998-05-05 Interactive Media Works, L.L.C. Method for providing prepaid internet access and/or long distance calling including the distribution of specialized calling cards
EP0791888A2 (fr) * 1995-09-05 1997-08-27 Canon Kabushiki Kaisha Procédé et appareil pour la comptabilité, procédé et appareil pour recevoir des informations et système de communication

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10008094A1 (de) * 2000-02-22 2001-08-30 Mundophone Telekommunikationsg Verfahren zum Auf- und Abbau einer Datenübertragungsstrecke und Datenübertragungseinrichtung zur Durchführung des Verfahrens
WO2002009394A2 (fr) * 2000-07-20 2002-01-31 Joseph Ron Systeme et procede de connexion automatique d'utilisateurs occasionnels d'internet a un service internet local
WO2002009394A3 (fr) * 2000-07-20 2002-05-30 Joseph Ron Systeme et procede de connexion automatique d'utilisateurs occasionnels d'internet a un service internet local
WO2002061642A3 (fr) * 2001-02-01 2004-02-12 Shok Procede d'acces prepaye a un reseau de communication
FR2817056A1 (fr) 2001-02-01 2002-05-24 Shok Procede d'acces prepaye a un reseau de communication
WO2002061642A2 (fr) * 2001-02-01 2002-08-08 Shok Procede d'acces prepaye a un reseau de communication
US7861091B2 (en) 2001-02-28 2010-12-28 O2Micro International Limited Smart card enabled secure computing environment system
WO2003030514A2 (fr) * 2001-09-28 2003-04-10 Omniservices Procede et systeme d'acces en lignes au contenu de serveurs en reseau par un cd-rom
WO2003030514A3 (fr) * 2001-09-28 2004-02-12 Omniservices Procede et systeme d'acces en lignes au contenu de serveurs en reseau par un cd-rom
FR2830400A1 (fr) * 2001-09-28 2003-04-04 Republic Alley Technologies Procede et systeme d'acces en ligne au contenu de serveurs en reseau a partir d'un support du type cd-rom
CN100438427C (zh) * 2003-02-10 2008-11-26 株式会社日立制作所 网络控制方法和设备
WO2005116841A1 (fr) * 2004-05-26 2005-12-08 Matsushita Electric Industrial Co., Ltd. Systeme de reseau et procede de creation d'un environnement d'acces ad-hoc
US8411562B2 (en) 2004-05-26 2013-04-02 Panasonic Corporation Network system and method for providing an ad-hoc access environment
FR2871316A1 (fr) * 2004-06-08 2005-12-09 France Telecom Procede et systeme de gestion d'acces a des services disponibles sur un reseau informatique

Also Published As

Publication number Publication date
WO2000046966A3 (fr) 2000-12-14
AU3588800A (en) 2000-08-25

Similar Documents

Publication Publication Date Title
US8972482B2 (en) Automated remote site downloading on a geographic drive
US7287271B1 (en) System and method for enabling secure access to services in a computer network
US8291482B2 (en) System for restricting content access and storage
US6141752A (en) Mechanism for facilitating secure storage and retrieval of information on a smart card by an internet service provider using various network computer client devices
US6108789A (en) Mechanism for users with internet service provider smart cards to roam among geographically disparate authorized network computer client devices without mediation of a central authority
EP0967765B1 (fr) Système et procédé de contrôle d'une connexion de réseau
KR100847596B1 (ko) 통신망 시스템, 게이트웨이, 데이터 통신방법과 프로그램제공매체
CA2341213C (fr) Systeme et procede permettant l'acces securise a des services dans un reseau informatique
US7200632B1 (en) Method and system for serving software applications to client computers
US7526762B1 (en) Network with mobile terminals as browsers having wireless access to the internet and method for using same
US7313826B2 (en) Connected support entitlement system method of operation
US20020013831A1 (en) System having mobile terminals with wireless access to the internet and method for doing same
US20020049675A1 (en) System and user interface for managing users and services over a wireless communications network
US20070277235A1 (en) System and method for providing user authentication and identity management
JP2000231544A (ja) ウエブサイトユーザ情報を匿名にて送信する方法
JP2004505375A (ja) 複数のエンド・ユーザに配布するためにネットワーク接続アプリケーションをカスタマイズし、更新する方法およびシステム
EP1595215A2 (fr) Procede et systeme pour securiser une application de connexion en vue de sa distribution a de multiples utilisateurs finaux
WO2000046966A2 (fr) Systeme et procede d'acces internet prepaye et anonyme
JP4551367B2 (ja) サービスシステムおよびサービスシステム制御方法
WO2001041392A2 (fr) Selection de reseau prive virtuel
US20020165976A1 (en) Software deployment in a data communications network
GB2389010A (en) Network access
EP1393523B1 (fr) Procédure et carte à puce destinées à la gestion de fichiers de données de type cookie
KR100328414B1 (ko) 공급자 부담 통신방법 및 이를 이용한 정보 서비스 시스템
JP3878845B2 (ja) 利用料金課金方法および課金装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase