<Desc / Clms Page number 1>
Method and device for controlling access to a communication network Technical field The invention relates to a method and device for controlling access to a communication network.
A communication network provides a transmission path between locally distant communication participants for the purpose-specific transfer or exchange of information.
The transmission path is usually made up of sections that are connected via network nodes. The transmission path can be a logical channel on a wired transmission link or a radio channel.
In networks in which connected stations compete for permission to send, it is necessary to coordinate access to the network. A well-known, deterministic media access method is, for example, the token passing method according to the IEtE 802.5 standard, which only ever makes the medium available exclusively to a station willing to transmit for the transmission of a frame.
Among the communication networks, the Internet has developed with incomparable growth in terms of the number of participants, the performance and the topographical development into a communication system that has led to sustainable changes in both the commercial and private sectors. The Internet is a self-contained, global network in which a large number of networks from different operators can be linked via so-called routers, which are special node computers.
<Desc / Clms Page number 2>
A communication participant sees the Internet as a large, self-contained global network to which providers, so-called Internet Service Providers (ISP), have access in the role of door openers. An Internet service provider maintains the necessary infrastructure, such as local, regional, national or international networks, routers, modem servers and dedicated lines. The communication participant, the user of this infrastructure, pays the provider a fee for this service.
Internet access in the private sector can take place, for example, in such a way that a connection between the user's computer modem and the Internet service provider (ISP) is established when the user calls. After establishing this connection, the Internet service provider (ISP) asks the user to enter his user ID and password. After sending this message, the Internet service provider (ISP) compares this information with data in an internal database. Then he decides whether to provide the user with access to the Internet or to deny access. An Internet connection that was established by calling the Internet service provider continues until the Internet user or the ISP disconnects.
The charging can take place in different ways. A monthly basic fee, a time-dependent fee or a fixed price, a so-called "flat rate", is customary for the provision of the infrastructure.
In addition to the infrastructure offered for access to the Internet, the Internet service provider can also offer the user additional communication applications, such as so-called chat rooms, news services, etc. Access service providers (ASP) are also named in the literature for an access service provider who only provides the technical infrastructure for Internet access via his access server (AS).
<Desc / Clms Page number 3>
In the following, an Internet access service provider, which offers its services in the home country of the user, as a home Internet service provider, abbreviated to HISP, and an access service provider, which provides its services abroad, as a remote Internet service Provider, abbreviated to RISP.
Home internet service providers (HISP) and remote internet service providers (RISP) are usually different legal entities. The organizational form of a HISP or a RISP can be a commercial organization, e.g. B: a company, or a non-commercial organization, e.g. B.: be a university.
Every computer in a home or foreign network on the Internet has a so-called IP address, which is a numerical, logical address that is unique for the entire Internet. It is assigned to a computer statically or dynamically. As soon as a client leaves the home network, the IP address also changes in conventional IP-based networks.
Communication participants who frequently travel abroad have the need to use the Internet infrastructure abroad, wherever possible, without restrictions as if they were at home. However, this use is currently subject to various restrictions.
State of the art There are various options for accessing the Internet abroad with a mobile device such as a laptop or a Personal Digital Assistant (PDA).
A comparatively inexpensive access to the Internet can be established abroad via so-called Internet cafes.
An internet cafe is public and allows i. d. Usually not the use of private devices. Access is therefore limited to the technical options offered. Further
<Desc / Clms Page number 4>
unprotected privacy and poor data security are perceived as disadvantageous by many users.
Another option is to establish Internet access using a mobile phone. Within a radio cell, access can be used locally without restriction. Some hotels and airports also offer their guests wireless Internet access via a Wireless Local Area Network (WLAN), provided the participant's mobile device has a WLAN card. The resulting fee for the Internet connection is comparatively high.
A third possibility of using Internet access abroad is that the subscriber can register with his home access provider for Internet roaming and thereby use the services of a third-party access provider who is in a contractual relationship with the subscriber's home access provider abroad can take.
The subscriber can keep his private devices as well as his user ID and his password. The fee for Internet access is charged to the user by the home access provider. The disadvantage here, however, is that access is not possible from every location, but is restricted to those dial-in nodes that the contractual partner offers abroad. In addition, there are usually time-dependent roaming charges. The contractual partner abroad does not always correspond to the ideas of the user, which is also considered disadvantageous.
DESCRIPTION OF THE INVENTION The object of the present invention is to specify a method and a device for controlling access to the Internet in such a way that worldwide access is possible abroad without being restricted to specific access providers.
<Desc / Clms Page number 5>
This object is achieved in a method by the features of patent claim 1 and in a device according to the features in patent claim 11. The subclaims refer to advantageous embodiments of the invention.
A major aspect of the invention is a token-based interaction between a home service provider, a third-party service provider, and a financial service provider.
For the purposes of the invention, a token is to be understood as an electronic document via which a user abroad gains access to the Internet. The token reflects a monetary value for an internet service applied for abroad. The document can have an XML structure, for example. Depending on the procedure, this document contains a description of the service requested by the user, a digital signature and / or a digital certificate. The issuer of the signature can be clearly identified by means of a digital signature. In this way, a relationship of trust can be established between the parties involved, which forms the basis for the secure billing of an Internet service used abroad.
The method according to the invention provides that a token request is sent to the home service provider by a communication subscriber via the third-party access provider, that at least one token is sent from the home service provider to the third-party access provider, and that the third-party access provider receives and validates the token a decision is made to at least one token as to whether access to the communication network is provided or denied to the communication subscriber.
The token is validated through an interaction between the home service provider, the third-party access provider and the financial service provider. The financial service provider acts as a clearing house. H. he practices the functional
<Desc / Clms Page number 6>
from a cash register, a billing exchange or giro center. The financial service provider can be a credit card company, for example.
The procedure according to the invention makes it possible that in advance, i. H. Before the communication subscriber abroad is granted an internet connection, certainty about the settlement is established. This enables global access. There is no restriction to certain Internet service providers abroad, since an existing contractual relationship between a home service provider and a third party access provider is no longer a prerequisite; rather, a contractual relationship becomes somewhat dynamic, that is. shortly before using the service. The consequence of this is that access to the Internet is not restricted to certain providers for the user.
The gateway to the Internet is open to a communication participant anywhere where the technical requirements for Internet access with the roaming according to the invention are present. At any of these connection facilities, he can apply for access to the Internet at any time using a mobile device and any necessary adapters. Another advantage is that the user can keep his user ID and password abroad in the usual way.
It is advantageous if the at least one token contains information about costs for the requested internet service.
This enables price information about the desired service to be sent to the communication partner abroad. If this information is given in his home currency, it is very easy for him to decide whether he would like the service on the terms transmitted. The third-party access provider, who physically makes its facilities available to the user abroad, sets the fee for this service, but the modality of billing remains unchanged for the user, since
<Desc / Clms Page number 7>
he receives his billing in the usual way from his home access provider. In a broader sense, the invention makes it possible to use the Internet from any Internet socket.
BRIEF DESCRIPTION OF THE DRAWING To further explain the invention, reference is made to the drawings in which an embodiment according to the invention is shown schematically in the figures. FIG. 1 shows the Internet as a simplified representation
Connection network with a communication subscriber who has access to a third-party access provider
Internet requested; Figure 2 is a schematic representation of a sequence of the access method according to the invention.
EMBODIMENT OF THE INVENTION FIG. 1 shows the structure of the Internet IN as a computer network consisting of a large number of autonomous networks. An external network RN and a home network HN are shown as examples in the drawing. The individual networks are connected by routers. The illustration shows a communication subscriber UA who is registered with a home service provider HISP, but is connected with his subscriber terminal to the external network RN of a third-party service provider RISP. The user UA requests access to the Internet IN via the network operator RISP abroad.
FIG. 2 shows the sequence of the method according to the invention step by step. The process steps of the interaction between the communication subscriber UA, the third-party service provider RISP, the home service provider HISP and a clearing house CH are shown in the drawing
<Desc / Clms Page number 8>
Arrows appear. For the sake of simplicity, the third-party service provider RISP and the home service provider HISP are only shown with one server, the access server AS and the token server TS. In reality, the network RN or the network HN can comprise a large number of servers. The network HN can, however, also consist of only one server, which is used exclusively for the billing of a communication service (cheap service provider).
Initially, the communication subscriber UA in the foreign network RN is blocked from access to the Internet IN by the foreign service provider RISP, but the establishment of a connection to his original network HN is granted. According to steps 1 and 2, the communication subscriber UA sends a token request to an access server AS of the third-party service provider RISP, which forwards this message to a token server TS of the home service provider HISP. The token server TS in the originating network HN of the communication subscriber UA supplements this token request with price information. This price information reflects the service requested by the communication participant UA abroad. As a service provider, the third-party service provider RISP determines the price of the goods. As a rule, he will indicate the price of his goods in his currency.
The token server TS converts this price information from the third-party service provider RISP into the currency of the communication subscriber UA. It supplements the token with this converted price information and sends a signed token back to the access server AS. Upon receipt of the token signed by the home service provider HISP, the third-party service provider RISP checks the solvency of the HISP by transmitting the token to a clearing house CH (step 4). The clearing house is a server in the Internet IN that can be addressed by any access server AS. As already mentioned above, the clearing house CH can be a credit card company, for example. The digital signature clearly identifies the issuer of the signature.
In the clearing house CH
<Desc / Clms Page number 9>
this server, which is not shown in more detail in FIG. 2, receives the token. The Clearing House server is set up so that it can validate the token.
After the token has been checked, the clearing house CH in turn supplements the token with a digital signature and sends it back to the access server AS of the third-party service provider RISP (step 5). With the digital signature, the clearing house is liable to the third-party service provider RISP for the home service provider HISP, because it confirms the token from the home service provider HISP with the feedback.
Since both third-party service providers RISP and home service provider HISP trust the clearing house, it is possible to create a basis of trust for secure payment between the third-party service provider RISP and the home service provider HISP: The third-party service provider RISP can trust that he securely receives the fee for the service requested by the communication subscriber UA in his network from the home service provider HISP. In step 6, the validated token is sent from the access server AS of the third-party service provider RISP to the communication subscriber UA. This signals to him that access to the Internet from his current location abroad can be opened at his request. The user can now decide whether he wants to continue to do so.
The basis is the price information for the requested service, which is preferably sent to him in his home currency. In the response to the access server AS in step 7, he communicates his decision to the third-party service provider RISP. Depending on this decision, the third-party service provider RISP opens the door to the Internet for him or not. The IN user will be billed at a later date by his home service provider.
The process sequence shown above is started again when the monetary value of the token has been used up or the
<Desc / Clms Page number 10>
User changes location and may therefore have to apply for access again.
If the user does not have his own certificate and thus does not have a valid signature, a one-time password or other identification information, for example a transaction number, can also be used instead.