KR20040004724A - Wireless LAN service system providing proxy gateway and method thereof - Google Patents

Abstract

PURPOSE: A wireless LAN service system and method for providing a proxy gateway is provided to extend the usability of mobile terminals by executing an application program, impossible to be executed in a mobile terminal, by proxy and providing it remotely and to increase QoS(Quality of Service) by adjusting the traffic bandwidth between a wireless LAN and the Internet. CONSTITUTION: A wireless LAN service system is comprised of a central management server(40), an NIF(Network Interface) part(10), an INET data processing part(20), a proxy gateway(30), and a database(50). The NIF part(10) consists of the first NIF(12) and the second NIF(14). The second NIF(14) is connected with the central management server(40) through an external network(400). The INET data processing part(20) is comprised of a DHCP(Dynamic Host Configuration Protocol) unit(21), a NAT(Network Address Translation) unit(22), an HTTP R/D(Redirection) unit(23), a path setup unit(24), a DNS R/D unit(25), and an IP forwarding unit(26). The proxy gateway(30) includes a registration unit(31), an authentication and billing unit(32), a game providing unit(33), a QoS unit(34), a streaming unit(35), a cache unit(36), and a VPN(Virtual Private Network) unit(37).

Description

Wireless LAN service system providing proxy gateway and method thereof {Wireless LAN service system providing proxy gateway and method

The present invention relates to a wireless LAN service system for providing a proxy gateway and a method thereof, and more particularly, to automatically connect a user terminal through a wireless LAN, and to provide an Internet service by interworking with an external network using an automatically connected user terminal. It authenticates the user terminal, controls the wireless LAN connection, executes the game execution module for each user terminal, transmits and receives game data for remote operation, manages traffic bandwidth, multicasts the Internet live broadcast, and is repeatedly connected. The present invention relates to a WLAN service system and method for automatically storing content and constructing a virtual network between a plurality of proxy gateways.

Wireless LAN, which expands the local area network by using wireless transmission technology in an environment where it is difficult to install the existing wired network, has caused considerable expectation for its utilization due to various advantages. In the case of a large number of previous installation costs and consumables, a wireless network has the efficiency that does not require any additional cost except that once the network is expanded. Therefore, in a work environment requiring maintenance, relocation, mobility, etc., or where a relatively large sales organization is required (e.g., insurance companies, car sales offices, etc.), even if a wired network environment is established, it is not sufficient to supplement dynamic business activities. Is the best solution available to distributors, local sales offices, logistics companies, manufacturers, schools and warehouses.

The WLAN is a device for WLAN, a service registration method, and a method used according to the number of mobile communication terminals to be connected, the size of an area requiring a service, the type of service provided for each ISP, and the involvement of a WLAN service provider. If you look at the configuration and services of the basic WLAN as follows.

First, an ISP equipped with a backbone network directly installs an AP device and provides a WLAN service by renting a registered PC card or a mobile communication terminal to a user who applied for WLAN service. Since the communication terminal has information, the service user does not need to perform a separate procedure for roaming between service areas of the AP device. Second, an ISP equipped with a backbone network and an AP device may provide a wireless LAN service for a general public who uses a mobile communication terminal of each individual. Third, there is a case where a WLAN service provider provides an WLAN service by installing an AP device and connecting an ISP to a service user. Fourth, the ISP may provide a wireless LAN service to a wireless LAN service provider and individual users in a wider area than the aforementioned cases by implementing the inter-regional network configuration as a wireless LAN equipment.

However, since the existing WLAN service system only provides a simple function of a gateway for linking a wired transmission channel with a wireless transmission channel to construct a local area network and relays Internet data communication, it is applied to the existing WLAN service system. There is a need to add a gateway function.

In particular, mobile communication terminals such as PDAs (Personal Digital Assistants), HPCs (Hand PCs), Pocket PCs, Web pads, WAP phones, etc., have limited onboard memory and are therefore incapable of executing applications (e.g., online games with many participants). ) Is a lot.

In addition, when the WLAN service system is installed in an area with a large number of mobile populations, there is a problem in traffic due to the limitation of bandwidth, resulting in unbalanced bandwidth allocation. For example, streaming data, such as Internet live broadcasting, may be disconnected when the reception is irregular.

In addition, when a WLAN is installed in a distributed business area located in various regions and a LAN is installed in an enterprise, information security must be maintained, so that a plurality of WLAN service systems can be used by using a dedicated line. There is a need to build a network. However, when these companies lease their own lines or set up their own networks (especially when a large number of WLAN systems are distributed over a long distance), expensive cost problems arise, thus providing a secure public network resource. Sharing is required.

In this regard, functions such as an existing firewall server, proxy server, or virtual private network (VPN) server, game server function, streaming transmission server function, and cache server function are implemented on a WLAN service system. There is a growing need to develop service systems as proxy gateways and content gateways.

The present invention has been made to meet the above requirements, the central management server for controlling the proxy gateway, authentication charging means for authenticating the user terminal to control the wireless LAN access and generate the charging information, game for each user terminal Game providing means for transmitting and receiving game data to be remotely operated by executing the execution module, QoS means for managing the bandwidth of traffic, Streaming means for tunneling and restoring encapsulated stream data packets, Automatic storage of repeated content A proxy gateway having a cache means, a central management server, and a VPN means for establishing a virtual private network with another proxy gateway, and automatically connecting a user terminal through a wireless LAN, and using an external network as a user terminal. Internet service in conjunction with To provide a unit and provide NIF INET WLAN service system comprising a data processor and method for that purpose.

1 is a block diagram schematically illustrating a form in which a wireless LAN service system providing a proxy gateway according to a first embodiment of the present invention is connected to an external device through an internal / external network.

FIG. 2 is a block diagram schematically illustrating a form in which a WLAN service system providing a proxy gateway according to a second embodiment of the present invention is connected to an external device through an internal / external network.

3 is a block diagram schematically illustrating a form in which a WLAN service system providing a proxy gateway according to a third embodiment of the present invention is connected to an external device through an internal / external network.

4 is a block diagram schematically illustrating an internal configuration of a WLAN service system that provides a proxy gateway according to a second embodiment of the present invention.

5 to 7 are record tables illustrating a data structure of a database of a WLAN service system for providing a proxy gateway according to the present invention.

8 to 9 are flowcharts illustrating a method for providing a WLAN service through a proxy gateway according to the present invention.

<Explanation of symbols for main parts of drawing>

10: NIF section 12: first NIF

14: 2NIF20: INET data processing unit

21: DHCP means 22: NAT means

23: HTTP R / D means 24: Path setting means

25: DNS R / D means 26: IP forwarding means

30: proxy gateway 31: registration means

32: authentication charging means 33: game providing means

34: QoS means 35: streaming means

36: cache means 37: VPN means

40: central management server 50: database

300: WLAN service system providing proxy gateway

In order to achieve the above object, the wireless LAN service system providing a proxy gateway according to the present invention is assigned to each of the wired / wireless internal network and the external network including a wireless access device is activated to transmit and receive data by setting the network information Or an NIF unit which is inactivated not to transmit or receive data; Receives and authenticates identification information from the user terminal connected through the NIF unit, controls the wireless LAN access, authenticates the billing means for generating the billing information, and receives and installs the game execution module from the game content providing server connected through the external network. A proxy gateway having game providing means for transmitting and receiving game data so as to remotely operate a game executed by a user terminal by executing a game execution module for each desired user terminal; And network address translation function, real-time input of external authorized network gateway for external network communication to adjust routing routines, and centralize lookup requests to a single authorized DNS server to handle message traffic between internal and external networks and IP packets By forwarding the data, INET data processing unit for processing the data communication between the internal / external network to provide a wireless LAN service and to function a proxy gateway.

In order to achieve the above object, the wireless LAN service providing method through a proxy gateway according to the present invention comprises the steps of (a) receiving and installing a game execution module from the content providing server; (b) receiving and authenticating identification information from a user terminal connected through a wired / wireless internal network, and if authenticated, controlling wireless LAN access of the user terminal and initiating charging; (c) classifying line speeds, allocating bandwidth of traffic, fairly allocating traffic, analyzing traffic usage by adjusting the transmission rate of TCP / UDP, and managing traffic; (d) when the user terminal requests access to the game content providing server, the game providing means executing the game execution module for each user terminal and transmitting and receiving game data so that the user terminal can remotely operate the executed game; And (e) generating charging information according to the use of the WLAN service as the user terminal terminates the access.

Hereinafter, a WLAN service system for providing a proxy gateway according to the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram schematically illustrating a form in which a WLAN service system 300 providing a proxy gateway according to a first embodiment of the present invention is connected to an external device through an internal / external network.

Referring to Fig. 1, a first embodiment of a WLAN service system (hereinafter referred to as " WLAN system according to the present invention ") 300 that provides a proxy gateway according to the present invention is the NIF unit 10, INET. The data processing unit 20 and the proxy gateway 30 are configured, and the NIF unit 10 connects the user terminal 100 through the wired / wireless internal network 200. In addition, the NIF unit 10 is connected to the content providing server 500 through the external network 400.

Here, the user terminal 100 is a PDA (Personal Digital Assistant), a mobile phone, a notebook, a web pad equipped with a wireless LAN card such as a wireless LAN data communication device, or a NIC (Network Interface Card) equipped with a wired LAN data communication This means a possible terminal device, etc., and has been used in a broad concept encompassing a mobile device that is movable and connectable to a LAN.

The wired / wireless internal network 200 may connect the user terminal 100 to the WLAN service system 300 according to the present invention using, for example, an access point (AP), a switch hub, a serial cable, or the like. Can be.

In view of the motive of the invention of the wireless LAN system 300 according to the present invention, it is preferable to use the Internet as the external network 400 rather than renting a leased line or constructing its own network individually.

In a first embodiment of a wireless LAN system according to the present invention, the user terminal 100 is automatically connected through a wireless LAN (that is, the internal network 200), and the user terminal 100 is automatically connected to an external network in interworking manner. Provide internet service. In addition, the first embodiment of the wireless LAN system according to the present invention authenticates the user terminal 100 to control the wireless LAN connection, and executes the game execution module for each user terminal to transmit and receive game data to enable remote operation, In addition, it provides a function of traffic bandwidth management, multicasting of Internet live broadcasting, automatic storage of repeated access content, and establishing a virtual network network between a plurality of proxy gateways 30.

The NIF (Network InterFace) part of the first embodiment of the wireless LAN system according to the present invention refers to an Ethernet device, and automatically connects to the user terminal 100 (P & P (Plug and Play): a terminal user to set up a network environment on the terminal). To provide access to a wireless LAN system without manipulation), the first NIF is divided into a first NIF and a second NIF, and the first NIF is set for a local network, and the second NIF is for a public network. Can be set. In this way, Ethernet devices are divided into internal and external networks, and network P & P functions, authentication / billing functions, etc. are performed by performing various transmission processes at the transport layer and the network layer (each of the third and fourth layers of OSI (Open System Interconnection)). Can be performed.

The INET (Ip NETwork) data processing unit performs an interface function between the first NIF and the second NIF, and provides a network P & P service, and provides DHCP, IP / Mac filtering, network address translation, etc., as well as external Internet services.

The NIF unit 10, the INET data processing unit 20, and the proxy gateway 30 will be described in detail with reference to FIG. 4 below.

The content providing server 500 refers to a server (eg, a web server, a swap server, etc.) that provides wired / wireless internet content including game content and live broadcast content.

FIG. 2 is a block diagram schematically illustrating a manner in which a WLAN service system 300 providing a proxy gateway according to a second embodiment of the present invention is connected to an external device through an internal / external network.

According to Figure 2, the second embodiment of the wireless LAN system according to the present invention comprises a NIF unit 10, INET data processing unit 20, proxy gateway 30 and the central management server 40, the central management server Further having 40 is a difference from the above-described first embodiment of the present invention.

While the NIF unit 10, the INET data processing unit 20, and the proxy gateway 30 are preferably installed in one housing in a set, the central management server 40 is connected to the NIF unit 10 through an external network 400. ). This is for the administrator to manage the proxy gateway 30 at a remote location.

The central management server 40 may adjust the function of the proxy gateway 30 which is an agent by transmitting various setting information. The description thereof will be described later with reference to FIG. 4.

3 is a block diagram schematically illustrating a form in which a WLAN service system 300 providing a proxy gateway according to a third embodiment of the present invention is connected to an external device through an internal / external network.

According to FIG. 3, the third embodiment of the WLAN system of the present invention has the same configuration as the above-described second embodiment of the present invention, but includes only one set of NIF unit, proxy gateway, and INET data processing unit (Fig. The first NIF unit 10a, the first INET data processing unit 20a, and the first proxy gateway 30a form one set, and the nNIF unit 10b, the nINET data processing unit 20b, and the nth proxy gateway ( 30b) is shown to form another set), which is installed in various regions and managed by the central management server 40. At this time, the number of internal networks 200a and 200b is also provided.

In this case, for example, a set of NIF units 10a, 10b, INET data processing units 20a, 20b, and proxy gateways 30a, 30b are respectively installed in a chain-type business space, and the central management server 40 of the head office manages them. For example, the form.

The central management server 40 connected to the NIF units 10a and 10b through the external network 400 not only controls the proxy gateways 30a and 30b as described above, but also between the proxy gateways 30a and 30b. Handles data communication.

In the following description, the WLAN system 300 according to the present invention has the configuration of the third embodiment of the present invention shown in FIG. 3, and in the description of each internal configuration, overlapping components are provided for convenience. Description will be made based on the second embodiment of the present invention according to FIG.

4 is a block diagram schematically showing an internal configuration of a WLAN service system 300 that provides a proxy gateway according to a second embodiment of the present invention.

Referring to FIG. 4, the WLAN system 300 according to the present invention includes a central management server 40, a NIF unit 10, an INET data processing unit 20, a proxy gateway 30, and a database 50. The NIF unit 10 includes a first NIF 12 and a second NIF 14, and the second NIF 14 unit is connected to the central management server 40 through an external network 400. In addition, the INET data processing unit 20 includes DHCP means 21, NAT means 22, HTTP R / D means 23, routing means 24, DNS R / D means 25, and IP forwarding means ( And a proxy gateway 30, the registration means 31, the authentication charging means 32, the game providing means 33, the QoS means 34, the streaming means 35, and the cache means 36. ) And VPN means (37).

The first NIF 12 and the second NIF 14 are means for transmitting / receiving data through a WLAN in a predetermined frequency band (currently, a 2.3 GHz to 2.4 GHz frequency band is generally not required). , A wireless LAN card, a USB client, etc.) and a connection port of a wired transmission medium to transmit and receive wired LAN data. In general, the NIF unit 10 follows the high speed 802.11 standard of the DSSS (Direct Sequence Spread Spectrum) method. The first NIF 12 communicates data with the radio access device.

The first NIF 12 is configured with network bandwidth information so as to receive all packet data transmitted from the user terminal 100 connected through the wired / wireless LAN without adjusting the network configuration information (ie, sub-network mask). "0.0.0.0"), the system is set to work with the internal network. On the other hand, in the second NIF 14, the network bandwidth information is set so as not to receive all the packet data transmitted from the user terminal 100 (that is, the sub-network mask is set to "255.255.255.255") and interworked with the external network. System is configured.

When the first NIF 12 and the second NIF 14 are set in this manner, all of the first NIF 12 allocated to the internal network is transmitted from the user terminal 100 regardless of the network configuration information of the user terminal 100. Packet data can be received.

In addition, the INET data processing unit 20 sets the IP address of the first NIF 12 as a gateway in the routing table and does not set the gateway information (the gateway information of the second NIF 14) of the external authorized network, thereby directionalizing the packet data. Is switched to the first NIF 12.

DHCP (Dynamic Host Configuration Protocol) means 21 sets the IP address to a private IP address (for example, "192.168.1.1") of a predetermined network band if the user terminal 100 that has transmitted the packet data has set a floating IP, If the sub network mask is set to "255.255.255.0", a private IP address of "192.168.1.2" to "192.168.1.254" can be assigned to the terminal.

The NAT means 22 generates a translation table that maps the network address (fixed IP address or assigned private IP address) of the user terminal 100 to a network address combined with one public IP address and a plurality of port numbers. This Network Address Translation (NAT) is an IP address translation technology called "IP Masquerading" (or "Port Address Translation" ("Alias") ", ie multiple private IP addresses and unrecognizable. It converts fixed IP address into one public IP address and maps (translates) multiple IP addresses using port numbers. In addition, the NAT means 22 performs additional processing such as checksum, TCP sequence number, TCP recognition number correction, as well as replacement of the address field to correct the operation of the IP protocol and the TCP protocol.

The routing means 24 inputs an external public network gateway in a routing table in real time to transmit the packet data converted to the first NIF 12 to the external network 400, and according to the starting point address and the destination address of the packet data. The input / output path routines of the first NIF 12 and the second NIF 14 are set in the routing table. Therefore, the packet data received by the entire first NIF 12 can be forcibly forwarded to the outside network.

The DNS R / D (ReDirection) means replaces the DNS server address of the packet data transmitted by the user terminal 100 and redirects the packet data to one authorized DNS server (server provided in the ISP server) to request a lookup request. To focus.

As the IP forwarding means 26, the NAT means 22, routing means 24 and DNS R / D means 25 performs data processing in the transport layer, as described above, the socket program, the transmission routine, The network layer and the link layer perform a transmission function, and forward the corresponding data packet to the first NIF 12, the second NIF 14, and the proxy gateway 30.

The HTTP R / D means 23 changes the destination address of the packet data redirected to the first NIF 12 to the address of the proxy gateway 30 so that the proxy gateway 30 provides a service to the user terminal 100. . In addition, when the packet data is transmitted from the proxy gateway 30, the HTTP R / D means 23 replaces the start address of the response packet with the destination address of the packet data at the first service request, and the first address is entered in the destination address field. Record the IP address of the user terminal 100 that is the starting point address.

The HTTP R / D means 23 may provide an automatic website access function to the user terminal 100 by redirecting IP packet data transmitted from the user terminal 100 to a predetermined website server. If the broadcast is reserved, the streaming means 35 stream-transmits the stream data packet to the user terminal 100 according to the redirected packet.

The INET data processing unit 20 may be implemented using, for example, a Linux system, and the routing means 24 implemented in Linux may include three routing tables: a neighbor table, a forwarding information base (FIB) table, and a routing cache. Keep it.

The INET data processing unit 20 may be configured as, for example, a kind of "Linux box". The INET data processing unit 20 includes all data processing modules of the OSI 7 layer for a WLAN data transmission service and requests a program interface through a kernel. The data processing module may be an application program, a socket, a transmission routine, a network layer, a link layer, a transmission device, a bus, a port, and the like. The kernel includes an interrupt handler, a scheduler, a supervisor, a network flag, a kernel memory, and the like. Each means of the INET data processing unit 20 functions through a series of program interfaces. Such a Linux system, OSI layer 7 and the kernel is a technical matter well known to those skilled in the art to which the present invention belongs, detailed description thereof will be omitted.

In addition, the INET data processing unit 20 is an Internet connection protocol used by the user terminal 100 (for example, Transmission Control Protocol / Internet Protocol (TCP / IP), Wireless Application Protocol (WAP), and Binary Runtime Environment for BREW). Wireless (IP), ME (Mobile Explorer), I-mode, etc. types are recognized and processed to forward IP packet data to apply to the protocol.

Hereinafter, each means of the proxy gateway 30 will be described.

When the registration means 31 permits the user terminal 100 to access through the first NIF 12 and the user's Mac address is not registered or the user requests registration without inputting identification information for authentication. In the following, an information input window for registration is provided to the user terminal 100 by the above-described HTTP redirection function.

The registration means 31 receives registration information including personal information and identification information through an information input window and stores the registration information in the database 50. Here, the personal information means information such as name, social security number, age, gender, address, occupation, and the like, and the identification information is input by the user as information for identifying the user when the user terminal 100 accesses the browser. IP address, password, etc. may be used, or the MAC address of the terminal or a fixed IP address may be used.

However, the user may access the central management server 40 and perform service registration through the subscriber portal site. In this case, the registration means 31 receives user registration information from the central management server 40 and adds information. Can be deleted / modified.

The authentication charging means 32 receives the identification information by providing the identification information input window to the user terminal 100 (when the user registers by inputting the MAC address of the terminal, it can automatically authenticate without a separate identification information input window). And the MAC address or ID recorded in the database 50 are authenticated.

When the user is authenticated, the authentication charging means 32 causes the IP forwarding means 26 to provide the WLAN service and starts charging. At this time, the authentication charging means 32 records the wireless LAN service start time, and provides a logout window to the user terminal 100. When the terminal user logs out, the service termination time is recorded and the WLAN service fee is calculated. In addition, the authentication charging means 32 may calculate the WLAN service fee by counting the number of bytes of packet data transmitted and received by the user terminal 100 during the recorded time.

The game providing means 33 receives and installs a game execution module from the game content providing server 500 connected through the external network 400, and transmits the game execution module to the user terminal 100 when the user requests an online game. Instead, the game execution module is executed for each user terminal on his platform. The game providing means 33 supports both a multitasking function and a multithreading function.

When the game starts, the game providing means 33 transmits and receives game data to the user terminal 100 and the game content providing server 500 so that the user terminal can remotely operate the game. For example, in the case of an online game in which a large number of participants participate, the game providing means 33 transmits screen data to be displayed on the user terminal, and the operation data (ie, position data, direction data, character) of the user character from the user terminal 100. Behavior data, etc.) is received and provided to the game content providing server 500. Then, as the user character is manipulated, new display screen data is transmitted to the user terminal 100.

On the other hand, the game providing means 33 receives the character operation data of the other game participants corresponding to the viewport of the user terminal and connected to the game content providing server 500 from the game content providing server 500 and newly updated the character operation data and new characters. The displayed screen is transmitted to the user terminal 100 again. Therefore, the user terminal 100 can enjoy the online game without limiting the memory.

The game providing means 33 may receive the patch program of the game execution module from the game content providing server 500 and upgrade the game execution module.

As the game providing means 33 partially replaces the hardware limitation of the user terminal 100 as described above, the number of applications that can be used increases but inversely, the amount of data transmission and reception increases, thus causing traffic problems. The probability increases.

For this reason, the WLAN system 300 according to the present invention provides a QoS (Quality of Service) means. QoS specifies communication quality of service according to delay time, delay variation or data loss rate in the network. QoS means 34 provides the following functions.

The QoS means 34 provides a function of classifying line speed, bandwidth allocation function of traffic, fair distribution function of traffic, adjusting TCP / UDP transmission rate, analyzing traffic usage, etc. (E.g. 25 for mail, 80 for web, etc.) or UDP protocol number, etc., and similarly compare the IP address, starting point and destination port number to classify the traffic and You can allocate bandwidth. By performing these functions, the QoS means 34 can distribute the traffic.

In addition, the QoS means 34 adjusts bandwidth according to protocol types such as SMTP (Simple Massage Transfer Protocol), TCP / IP, UDP, Post Office Protocol (POP), Voice over Internet Protocol (VoIP), or belongs to the same class. The same bandwidth may be allocated among the multiple access signals so that a transmission difference does not occur between the user terminals 100.

The above functions may be implemented by techniques such as Rdsource Reservation Protocol (RSVP), fragmentation, weighted faif queue (WFQ), traffic shaping, and the like.

The streaming means 35 tunnels the stream data packet encapsulated from the content providing server 500, restores the stream data packet, and multicasts the stream data packet to the user terminal. Here, encapsulation is a technique of including data structures using different protocols in one structure, for example, TCP / IP data packets encapsulated in an Asynchronous Transfer Mode (ATM) frame are regarded as simple bit streams to an ATM switching device. .

The streaming means 35 may perform the function of a conventional multicasting router. The content providing server 500 and the header of a data packet having a multicast address (224.0.0.0 to 239.255.255.255 as a D-class IP address) are provided. By adding IP addresses at both ends of the tunnel set between the streaming means 35, the stream data packet can be transmitted in the existing Internet.

The streaming means 35 may have its own QoS function for internet live broadcasting to control traffic, and have a buffer pool to correct the transmission speed.

The cache means 36 constitutes a media cache (a cache for video streaming data) as a forward cache (a cache installed at a client end via a network) or has a forward cache for a general website to reduce line usage.

The media cache may improve the transmission quality in conjunction with the streaming means 35.

The cache means 36 identifies and statistically processes the data packet passing through the INET data processing unit 20, and automatically classifies and stores the content repeatedly used for a predetermined number of times. When the user terminal requests access to the automatically stored content, the cache means 36 searches for the corresponding content and transmits the content to the user terminal 100 in real time.

In addition, the cache means 36 receives and stores contents from a predetermined content providing server 500 which is affiliated with each other, and automatically provides the stored contents through the HTTP R / D function when the user terminal 100 is connected. You can also do

When a plurality of proxy gateways 30 are connected through the central management server 40 as in the case of the third embodiment of the present invention shown in FIG. 3, the VPN means 37 is configured to proxy proxy 30 and central management. A virtual private network is established between the servers 40.

That is, the VPN means 37 and the central management server 40 of each proxy gateway 30 use the above-mentioned tunneling protocol and security protocol (Point-to-Point Tunneling Protocol (PPTP), Layer 2 forwarding, etc.). You can build a private network that is secure.

In addition, the user terminal 100 can be connected to the other proxy gateway 30 and the central management server 40 through the VPN means 37, if the VPN client program is installed, for example, employees of each chain-type business space They will be able to connect to the central management server 40 of the headquarters with their mobile communication terminal installed VPN client program and report business information to the head office.

The central management server 40, the aforementioned registration means 31, the authentication charging means 32, the QoS means 34, the game providing means 33 and the streaming means 35 is a relationship between the manager and the agent. The server 40 controls each component by transmitting various setting information and connects a plurality of proxy gateways 30 to perform data communication.

The central management server 40 transmits game selection information so that the game providing means 33 receives and upgrades a game execution module for each game type from the content providing server 500.

In addition, the central management server 40 is the quality of the QoS means 34 in adjusting the bandwidth, that is, the information, that is, IP group information, port group information, circuit information, access equipment information, protocol information and routing path information, etc. Is set to the QoS means 34 to realize the above-described functions, and the live broadcast content information is transmitted to the streaming means 35 so that the streaming means 35 can select the live broadcast content processed into the stream data packet. .

The database 50, as a database system, has a general solution for controlling the transmission and reception of network data including a web page using the TCP / IP protocol, and in addition to the requests of the INET data processing unit 20 and the proxy gateway 30. The data can be recorded / modified / deleted and the data can be retrieved and provided. The database 50 may be implemented as a Windows NT / 2000 server, an MS SQL 7/2000 server, an Oracle D / B server, or the like.

5 to 7 are record tables illustrating a data structure of a database 50 of a WLAN service system 300 that provides a proxy gateway according to the present invention.

5 shows a data processing area of the INET data processing unit 20. The database 50 records the first NIF network setting information, the second NIF network setting information, a translation table, a router table, a DNS server address, and the like.

6 shows a data processing area of the authentication charging means 32, which records personal information, identification information, payment information, and the like, and also as a processing area of the cache means 36 and the VPN means 37, which reserves the broadcast. Information and VPN setting information are recorded.

7 records IP group information, port group information, line information, connection equipment information, protocol information, routing path information, etc. for the QoS means 34, and records live broadcast content information for the streaming means 35. Shows a database 50 for recording the autosave content information for the cache means 36. In addition, the database 50 of FIG. 7 stores a game execution module and a VPN client program.

Hereinafter, a method of providing a WLAN service through a proxy gateway will be described in detail with reference to the accompanying drawings.

8 to 9 are flowcharts illustrating a method for providing a WLAN service through a proxy gateway according to the present invention.

First, the game providing means 33 transmits game selection information to the game content providing server 500, and the game content providing server 500 transmits the game execution module to the game providing means 33. The game providing means 33 installs the received game execution module on the platform (S100).

When the user terminal 100 requests a connection through the wired / wireless internal network 200, the first NIF 12 receives all packet data, and the authentication charging means 32 indicates that the MAC address of the user terminal 100 is determined. It is determined whether or not it is registered (S105).

If the MAC address is not registered (S110), the authentication charging means 32 provides an identification information input window to the user terminal 100 (S115) to receive and authenticate the identification information (S125), and the user registers as the first accessor. If the request is made (S120), the registration means 31 provides a user information input window and receives the personal information, the identification information, and the broadcast reservation information to register and process it (S130).

Subsequently, when the user terminal 100 is registered or authenticated, the authentication charging means 32 controls the wireless LAN connection of the user terminal 100 by allowing the INET data processing unit 20 to provide a wireless LAN service (S135). ). At the same time that the WLAN service is provided, the authentication charging means 32 checks the time and counts the data packets to start charging (S140).

At this time, if a broadcast reservation is set for the user (S145), the HTTP R / D means 23 forwards the data packet to the streaming means 35 and the cache means 36 to provide the reserved content (S150). ).

In addition, if the connected user terminal 100 is a terminal on which a VPN client program is installed and is registered as a virtual private network user in the database 50 (S155), the VPN means 37 stores the data transmitted from the user terminal 100. The destination address is classified (S160).

When the classified data packet does not face the content providing server 500 (S165), the VPN means 37 encrypts and encapsulates the data packet and tunnels it to another proxy gateway 30 or the central management server 40 ( S170). However, if the user terminal 100 wants a general Internet service, IP forwarding is performed through the INET data processing unit 20 without such data processing (S180). On the other hand, when a data packet is tunneled and transmitted from another proxy gateway 30 or the central management server 40, the VPN means 37 restores the data and delivers the data to the user terminal 100.

Through the construction of the virtual private network, the user terminal 100 and the proxy gateway 30 or the proxy gateway 30 may transmit and receive corporate information between each other.

When the WLAN service is started, the QoS means 34 classifies the line speed, allocates the bandwidth of the traffic, distributes the traffic fairly, analyzes the traffic usage by adjusting the transmission rate of the TCP / UDP, and manages the traffic. (S175).

In providing the wireless LAN service, when the user terminal 100 requests a connection to the game content providing server 500 (S185), the game providing means 33 executes the game execution module for each user terminal 100 (S185). S190) The user terminal 100 transmits and receives game data to and from the user terminal 100 and the game content providing server 500 so as to remotely operate the executed game (S195).

However, when the user terminal 100 requests a connection to the live broadcast content providing server 500 (S200), the streaming means 35 receives tunneling transmission of the stream data packet encapsulated from the live broadcast content providing server 500. In step S205, the stream data packet is recovered (S210) and transmitted to the user terminal 100 (S215). In this case, when the user terminal 100 broadcasts the live broadcast content, the streaming means 35 multicasts the stream data to all registered user terminals (S215).

In addition, the cache means 36 compares the content information requested by the user terminal 100 with the content information automatically stored in the database 50, and if there is a matched content, provides the corresponding content automatically stored to the user terminal 100 ( S225).

In the above-described process, the cache means 36 temporarily stores the content information requested by the user terminal 100, statistically processes them (S220), and stores the requested content in the database 50 at least a predetermined number of times, thereby saving the user terminal 100. ) Provides a cache function in the subsequent access (S225).

Finally, as the user terminal 100 terminates the connection (S230), the authentication charging means 32 stops checking the service usage time and counting data packets and generates charging information according to the use of the WLAN service ( S235).

The present invention has been described above with reference to the preferred embodiments, which are merely examples and are not intended to limit the present invention, and those skilled in the art to which the present invention pertains do not depart from the essential characteristics of the present invention. It will be appreciated that various modifications and applications are not possible that are not illustrated above. For example, each component specifically shown in the embodiment of the present invention can be modified. And differences relating to such modifications and applications will have to be construed as being included in the scope of the invention defined in the appended claims.

According to the present invention, it is possible to extend the field of use of the mobile communication terminal by providing a remote execution by executing an application program that is not executable on the mobile communication terminal, to improve the quality of service by adjusting the traffic bandwidth between the wireless LAN and the Internet, and multi Streaming and streaming of the Internet live broadcast through the casting technique has the effect of improving the response performance and the use of the Internet access line.

In addition, by establishing a virtual private network between the central management server and a plurality of proxy gateways, a group of users who need to maintain security can selectively use the WLAN.

Claims (14)

In a system for providing a wireless LAN access service, An NIF unit assigned to each of the wired / wireless internal network and the external network including the wireless access device and configured to set network information so as to be activated to transmit or receive data or to be inactivated to not transmit or receive data; It receives and authenticates the identification information from the user terminal connected through the NIF unit, controls the wireless LAN access, authenticates the charging means for generating the charging information, and receives and installs the game execution module from the game content providing server connected through the external network. A proxy gateway having game providing means for transmitting and receiving game data so as to remotely operate the game executed by the user terminal by executing the game execution module for each user terminal desiring a game; And It provides network address translation function, adjusts routing routine by inputting external authorized network gateway in real time during external network communication, and centralizes lookup requests to a single authorized DNS server to handle message traffic between internal and external networks and IP packet data. By forwarding, the wireless LAN service system for providing a proxy gateway, characterized in that it comprises an INET data processing unit for processing the data communication between the internal / external network to provide a wireless LAN service and the proxy gateway. According to claim 1, The game providing means In the case of an online game in which a large number of players participate, the game content providing server includes display screen data and character manipulation data on the user terminal, and character operation data of other game participants corresponding to the viewport of the user terminal and connected to the game content providing server. And Wireless LAN service system for providing a proxy gateway, characterized in that for transmitting and receiving with a user terminal. The method of claim 1, The game providing means receives the patch program of the game execution module from the game content providing server to upgrade the game execution module, Wireless LAN service system for providing a proxy gateway, characterized in that further comprising a central management server for controlling the game providing means to receive and upgrade the game execution module for each game type. The method of claim 1, wherein the proxy gateway is And a QoS means for realizing any one or more of a line speed classification function, a traffic bandwidth allocation function, a traffic distribution function, a TCP / UDP transmission rate adjustment function, and a traffic usage analysis function. Wireless LAN service system providing a gateway. The method of claim 4, wherein Further transmitting a central management server for controlling the QoS means to realize the functions by the transmitted information by transmitting information of any one or more of IP group information, port group information, circuit information, access equipment information, protocol information and routing path information. Wireless LAN service system providing a proxy gateway characterized in that it comprises. The method of claim 1, wherein the proxy gateway is And a streaming means for receiving the encapsulated stream data packet from a content providing server and restoring the stream data packet to control traffic, correct the speed, and multicast to the user terminal. WLAN service system. The method of claim 6, And a central management server for transmitting the live broadcast content information to the streaming means so that the streaming means can select the live broadcast content processed by the stream data packet. The method of claim 1, wherein the proxy gateway is A wireless LAN providing a proxy gateway further comprising a cache means for automatically storing content repeatedly used through a forward cache and a media cache, and searching and transmitting the corresponding content when the user terminal requests a content access. Service system. The method according to claim 3, 5 or 7, The NIF unit, the proxy gateway and the INET data processing unit is characterized in that a set is installed in several regions, And a central management server connected to the NIF units through an external network to control the proxy gateways and to process data communication between the proxy gateways. The method of claim 9, The proxy gateways are each provided with a VPN means for establishing a virtual private network with the central management server and the other proxy gateway wireless LAN service system for providing a proxy gateway. In the method for providing a wireless LAN access service, (a) receiving and installing a game execution module from a content providing server; (b) receiving and authenticating identification information from a user terminal connected through a wired / wireless internal network, and if so, controlling wireless LAN access of the user terminal and initiating charging; (c) classifying line speeds, allocating bandwidth of traffic, fairly allocating traffic, analyzing traffic usage by adjusting the transmission rate of TCP / UDP, and managing traffic; (d) When the user terminal requests access to a game content providing server, the game providing means executes the game execution module for each user terminal and transmits and receives game data so that the user terminal can remotely operate the executed game. Doing; And (e) generating the charging information according to the use of the wireless LAN service as the user terminal terminates the access to the wireless LAN service providing method through a proxy gateway. The method of claim 11, wherein step (b) If the user terminal is configured as a terminal of a VPN user, the VPN means encrypts and encapsulates the data transmitted from the user terminal and tunnels it to another proxy gateway or central management server, and tunnels from the other proxy gateway or central management server. And recovering the transmitted data and transmitting the recovered data to the user terminal. The method of claim 11, wherein when the user terminal requests access to a live broadcast content providing server, step (d) includes: (d1) the streaming means tunneling the stream data packet encapsulated from the live broadcast content providing server; (d2) the streaming means recovering the stream data packet; And and (d3) the streaming means controls the traffic and corrects the transmission speed to multicast to the user terminal. The method of claim 11 or 12, wherein step (d) (d1) caching means comparing the content information requested by the user terminal with the content information automatically stored in the database, and providing the corresponding automatically stored content to the user terminal; And (d2) the cache means further comprises the step of statistically processing the content information requested by the user terminal and storing the requested content more than a predetermined number of times in a database.