DE102015005387A1 - Method, communication terminal, router device, server device, Internet access and computer program for establishing and carrying out communication links between at least one terminal and the Internet - Google Patents

Abstract

The present invention relates to a method, a communication terminal, a router device, a server device, an Internet access and a computer program for establishing and performing communication links between at least one terminal and the Internet.
At the same time, several guest terminals can simultaneously use a router, hotspot or a LAN of any type and size (eg a private device or a complete city network) to provide free Internet access (FI) in compliance with legal monitoring measures (eg according to TKÜV ) without the need for precautions in the router and / or LAN.
First, the guest device logs into the FI network and transmits the ID of its own service provider (GUEST ISP). In step two, the router automatically obtains the relevant IP address from a secure ISP Lawfull Address Resolution server, which may be e.g. B. can be operated by the Federal Network Agency. In step three, the router allows the establishment of a secure (VPN) connection between the guest and only the guest ISP who provides internet access to the guest and performs the gÜM.
This also allows a logical unbundling of the last mile, a clear division between the transport and service network (ISP) and a cost-effective space expansion with fast Internet.
If completely based on IP is transmitted, with favorable router technology and fiber optic or radio link in the regional and WLAN in the connection area on DSL connection lines, DSL multiplexer DSLAM, analog and ISDN switching technology and monitoring facilities in the transport network can be completely dispensed with.

Description

The present invention relates to a method, a communication terminal, a router device, a server device, an Internet access, and a computer program for establishing and performing communication links between at least one terminal and the Internet.

The usual access of a LAN-capable terminal (Local Area Network) or a WLAN-capable terminal (Wireless Local Area Network), here referred to as WLAN Device WD to public Internet using a wireless-enabled router (WR) via a wired digital Transmission (copper, fiber, etc., for example via DSL, SDSL, etc. connection) or alternatively via a radio transmission (mobile, GPRS, UMTS, LTE, etc.) in the direct connection or alternatively in the indirect connection (for example, following a telecommunications network ) to an Internet Service Provider ISP, which provides the technical facilities for connection to the Internet.

In principle, a so-called Internet Access Provider IAP meets the connection requirements. As a rule, an IAP but offers additional services / services such as cloud storage, e-mail accounts, fax transitions, etc. For the purposes of the present invention, therefore, a technical device which provides an Internet transition for customers following the public Internet is referred to by way of example as ISP. There is no distinction between IAP and ISP, both are considered identical. As a rule, the ISP is owned by a service or, for example, telecommunications company, which in its entirety, including the technical components, is referred to as ISP. For the purposes of the present invention, for example, T-Online as an enterprise of the German Telekom AG is an ISP and enables the customers by means of the technical prerequisites an Internet entrance.

In order to comply with the statutory monitoring measures and data retention in accordance with the Telecommunications Surveillance Ordinance TKÜV (successor of the Telecommunications Surveillance Ordinance FÜV), the ISP additionally has the corresponding LI (Lawful Interception) facilities according to, for example ETSI TR 101 943 , For the purposes of the present invention, those ISPs are preferred that meet these requirements. They are sometimes referred to for clarity as LISP (Legal or Lawfull ISP).

In this technical constellation, the ISP assigns the WD a temporary or fixed Internet address (IP address) from its address quota when transferring to the Internet. As a rule, WD and WR are assigned to a legal or private person (ISP customer). As a rule, a contractual agreement exists between ISP and the ISP customer (ISP-K), which regulates the monetary remuneration of the Internet access by the customer (for example, data transfer rate, quality of service QoS, data volume, use of additional services, etc.) and whereby the customer is identified by name and locally (name, place of residence, date of birth, account details, etc.). The customer data and the respective IP address of an Internet connection and, if necessary, other connection data such as time stamp, date, Internet activities, port address, e-mail address etc. are electronically stored at the ISP, creating a clear assignment of Internet activities to a person and so that the legal requirements for the prosecution or destruction of criminal offenses can be realized.

The law enforcement agencies LEA (Law Enforcement Agencies) have by law automated access to the corresponding LI components of the ISP via dedicated links.

Frequently, the ISP-K uses several and different communication devices for connection to the Internet, such as personal computer PC, notebook and mobile device Mobile Device MD. For ease of illustration, all of these computer and communication devices in the sense of the present invention are collectively grouped under the name MD (Mobile Device, mobile terminal). An MD in the context of the present invention is typically a mobile radio terminal with WLAN interface (smartphone, mobile phone), but alternatively with any cable connection (copper, fiber) and / or one with any wireless connection (DECT, GSM, UMTS, LTE , optical infrared, Bluetooth, WLAN, etc.) connected device of any specification.

A WR is often a comfortable multifunctional device. It has according to the prior art often at least one DSL modem or alternatively a mobile modem, multiple Ethernet cable connections, at least one WLAN transceiver, storage space, a USB device interface, a DECT telephone system and the corresponding internal network components and the actual Router, for the communication of the connected devices with each other and with the Internet. Such a device with the entirety of the wiring and accessories, such as WLAN repeater, NAS storage devices, etc. is summarized below under the name LAN according to the invention. A LAN in the sense of the present invention can accordingly be a individual WR, alternatively from any number of any network components, such as a corporate LAN or a LAN of a city or region. It can have any number of internal and external cable and wireless connections, including WLAN networks.

The nomenclature MD and LAN thus follows the supposedly most common method of using a mobile station with WLAN interface on the wireless router, but explicitly does not exclude the connection of any other devices with any Anschalteart following a LAN any form.

In general, the Internet access is used by the ISP customer in full legal liability. In addition, he is shared in the home at least by family members. The ISP customer is responsible and fully liable for all Internet activities and thus the lawful and contract-compliant communication.

Now there is a variety of wishes that guests with their own MD an Internet connection via the LAN of an ISP-K and its ISP in the public Internet to build and operate. This desire is often in the private sphere (guests, friends, children's friends, etc.), but also in companies (business and private customers, partners, employees, visitors, etc.), in the hotel and restaurant industry, at airports, railway stations Ships, in trains, in the bus, in the truck or car, in the municipal area etc.

An Internet connection that allows a guest to connect to the Internet is often referred to as "Free Internet Access" or "Free Internet" and hereafter referred to as FI. As a provider of a LAN with FI option, therefore, private persons, companies and / or public institutions come into question.

To realize an FI, there are several approaches to the prior art, but unfortunately all of them are associated with considerable limitations.

For example, an ISP-K may provide access to its guest via its own WR. Some routers offer a guest function for this purpose. For example, the router FRITZ! Box 7390 of AVM can open an additional LAN as a guest WLAN. This guest WLAN, which can be called a separate name, can be switched on and off for a limited time and offers some software protection measures, so that the guest can not endanger other LAN components. From the point of view of the ISP, such a guest can not be distinguished from the ISP-K.

Within the scope of the present invention, a guest is understood to mean a person or an automatic device which wishes to operate or operate an Internet connection with his own MD via a foreign LAN following a foreign ISP, whereby he has no contractual relationship with this ISP and there as well no authentication data for a legal supervision for his person are deposited.

To date, there is no technical procedure or device for the state of the art which automatically fulfills the legal monitoring requirements for any guests on the LAN. Any communication with the Internet will be treated at the ISP as ISP-K communication. He is fully liable for all activities at his terminal.

If the ISP-K has a suitable LAN and appropriate expertise, it can write down the device data and personal data of its guests and log connection data in the router.

However, this is associated with considerable manual, organizational and technical effort, hardly manageable in practice and also does not meet all legal requirements. For example, a guest can not be specifically and automatically monitored by the legislator (LEA). Also, a subsequent argument is problematic if the ISP-K in turn manipulates the records.

As a legal Internet access or legal Internet connection (Lawful Internet Connection LIC) is defined in the context of the present invention, a connection between an MD and the public Internet, which takes place in the context of legal requirements, d. H. the user of the MD must be at least authenticated and monitorable (typically at the ISP). The ISP must have the technical facilities to comply with the legal supervision measures. An ISP in this sense is considered below as a legal ISP (LISP). As a rule, there is a contractual relationship between MD owners as LAN-K and LISP.

An ISP, for example, which provides an MD within the Federal Republic of Germany Internet access via the detour abroad, s. c't 2015, Issue 7 p. 120 "Freifunk" first paragraph, is not understood in the context of the present invention as LISP, as it eludes the legal supervision at the MD site. This definition takes place here independently of a legal examination or consideration exclusively within the scope of the present invention better illustration of the procedure according to the invention.

A method with limited monitoring capability according to the prior art is realized as follows. An ISP can install several WR in public areas for its customers. For example, Telekom has a large number of so-called hotspots. However, these are usable only for Telekom's own customers with a special contractual relationship and stored authentication data. For the purposes of the present invention, however, this is not an FI for guests, since the user must be a customer of the ISP (hotspot).

An alternative implementation of an FI is currently that an ISP allows its own customers to log in to the WLAN of other of its own customers and to connect to the Internet. The WR has a special technical prerequisite for the connection. The guest can be authenticated at the ISP because he is contractually associated with him. The procedure is similar to the hotspot technique with the difference that the hotspot in this case is the router of a paying customer. The process may be restricted to use exclusively by contract customers of the ISP. Thus, for the purposes of the present invention, this is not an FI for guests, since the user must be a customer of the ISP.

A good overview of the aforementioned and other similar realizations offers the article sequence: "Invitation to Hotspot", "Sharing for Professionals" and "Sharing with Law" in the magazine c't magazin für computer technik, issue 7/2015 from page 116 , There is also detailed on the monitoring and liability issue.

The message of the "Rheinische Post" from Tue, April 14, 2015 , which reports that the President of the Federal Network Agency in a letter to the operators of public Wi-Fi hotspots has asked to equip their networks with a monitoring access, as the illegal area should no longer be tolerated.

This methodology, if implemented, would require a great deal of technical and organizational effort, since in addition to the large number of hotspot and FI operators that would need to be equipped with surveillance access, the appropriate technical LI monitoring facilities would also be present within the hotspots - including, for example, the personnel trained and sworn in, for example, with respect to § 88 TGK Telecommunications secrecy, in appropriately designed, accessible premises. The publication strongly indicates that a suitable technical method and / or a procedure for the supervision of the FI is currently unknown and urgently required.

A good overview of the technical and legal requirements for Telecommunications Surveillance Regulations with reference to the applicable technical standards and regulations can be found in the European Patent EP 1358736 such as EP 1340353 and EP 1317860 (all Deutsche Telekom AG, inventor in each case Walter Keller).

A good overview of the technical realization of DSL accesses can be found in EP 252222125 respectively. EP 2232841 (also Deutsche Telekom AG, inventor in each case Walter Keller).

The present invention has for its object to eliminate the existing shortcomings of outstanding monitorability of guests with free Internet access at the hotspot and / or in a free Internet access and to create a technical possibility, the legal access to the Internet via hotspots and FI networks under Fulfillment of the state monitoring measures, for example the TKÜV and the associated technical guidelines, for example according to ETSI TR 101 943 for at least one guest optional for a plurality of guests simultaneously.

The invention will be explained below using embodiments and the attached figures, wherein the drawing figures are not limiting for an illustrated exclusive technical realization.

The components MD, LAN, ISP, LIR, guest and customer shown in the figures correspond to the above definition. The names are therefore not restrictive.

The extension "FI" indicates that the respective customer of his own ISP (here ISPFI) with his LAN (here LANFI) allows free access to the Internet for guests, whereby a guest can also be a customer of the ISPFI or alternatively customer of any other ISPs.

1 shows, by way of example, a WLAN-capable terminal MDFI of the customer FI following its LANFI, for example a WLAN-capable router which is connected via a wired or alternatively wireless connection to the legal Internet Service Proivider LISPFI (with lawful interception LIFI) and connects to the Internet enabled. The customer database KDBFI contains the personal customer data of the customer FI required for the monitoring as well as the relevant connection data of the terminal MDFI during the internet session. Another Terminal MD1 of the customer 1 is also connected to the Internet via the service provider ISP1 with LI1. The personal data of this customer are accordingly in the database KDB1. Both ISPs each have the corresponding monitoring devices LIFI and LI1, which can be accessed by the supervisory bodies LEA via the monitoring accesses UFI and U2.

To enlarge the overview, the respective components customer database and lawful interception device with the corresponding ISP are respectively summarized in the further figures as LISPFI, LISP1 to LISPn.

The illustration of the LEA is therefore omitted in the other figures, but it is assumed to be a regular legal operation.

In 2 , The customer provides FI for the customer 1 and other non-pictured customers a free Internet access FI. The customer 1 moves exemplarily as a guest 1 with his terminal MD1 to the LANFI of the customer FI ( 1 ) and wants to get a free internet access there. The guest 1 can optionally log on manually by activating the connection request and / or input of data in his MD1 at LANFI or alternatively can have an automatic connection performed by his MD1. Both variants and any combinations of these are subsumed below as "Guest Guest x in LANFI".

In the case of a direct internet connection of MD1 via LISPFI and its ISPFI, the customer FI is legally liable for all activities of the guest 1 on the Internet, as only personal data for the guest FI in connection with its connection (DSLFI, LANFI, MDFI) in the customer database deposited by LISPFI.

The method according to the invention solves this problem and therefore deviates from the usual prior art direct connection by providing the technical realization described below.

MD1 connects to LANFI ( 2 ), logs in and makes an automatic connection request to the Internet access. MD1 transmits the name (identification) of its own LISP1 to LANFI. In LANFI, such connection requests can be individually configured or treated for all guests (MD1 ... n). For example, the customer FI can grant, block or individually configure the Internet access to any guest individually, alternatively groups of guests or the entire collective of guests (see below) and / or access to internal components of the LANFI. These include the configuration of transmission bandwidth, time window, connection time duration, priority, QoS, charge parameters etc.

If the guest 1 is authorized for access to the Internet by LANFI if it has been configured appropriately, LANFI establishes an Internet connection via its LISPFI ( 3 ), if not already present, and transmits the ISP name of LISP1 to the LARS server (Legal Address Resolution Server) ( 4 ) and receives in case of positive an Internet address (IP address) of LISP1 over the connection ( 5 and 6 ) back from LARS.

For this purpose, LARS has a database of all LISPs which are LI-capable and participate in the method according to the invention for FI. The LISPs are characterized at least by their name and the associated IP address, the IP address addresses the respective dial-in server for their own customers via the public Internet in the respective LARS. Optionally, several addresses may also be available for a LISP, for example for redundancy purposes and / or for load sharing.

A wrong address request or a request for an ISP that does not participate in the procedure and / or does not have an LI facility or alternatively is blocked for the procedure (for example because of misuse) or that is not known in the LARS database will accordingly no IP address transmitted by LARS. Optionally, a detection of the wrong query with an automatic response, such as a journal entry, an alarm or a warning o. Ä. Acknowledged and / or recorded. Optionally, LANFI and / or LISPFI may provide further information for monitoring purposes to LARS, such as a device ID of MD1, etc.

The LARS address and name list can alternatively be managed or buffered in LANFI's own memory. The table may alternatively be in the public DNS server (Domain Name System of the Internet), in a data store at the ISPFI, in a server connected to the ISPFI or a server connected to the Internet at a corresponding service provider or again alternatively and preferably at the Authority, for example, the Federal Network Agency. The table must always be maintained promptly, stored correctly and tamper-proof.

There may be a single LARS or, in an alternative embodiment, a plurality of LARS.

In 3 is an example of the automatic connection establishment to LISP1 by means of LARS related IP address. For this purpose, preferably a secure connection, for example a virtual private network VPN (VPN tunnel) is established optionally by LANFI or MD1.

The term "VPN" used synonymously in the present invention means any secure point-to-point connection between an MD or a LAN (also LANFI) and the respective ISP, ie a VPN, Secure Sockets Layer SSL, Point-to-Point Protocol PPP etc.

A preferred embodiment provides the structure between MD1 and LISP1 ( 7 ... 9 ), where LANFI filters the IP address and only allows the IP address of LISP1 transmitted by LARS to address the VPN. MD1 can not use a different IP address and therefore can not operate any unauthorized traffic on the Internet.

The dial-in server of the VPN connection in LISP1 can be, for example, a RADIUS server (Remote Access Dial In User Service) or, for example, a RAMSES server (Remote Access Management Subscriber Enhanced Service according to EP 1238513 Deutsche Telekom AG, inventor Walter Keller). The technical realization of a single VPN is state of the art, however, the combination of multiple VPN to different LISP with corresponding individual filter restriction in the LANFI is not yet known. The dial-in procedure by means of password and password or by means of individual device data is also assumed to be known.

The VPN connection backs up MD1 to the customer FI and all other guests connected to the LANFI, so that all MD1 activities remain secret to FI and other guests. Conversely, the same applies, an access of MD1 etc. to network components or a manipulation of LANFI is also excluded.

This functionality is also new. In the known hot-spot method, the router establishes a VPN connection, so that the customer data is partially transmitted unprotected.

Then, LISP1 allocates a dynamic or static IP address from its MD1 quota and establishes a data connection to the Internet for MD1 ( 10 ). Thereafter, MD1 can transparently communicate over the VPN connection via LANFI and LISPFI with LISP1 and on to the Internet. It is guaranteed that any activity of MD1 on the internet in LISP1 can be legally controlled.

In LANFI, no special monitoring or logging is required, an LI monitoring device and also an LEA monitoring connection are dispensable. MDFI itself is monitored in LISFI.

This is independent of the size and characteristics of the technical facilities of the LANFI. It can be a private customer with a simple wireless router that wants to give hand-picked friends free Internet access without any legal problems, or alternatively a complete city network that would allow any guest free access to the Internet, provided they have a contractual relationship with owns any LISPx.

4 shows by way of example the connection diagram for the case that several guests 1 ... n simultaneously communicate with different LISP 1 ... n and are connected to the Internet.

5 shows a particular alternative embodiment of the procedure according to the invention. Here, at least one customer, here by way of example the customer 1, dispenses with at least one own DSL connection to his own ISP1 and / or to his own LAN1. Customer 1 operates with MD1 exclusively as a guest at LANFI or any other provider of FI services.

In this procedure, for example, a residential community, a commercial building with different companies, a block or even a whole city with a fast Internet connection FI could be supplied via a telecommunications provider, all customers via the same or any ISPx access to the Internet. The connection FI can, for example, alternatively be installed and operated by a telecommunications company or ISP. In this procedure, there is a complete logical decoupling and unbundling of the Internet access of all customers involved on the so-called last mile (subscriber line) of the terminal FI. In addition, considerable cabling is saved. Optionally, in this embodiment, alternatively or in parallel to the WLAN, an LTE connection with considerably greater radio range and multiple antennas in the LANFI can be used.

The current state-of-the-art technique poses significant legal and physical problems when a telecommunications company (for example, a quasi-monopolist) routes a fast fiber optic cable to a building complex (fiber dead building or fiber to the curb). In principle, one fiber is often sufficient for all relevant customers However, for competitive reasons, the terminal must be unbundled and each customer gets his own fiber so that he can be connected to different ISP's. The method according to the invention enables the central or distributed installation of a LANFI at the end of the fiber, via which all potential customers can be completely logically decoupled via the LANFI (via cable, fiber or radio connection) to their respective ISPx.

Cable connections also have advantages. In the current procedure, the cable owner of the subscriber line TAL (for example, Deutsche Telekom AG) must provide individual pairs of wires in the subscriber line cable for other competitors (telecommunications companies, ISP, etc.), if the customer so wishes. This "unbundling" of the TAL creates a plurality of separate digital transmission channels within a multi-pair cable, resulting in significant mutual electromagnetic interference as well as a reduction in the transmission bandwidth for the respective channels on the subscriber lines (see DSL literature cited). In the procedure according to the invention can be a fast cable connection of the FI or parallel operation on multiple lines of the same FI without external interference of other Internet connections respectively with less interference by a smaller number of other Internet connections in the same cable for several guests at the FI terminal with a statistical traffic distribution significantly higher data transfer rates for all parties involved.

The logical unbundling here also replaces the physical unbundling according to the invention. In this procedure, the present invention may be advantageous with the inventions EP 252222125 respectively. EP 2232841 (Deutsche Telekom AG, inventor in each case Walter Keller) combined and lead to significant performance increases in the download and upload.

5 shows another option. Customer n operates his LANn in addition to his own DSL line or optionally exclusively (shown here) complete with all network components and terminals MDn1 to MDnm in connection 7n via cable, radio or fiber optic cable as a guest at the LANFI.

The guest operates here not a single terminal, but his entire network as a "guest network" (for example, a small company network) via the LANFI.

In order to identify a LANFI, a WLAN identifier SSID is proposed according to the invention, which consists of the three letters of the designating initial identifier for a Lawfull or Legal Free Internet "LFI", followed by a hyphen and an individual network identifier, for example "LFI -Stadtnetz Dusseldorf "," LFI-Laubenpieper "or similar exists, so that a guest can quickly and easily recognize any LANFI and the letter combination on the device side can also be used for automatic dial-in for network identification.

6 shows a further preferred embodiment. The LANFI is designed as a hotspot and supplies the customers 1 to n of a residential block or, for example, a housing estate etc. The technical equipment of the LANFI is installed, for example, at the location of the cable divider, Digital Subscriber Line Multiplexer DSLAM, etc., and for example spans the radio network LFI campus , By way of example, the customer n has an arbitrary LAN and is equipped with a radio repeater, which enlarges the LFI campus network and thus the LANFI range and here exemplarily carries the same SSID. An additional enlargement of the FI terminal area results, for example, by using an optical or conventional radio link.

This approach brings particular benefits through increased bandwidth and cabling savings associated with fiber to the building or fiber to the curb, a DSL vectoring process on the copper line, or a DSL method EP 252222125 respectively. EP 2232841 with, for example, customer configurable upload download bandwidth (Deutsche Telekom AG, inventor in each case Walter Keller).

In addition to extending the bandwidth for customers, it can accelerate fiber optic expansion by eliminating the need for individual cabling or fiber access.

Another advantage arises when using a UMTS or LTE radio network o. Ä. By the greater range compared to WLAN. Currently, in the case of poor line quality or if there is no TAL, a customer may alternatively operate a router device with LTE interface. For example, T-Online offers such Internet connections as "Call & Surf Comfort via radio". The disadvantage is compared to a cable or fiber connection in the significantly reduced bandwidth of the mobile network and the limited data volume. There is no data flatrate offered. A further disadvantage is that no legal FI compounds according to the invention can be produced for different ISPs via such a compound. Ie. It is a normal Internet connection to a single ISP as a direct replacement of the DSL connection with reduced scope of service.

In contrast, the method according to the invention can offer an unbundled high-speed connection for all customers 1... N.

This is u. a. It is particularly interesting to subsidize and / or finance fiber-optic links for rapid Internet expansion, and ISPs or telecommunications companies to charge users for use and Internet access, thereby re-charging the public for their investment. In the method according to the invention, access is automatically unbundled, since the customer does not need a hardware connection. This can be a separation between (transport network) and service network (service offer by independent ISP and / or telecommunications companies) take place. This promotes competition and creates the same starting conditions for all ISPs. Such a transport network can for example be installed and operated by municipalities.

Of particular advantage is that such a transport network can be operated fully automatically.

A further advantage is that the essential functionality of the inventive method can be retrofitted by a software change and additional software components and / or sequential control in many commercially available smartphones, routers and ISP components.

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited patent literature

• EP 1358736 [0026]
• EP 1340353 [0026]
• EP 1317860 [0026]
• EP 252222125 [0027, 0058, 0063]
• EP 2232841 [0027, 0058, 0063]
• EP 1238513 [0047]

Cited non-patent literature

• ETSI TR 101 943 [0004]
• c't 2015, Issue 7 p. 120 "Freifunk" [0020]
• "Invitation to the Hotspot", "Sharing for Professionals" and "Sharing with Justice" in the magazine c't magazin für computer technik, issue 7/2015 from page 116 [0023]
• "Rheinische Post" from Tue, April 14, 2015 [0024]
• ETSI TR 101 943 [0028]

Claims (17)

A method for the production and implementation of communication links between at least one terminal and the Internet, characterized in that a connection between at least one terminal, such as a WLAN-enabled mobile phone (MD _guest ), as a guest following a local area network LAN _FI , which a granted free Internet access and is equipped with a direct connection to the public Internet or alternatively has a connection through a telecommunications network and / or a service provider, etc. to the Internet (here generally referred to as Internet Service Provider ISP _FI ) can be built and operated on the public Internet , In a first step, the MD _guest wired by cable (for example Ethernet) or alternatively by radio interface (for example, an LTE or a WLAN with the appropriate SSID address) a connection request to an ISP _guest by the transmission of an ISP _{guest identifier} , for example an ISP _guest name, to the LAN _FI , in a second step the LAN _FI verifying the connection request for at least plausibility and automatically checking the relevant ISP _guest identity by verifying the ISP _{guest identifier} in a stored list , a database or, in a particularly preferred embodiment, an external tamper-resistant server device LARS (Lawfull ISP Address Resolution Server) which lists only ISPs operating within the framework of legal regulations and / or having the legally prescribed LI monitoring devices; in which case, the IP address of the ISP _guest is read out as a confirmation or returned upon request, and the LAN _FI subsequently sets up an Internet connection exclusively for this IP address for the MD _guest or, in a preferred alternative embodiment, establishes a secure one n IP connection, for example a VPN, SS1 or PPP connection, etc., the part MD _guest to only this address allows being authenticated in a third step the MD _guest at the ISP _host (for example, by a log-in procedure or an automatic transmission of individual identification and / or device data, etc.) and is finally authorized for access to services in the ISP _guest and / or for switching to the Internet and accordingly the MD _guest a dynamic IP address from the address quota of the ISP _guest is assigned and a technical through-connected to the Internet in the ISP _{guest is} made, whereby in the inventive method, the guest terminal MD1 and the FI network and, if necessary, further guest MDx completely decoupled and mutually tamper-proof, the guest connection exclusively on the legal ISP ins Internet and all activities of the guest on the Internet the legal Überwachungsma without the need for a connection of the users and the corresponding technical LI monitoring devices in the LAN _FI . A method according to claim 1, characterized in that simultaneously and / or time-delayed a plurality of guests with at least one terminal MD or a plurality of terminals MDx on the LAN _{FI can be} connected to the same ISP or a plurality of different ISPs and be active on the Internet can. A method according to claim 1, characterized in that the LAN _FI technically as a single network component, for example, as a DSL modem with at least LAN or WLAN interface or particularly preferably as a WLAN-enabled router, etc. may be executed or alternatively from a plurality of individual network components consists, for example, of a large network of any network components and any connections and any number of opened radio interfaces distributed over a building complex, a city or a region. Method according to at least one of the preceding claims, characterized in that the terminals of the guests on a LAN _FI can be configured individually and in groups and / or in their entirety with respect to the access rights to network components within the LANFI and with respect to the Internet and also blocked For example, the transmission bandwidth, the transmission quality, quality of service QoS, the time and the duration of the connection, etc. Method according to at least one of the preceding claims, characterized in that the terminals of the guests MD _guest optionally manually with operator input, semi-automatic or fully automatic without required individual identifier or alternatively with password and keyword input (password o. Ä.) And in an alternative embodiment with at least one individual identifier, such as device identifier, MAG address, MSISDN, fixed IP address, operating system identifier o. Ä., Register in the LAN _FI and the device parameters for identification and / or to the recognition of the guests in the LANFI can be stored, for example To be able to lock out MD _guest devices in case of misuse of the connection, for billing of payment transactions, usage costs or connection certificates, connection statistics etc. Method according to at least one of the preceding claims, characterized in that the LANFI may filter the connection of the connected MD _host such that the MD _host IP connections can only be set up, when they are released from the LANFI, so that no arbitrary IP connections on the internet. The same applies mutatis mutandis to alternative types of addressing in the Internet, which can be operated without an IP address. Method according to at least one of the preceding claims, characterized in that at least one external server device (here called Legal Address Resolution Server LARS) is preferably present following the public Internet, which contains at least the ISP names and the IP addresses of the dial-in accesses of the ISPs Contains legally mandated LISPs (LISPs) that can be addressed as LISP _guest and participate in the FI process. Method according to at least one of the preceding claims, characterized in that at least one customer or a plurality of customers can operate an Internet connection entirely without their own physical Routerx or LANx and without their own direct connection neither by radio interface, by fiber optic connection or by cable connection by the terminals MDx are used exclusively following guest networks LAN _FI , with this procedure, a logical unbundling of the subscriber line takes place because Internet connections of different customers (MDx) to different ISP in the same transmission medium between LAN _FI and LISP _FI take place on, for example, the subscriber line. Method according to at least one of the preceding claims, characterized in that at least one customer or a plurality of customers can operate a LANx without its own direct connection neither by radio interface, by fiber optic connection or by cable connection to a telecommunication network or to an ISPx by temporarily or permanently connected via any cable, radio or fiber optic connection to a LAN _FI , with this procedure also takes place a logical unbundling of the subscriber line, as Internet connections to different ISPs take place in the same transmission medium between LAN _FI and LISP _FI on, for example, the subscriber line. Method according to at least one of the preceding claims, characterized in that a transport network consisting of at least the components LISPFI (for example technically reduced to only the IP Internet access), the connection line (for example, a fast fiber optic, coaxial cable or microwave link) and at least a LANFI can be implemented and operated without own direct subscriber line with associated DSL transmission, whereby the complete communication of the guest devices MDx via secure IP connections via the LANFI is forwarded to the respective LISPs and according to the invention also here no deviating communication from customers to the Internet takes place, so that a complete decoupling of the network infrastructure of the network services of the telecommunications and LISP takes place, whereby a cost-effective implementation of the FI network as a transport network without, for example, expensive DSL multiplexer (Digital Sub scriber Line Access Multiplexer DSLAM) and without necessary monitoring measures and monitoring accesses in the transport network, which is advantageous, for example, for rapid network expansion with fast Internet access in rural areas and metropolitan areas, especially if the transport network is publicly or locally financed and all ISPs in the free competition should be available. Communication terminal according to at least one of the preceding claims, characterized in that the communication terminal MD _guest special circuit accessories, a electronic sequence control or a code-controlled computer program, which is coupled to a wireless transceiver and automatically a WLAN with free Internet FI automatically either at the SSID address (for example, a prefix LFI) by comparison with a previously stored name in one Memory location can detect or alternatively automatically connects to the or the locally detectable WLAN and starts an automatic log-in procedure that leads to the positive case for automatic detection of a LAN _FI , the controller automatically or after tactile confirmation initiates an automatic connection procedure in the way that a connection request with the aim LISPx is sent to the LAN _FI and an automatic VPN connection is established upon receipt of the appropriate IP address, which Runaway by a similarly automatic log-in procedure automatically or by tactile confirmation in LISPx leads, wherein instead of the WLAN connection, an alternative radio network, such as LTE, etc. can be used according to the invention. Communication terminal according to at least one of the preceding claims, characterized in that the communication terminal MD contains special circuit accessories, an electronic sequencer or a code-controlled computer program, which is coupled to serial cable or fiber optic interface and automatically starts a Einbuchprozedur when connecting to a LANFI which leads in the positive case to the automatic detection of a LANFI, wherein the control automatically or after tactile confirmation initiates an automatic connection procedure in such a way that a connection request with the destination LISPx is sent to the LANFI and after receiving the corresponding IP address an automatic VPN Connection is established, which is carried out automatically by a likewise automatic log-in procedure or after tactile confirmation. Router device according to at least one of the preceding claims, characterized in that a router with special hardware and program components is extended such that foreign devices MD _guest , which wired via fiber or cable connection (for example, Ethernet, two-wire or coax) or alternatively by Radio interface (for example, LTE or WLAN) are turned on, are recognized as foreign terminals and that the router after a respective optional log-in procedure to recognize a connection request to an ISP _guest by receiving an ISP _{guest identifier} from the terminal, such as an ISP _guest name can and then automatically starts a query in an internal list or preferably in an external server LARS, can receive an IP address for ISP _guest from LARS and this can be sent to the MD _guest , and then a connection of MD _{guest of} any kind, for example a secure connection (VPN, etc.), and allows an IP connection of MD _guest exclusively to the IP address obtained from Lars, the router preferably being able to operate a plurality of different MD _guests simultaneously with connections to different ISPs and being able to be configured in such a way that the _guest MD individually, in groups and / or in their entirety regarding the access rights to network components within the router and other network components connected in the LAN, such as routers, computers, terminals MD, NAS memory, printers, multimedia components TV receiver repeaters etc. can be configured with regard to the dial-in procedure and with regard to the connection to the Internet, for example the transmission bandwidth, the transmission quality, Quality of Service QoS, the time and the duration of the connection etc. and alternatively can also be locked out of the connection. Server device according to at least one of the preceding claims, characterized in that a server device LARS is preferably present after the public Internet, which at least a list of ISP names and the associated IP addresses of the dial-in access of ISPs with legally prescribed procedure, such as Monitoring device (Legal ISPs) that can be addressed as guests' LISP and participate in the FI process. Internet access according to at least one of the preceding claims, characterized in that at least one Internet access is present (a telecommunications company, an Internet Service Provider ISP, an Internet Access Provider IAP, etc.), which has the technical facilities to the FI -Customers to allow Internet access and the secure connection (eg VPN) at least one guest MDx after a LANFI to ISP _guest through and the latter has a technical facility with which he queries the address list in the server LARS or from can receive there, so that he receives those IP addresses of ISPs to which he allows or allows the establishment of a secure connection, optionally storing the list of IP addresses for faster access. Internet access according to at least one of the preceding claims, characterized in that at least one Internet access ISP _{guest is} present (a telecommunications company, an Internet Service Provider ISP, an Internet Access Provider IAP, etc.), which has customers who by means of the inventive Procedure to log in via a secure connection (for example, VPN) and switched to the Internet after authentication and authorization and / or customers who use the inventive method exclusively in the absence of their own subscriber line and / or a wireless modem (mobile phone connection to the router), as Guest at a foreign LANFI via a secure connection (for example, VPN) in the ISP register and are switched through after authentication and authorization to the Internet. Computer program according to at least one of the preceding claims, characterized in that a code-controlled computer program can be installed on an MD as an application which has connection with at least one WLAN transmitting / receiving device and / or one or more serial interfaces and programmatically automatically a WLAN with free Internet access FI automatically optionally at the SSID address (for example, a prefix LFI-) by comparing with a previously stored name train in a memory location can detect or alternatively automatically connects to the or the locally detectable WLAN or alternatively the cable connection to a LAN _FI can detect and an automatic log-in procedure starts, which in the positive case leads to the automatic detection of a LAN _FI , wherein the controller automatically or after tactile confirmation initiates an automatic connection procedure in such a way that a connection request with the destination LISPx is sent to the LAN _FI and after reception the corresponding IP address is established an automatic VPN connection, which is carried out automatically or by tactile confirmation by an automatic log-in procedure, alternatively or in addition to WLAN, an alternative radio interface, such as LTE for the inventive method can be used ,

Images