HK1115696A - Network connection service providing device - Google Patents
Network connection service providing device Download PDFInfo
- Publication number
- HK1115696A HK1115696A HK08106268.4A HK08106268A HK1115696A HK 1115696 A HK1115696 A HK 1115696A HK 08106268 A HK08106268 A HK 08106268A HK 1115696 A HK1115696 A HK 1115696A
- Authority
- HK
- Hong Kong
- Prior art keywords
- access request
- private network
- internet
- registered
- service providing
- Prior art date
Links
Description
Technical Field
The present invention relates to a network connection service providing apparatus that allows use of the internet by securely transmitting personal information and the like.
Background
A so-called hotspot service system is known, for which an access point for wireless communication is installed at a station, an airport, a shop, or the like, so as to allow connection to the internet in a wireless manner by using a portable personal computer, a personal digital assistant, or the like (for example, see patent documents 1 and 2).
[ patent document 1] Japanese unexamined patent application publication No. 2003-218861
[ patent document 2] Japanese unexamined patent application publication No. 2004-
Disclosure of Invention
Problems to be solved by the invention
However, the so-called hotspot service provides only a connection service to the internet. In the case of communication over the internet, there is a risk of eavesdropping, tampering, and spoofing. For this reason, some users are hesitant to use important services such as electronic settlement through the internet.
The present invention has been made in view of these circumstances, and an object of the present invention is to provide a network connection service providing apparatus capable of connecting not only to the internet but also to a relatively secure private network when necessary.
Means for solving the problems
The network connection service providing device of the present invention includes: a specific address table in which addresses of servers connected to a private network other than the internet are registered; an authentication table in which an authorization to use the private network is registered; and a control device that receives an access request and relays the access request to the private network, the access request being assigned to an address registered in the specific address table, and its use authorization being registered in the authentication table, the control device further receiving an access address assigned to an address not registered in the specific address table, and relaying the access address to the internet.
In addition, the method further comprises the following steps: a wireless gateway device that receives an access request wirelessly and transmits the access request to a control device; and a router connecting the control device with a private network and the internet, which can provide private network services at so-called hotspots.
Further, the router receives an access request from the internet and relays the access request to the private network, the access request being assigned to an address registered in the specific address table, and its use authorization being registered in the authentication table, and the router also receives an access request from the private network and relays the access request to the internet, the access request being assigned to an address not registered in the specific address table, whereby communication can be conducted between a server connected to the private network and a server connected to the internet.
Effects of the invention
According to the invention, not only a connection to the internet but also, if necessary, a connection to a more secure private network can be made at a so-called hot spot or the like. This allows for secure transfer of personal information and also allows for the use of the internet.
Drawings
Fig. 1 is a block diagram showing a configuration of a network connection service providing apparatus according to embodiment 1 of the present invention.
Fig. 2 is a block diagram showing a configuration of a network connection service providing apparatus according to embodiment 2 of the present invention.
Reference numerals
1 Wireless gateway Unit
2 control unit
3 specific address table
4 authentication table
5 Router
10 communication terminal
11 control unit
12 specific address table
13 authentication table
20 private network
30 Internet
40 financial institution server
50 content provider server
60 Wireless gateway Unit
100 network connection service providing device
200 network connection service providing device
Detailed Description
Hereinafter, the best mode for carrying out the present invention will be described in detail with reference to the accompanying drawings.
Example 1
Fig. 1 is a block diagram showing a configuration of a network connection service providing apparatus according to embodiment 1 of the present invention. As an example, the network connection service providing apparatus 100 is equivalent to a hotspot service providing apparatus, and includes: a wireless gateway unit 1, a control unit 2 and a router 5. The control unit 2 includes a specific address table 3 and an authentication table 4. The wireless gateway unit 1 receives an access request to a predetermined address from the communication terminal 10, and the control unit 2 determines whether or not the address is a specific address existing in the specific address table 3. In the specific address table 3, addresses accessible via the private network 20 are registered in advance. When the destination address is not the specific address, as an example, the communication terminal 10 is caused to access the content provider server 50 via the router 5 and the general internet 30. When the destination address is a specific address, when it is further verified that the user has a qualification to receive a specific service as a result of comparison with the ID and password of each user registered in the authentication table 4, the control unit 2 relays an access request to the router 5 and the private network 20, and causes the communication terminal 10 to carry out communication of processing personal information with the financial institution server 40 or the like. The private network 20 is a network using the same communication protocol or address system as the internet 30 and independent of the internet 30. Therefore, it is rather difficult for a malicious third party to want to access the private network 20 via the internet 30, so that the user can securely transfer personal information via the private network 20. Since the private network 20 processes only a small amount of data such as personal information, the above-described processing can be realized by a small-sized device. When the destination address is a specific address and authorization cannot be obtained, the control unit 2 does not allow communication.
For example, it is assumed that the financial institution server 40 for electronic settlement has been installed on the private network 20, the address of the financial institution server 40 has been set in the specific address table 3, and the browser program has been installed in the communication terminal 10. When the browser program wants to access the financial institution server 40 for electronic calculation, a packet designated to the financial institution server 40 is transmitted from the communication terminal 10, which is relayed to the private network 20 via the router 5 since the destination of the packet is already registered in the specific address table 3. When the electronic settlement transaction between the communication terminal 10 and the financial institution server 40 has been successfully completed, the financial institution server 40 notifies the content provider server 50 of the fact, and when the browser of the communication terminal 10 accesses the content provider server 50, a large number of services can be received from the content provider server 50 via the internet 30. In this case, the router 5 may relay the packet without undergoing specific authentication. Instead, packet transmission from the content provider server 50 to the financial institution server 40 is carried out from the internet 30 via the router 5 and the private network 20. In this case, in order to ensure the security of the private network 20, the router 5 relays the packet to the private network 20 only when the packet is verified to have the qualification to access the private network 20 by the control unit 2. Further, when the content provider server 50 is secure, by providing a configuration (route a) directly connected to the private network 20 from the content provider server 50, a packet can be transmitted and received between the financial institution server 40 and the content provider server 50 via the private network 20.
Example 2
Fig. 2 is a block diagram showing a configuration of a network connection service providing apparatus according to embodiment 2 of the present invention. The network connection service providing apparatus 200 is equivalent to an ISP (internet service provider) by way of example, and includes a control unit 11, the control unit 11 having a specific address table 12 and an authentication table 13. A wireless gateway unit 60 equivalent to a hotspot service providing device is provided separately from the above-described components. The communication terminal 10, the private network 20, the internet 30, the financial institution server 40, and the content provider server 50 are the same as those in embodiment 1.
The network connection service providing apparatus 200 receives an access request for a predetermined address from the communication terminal 10 by the wireless gateway unit 60, and relays the access request to the private network 20 and the internet 30.
In this embodiment 2, the ISP provides a private network service. Also in this embodiment 2, the financial institution server 40 and the content provider server 50 may indirectly transmit and receive packets for communication via the network connection service providing apparatus 200, or directly transmit and receive packets for communication via the private network 20 (route a).
However, the present invention is not limited to the above-described embodiments.
All publications, patents and patent applications cited herein are incorporated by reference in their entirety.
Claims (3)
1. A network connection service providing apparatus comprising:
a specific address table in which addresses of servers connected to a private network other than the internet are registered;
an authentication table in which an authorization to use the private network is registered; and
a control means that receives an access request and relays the access request to the private network, the access request being assigned to an address registered in the specific address table, and its usage authorization being registered in the authentication table, and the control means receives an access request assigned to an address not registered in the specific address table, and relays the access request to the internet.
2. The network connection service providing apparatus as claimed in claim 1, further comprising:
a wireless gateway device that wirelessly receives an access request and transmits the access request to the control device; and
a router connecting the control device with the private network and the Internet.
3. The network connection service providing apparatus according to claim 2,
the router receives an access request from the internet and relays the access request to the private network, the access request being assigned to an address registered in the specific address table and its usage authorization being registered in the authentication table, and the router receives an access request from the private network and relays the access request to the internet, the access request being assigned to an address not registered in the specific address table.
Publications (1)
| Publication Number | Publication Date |
|---|---|
| HK1115696A true HK1115696A (en) | 2008-12-05 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20110047270A1 (en) | Network connection service providing device | |
| US8537841B2 (en) | Connection support apparatus and gateway apparatus | |
| US8151336B2 (en) | Devices and methods for secure internet transactions | |
| US7992212B2 (en) | Mobile terminal and gateway for remotely controlling data transfer from secure network | |
| EP1500223B1 (en) | Transitive authentication authorization accounting in interworking between access networks | |
| EP2039110B1 (en) | Method and system for controlling access to networks | |
| US20050277434A1 (en) | Access controller | |
| JP4666169B2 (en) | Method of communication via untrusted access station | |
| EP1681828A1 (en) | An access information relay device, a network device, an access information managing device, a resource managing device and an access control system | |
| US20060073811A1 (en) | System and method for authentication in a mobile communications system | |
| US20100122338A1 (en) | Network system, dhcp server device, and dhcp client device | |
| JP2004505383A (en) | System for distributed network authentication and access control | |
| JP2008518533A (en) | Method and system for transparently authenticating mobile users and accessing web services | |
| JP2006524017A (en) | ID mapping mechanism for controlling wireless LAN access with public authentication server | |
| US20050209975A1 (en) | System, method and computer program product for conducting a secure transaction via a network | |
| CN101090400A (en) | Safety transmitting method and system for information of mobile user | |
| JP4002844B2 (en) | Gateway device and network connection method | |
| US8990349B2 (en) | Identifying a location of a server | |
| HK1115696A (en) | Network connection service providing device | |
| JP4009273B2 (en) | Communication method | |
| KR20060094453A (en) | Authentication method and system for part-time service using EAP | |
| JP2007334753A (en) | Access management system and method | |
| WO2013062393A1 (en) | Method and apparatus for supporting single sign-on in a mobile communication system | |
| JP2006033443A (en) | System, method and program for internet connection | |
| CN1474551A (en) | Wireless area network authentication method |