Description

A SYSTEM THAT PROVIDES VIRTUAL SECURE CONNECTIONS BETWEEN A TERMINAL AND A WEB SERVER ON A RELAY SERVER-BASED WEB BROWSING ENVIRONMENT AND OPERATING METHOD THEREOF Technical Field

[1] The present invention relates to a system for providing secure virtual connections between a terminal and a web server in a relay server-based web browsing environment in which Web pages can be viewed at the terminal through a conversion by the relay server, and a method of operating the system.

[2]

Background Art

[3] A current situation will be described below using mobile terminals, such as mobile phones adopted by a current relay server-based web browsing environment, as an example.

[4] With the popularization of the wireless Internet, mobile terminals, such as mobile phones, have solidified the viewpoint that they are information terminals that can be used in arbitrary places. Therefore, mobile terminals have demanded web browsing, in which the Internet is mainly used. In order to meet the demands, software businesses and mobile communication businesses have developed browser products for enabling Web pages, manufactured for Personal Computers (PCs), to be viewed on mobile terminals. However, general mobile terminals have smaller screen sizes, smaller memory and disk capacity, and inferior network speed and higher cost, than PCs intended for viewing the corresponding Web pages, so that it is presently difficult to process and view the corresponding Web pages at the mobile terminals without conversion.

[5] In order to solve the problem, a relay server-based web browsing environment has appeared such that the sizes of Web pages are reduced and the Web pages are simplified through a conversion by the relay server, so that the Web pages are viewed at mobile terminals. However, in the relay server-based web browsing environment, since a relay server performs a web browsing operation of receiving Web pages and sending the response thereof to a web server, information required for web browsing work must exist in the relay server. Here, if the required information is private user information, a security problem may occur.

[6] In general web browsing, when private user information is required, all information

is encrypted by making an end-to-end encryption connection, in which a security technique, such as a Secure Sockets Layer (SSL) or Transport Layer Security (TLS), is used between the web browser and the web server, so that devices, such as a gateway and a proxy, which relay the network connection between a mobile terminal, in which a web browser operates, and a web server, cannot know the details of the information transmitted between the mobile terminal and the web server. However, in the relay server-based web browsing environment, since the relay server performs a function of the web browser which is one of the both ends, the end-to-end corresponds to the relay server and the web server, respectively. Although user information can be transmitted in an encrypted form between the relay server and the web server by applying a secure connection between a web browsing terminal, such as a mobile terminal, and the relay server, user information must be decoded into the original form thereof by the relay server in order for the relay server to process the user information and then transmit the processed user information to the web server in the same manner as the web browser does. At this time, security problems, such as hacking and the exposure of user information attributable to a relay server-related inside person, may occur.

[7] For example, when a user Identification (ID) and a password must be entered into a

Web page, a web browsing operation is performed by the relay server even though the user ID and the password were entered at the mobile terminal. Therefore, although the user ID and the password are encrypted and then transmitted from the mobile terminal to the relay server using the secure connection between the mobile terminal and the relay server, the relay server must decode the user ID and password in order for the relay server to perform web browsing, that is, in order to perform a general web protocol (for example, an HyperText Transfer Protocol (HTTP) post) between the relay server and the web server in which the user ID and password are used as parameters. Even though a secure connection is used again and then the user ID and password are transmitted between the Web page and the web server using a security web protocol, such as Hypertext Transfer Protocol over Secure Socket Layer (HTTPS), it is inevitable that the relay server must decode the user ID and password for a while before the user ID and password are transmitted. That is, the end-to-end encryption is not possible between the mobile terminal and the web server.

[8] Due to the above security problems, in the relay server-based web browsing environment, web browsing using important user information cannot freely be performed.

[9]

Disclosure of Invention Technical Problem

[10] Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and an object of the present invention is to provide a system for providing virtual secure connections between a mobile terminal and a web server in a relay server-based web browsing environment in which the Web pages of the web server can be viewed at the terminal through a conversion by the relay server, and a method of operating the system.

[H]

Technical Solution

[12] In order to accomplish the above object, the present invention provides a system for providing virtual secure connections in a relay server-based web browsing environment, the system including a web server for distributing Web pages; a relay server for performing conversion on Web pages which are downloaded from the web server, such that the Web pages are easily viewed in a terminal environment, and then transmitting the resulting Web pages to terminal sides; and mobile terminals for displaying respective user interfaces used to view the Web pages and control web browsing; wherein a connection relay unit is included in each of the Web pages which are downloaded from the web server, and configured to receive a connection to one of the mobile terminals from the relay server after the Web page is downloaded in the relay server, make a connection to the web server, and transmit data which is transmitted in both opposite directions between the connection to the mobile terminal and a connection to the web server, thereby providing the virtual connections between the mobile terminal and the web server.

[13] The relay server includes the function of a general conversion relay server, and the connection relay unit may additionally include a terminal connection provision unit for providing a connection to the mobile terminal.

[14] The user interface, displayed on the mobile terminal, may include not only a function included in a general relay server-based web browsing system but also a menu and a screen which are provided to the user so that the user can use the functions of the virtual secure connections.

[15] Meanwhile, in a system for providing virtual secure connections in a relay server- based web browsing environment, the system including a web server, a relay server, and mobile terminals, the web server, the relay server and the mobile terminals being connected over a communication network and capable of communicating with each other, a method of controlling the system for providing virtual secure connections between a terminal and a web server in the relay server-based web browsing environment according to the present invention, the method including the relay server downloading a Web page, which corresponds to a Web page address transmitted from

one of the mobile terminals, and a connection relay unit, which is included in the Web page, from the web server; the relay server driving and registering the connection relay unit, and then transmitting the interface of a terminal connection provision unit, which is used to make a connection to the mobile terminal, to the connection relay unit; the relay server performing conversion on the Web page so that the Web page has a form which can be processed at the terminal, and then transmitting the resulting Web page to the mobile terminal; the relay server transmitting a user's virtual connection request, made by the mobile terminal, to the connection relay unit, and the connection relay unit receiving a connection to the mobile terminal through the terminal connection provision unit; and the connection relay unit making a connection to the web server, and then transmitting data, transmitted in both opposite directions, between the connection to the mobile terminal and the connection to the web server, thereby providing the virtual connections between the mobile terminal and the web server.

[16] In order to accomplish the above object, the present invention provides a computer readable recording medium which records a program used to execute the method in a computer.

[17]

Advantageous Effects

[18] According to the present invention, virtual secure connection can be provided between a terminal and a web server in a relay server-based web browsing environment in which the Web pages of the web server can be viewed at the terminal through a conversion by the relay server.

[19]

Brief Description of the Drawings

[20] FIG. 1 is a diagram showing the configuration of a system for providing virtual secure connections in a relay server-based web browsing environment according to an embodiment of the present invention;

[21] FIGS. 2 and 3 are message sequence charts provided to describe a method of operating the system for providing virtual secure connections in the relay server-based web browsing environment according to embodiments of the present invention; and

[22] FIG. 4 is a diagram showing the structure of a packet including data for a virtual connection according to an embodiment of the present invention.

[23] *Description of reference numbers of principal elements in the drawings*

[24] 100: web server 120: connection server unit

[25] 130: relay server 143: connection relay unit

[26] 150: terminal connection provision unit 160: mobile terminal

[27] 163: user interface

[28]

Mode for the Invention

[29] The present invention will be described in detail with reference to the accompanying drawings below.

[30] FIG. 1 is a diagram showing the configuration of a system for providing virtual secure connections between a mobile terminal and a web server in a relay server-based web browsing environment according to an embodiment of the present invention;

[31] Referring to FIG. 1, the present system includes a web server 100, a relay server 130 connected to the web server 100 over the Internet 40 and configured to be able to communicate with the web server 100, and a mobile terminal 160 connected to the relay server 130 over the Internet 40 and a mobile communication network 50 and configured to be able to communicate with the relay server 130.

[32] The web server 100 provides a general web service, and includes at least one original

Web page 110, a connection relay unit 113, included in the Web page 110, and a connection server unit 120 configured to be in charge of the terminal of the web sever 100 side in a virtual connection, and secure the virtual connection through interaction with the mobile terminal 160.

[33] The relay server 130 performs its function as a relay server in a general relay server- based web browsing environment, and additionally provides virtual secure connections of the present invention. The relay server 130 downloads a Web page 110 from the web server 100, performs conversion such that the format of the Web page is easily viewed at the mobile terminal 160 and then transmits the resulting Web page to the mobile terminal 160, and provides a virtual connection to the connection relay unit 143, included in the downloaded Web page 140, through an internal terminal connection provision unit 150.

[34] The mobile terminal 160 displays a user interface 163 for enabling a user to view at least one Web page and to control web browsing, performs the function of a user side terminal in a virtual connection through interaction with the connection relay unit 143 of the relay server 130, and secures the virtual connection through interaction with the connection server unit 120 of the web server 100.

[35] The connection relay unit 143 is realized in the form of an extension module which can be included in a Web page. The form of the extension module varies depending on the Web page processing method used by the relay server 130, and an ActiveX control form, provided by Internet explorer, and a plug-in form, provided by Mozilla-based web browser, are generally known forms. In addition, although the relay server 130 can define the standard of the form by itself, it is further preferable that a generally known form, the technique of which is verified and according to which the burden of

education for developers can be minimized, be used. If the connection relay unit 143 is realized in the form of an extension module of a Web page, each Web page can use a separate module, so that the unique function of each Web page related to a virtual secure connection can be easily realized.

[36] The terminal connection provision unit 150 provides an interface which enables the connection relay unit 143 to make a request for connection to the mobile terminal 160. A method of exposing objects or methods through a Document Object Model (DOM) is the generally known interface form. For example, the "document" that is the top- level DOM object registers a specific low-level object and the method of the corresponding object in the "document. external" that is a lower interface object for enabling DOM objects, each of which includes the connection relay unit 143, to access the external objects of a Web page so that the connection relay unit 143 can make a request for connection to the mobile terminal 160 by calling the method of the corresponding object. Further, a method of the connection relay unit 143 registering its existence in the relay server 130 can be additionally included in the interface. In addition to the method of using the DOM, in the case in which the connection relay unit 143 is implemented using ActiveX, a method of using an interface standard of ActiveX objects and a container, including the ActiveX objects, is one of the examples of the generally well known methods. This method will be described in detail below.

[37] A virtual secure connection includes two connections. One of them is a connection between the mobile terminal 160 and the connection relay unit 143, and the remaining one is a connection between the connection relay unit 143 and the connection server unit 120. A general network connection can be used for the connection between the connection relay unit 143 and the connection server unit 120. A method of realizing the connection between the mobile terminal 160 and the connection relay unit 143 varies depending on the limitations imposed by the mobile terminal 160's connection to the network. Similar to information devices, such as general PCs, in the case in which the mobile terminal 160 has no limitation on the number of connections to a network, the general network connection can be used in the same manner as the connection between the connection relay unit 143 and the connection server unit 120.

[38] However, in the case of a plurality of mobile terminals 160, only a single network connection is permitted. In this case, a virtual connection must be constructed using an existing connection for general web browsing between the mobile terminal 160 and the relay server 130.

[39] A method of constructing a virtual connection is to include data for a virtual connection as a specific type packet within a data packet transmitted over a connection for general web browsing, like the hierarchical structure in packets of existing network systems. The mobile terminal 160 and the relay server 130 check the type of the

packet, determine whether the corresponding packet is used for general web browsing or for a virtual connection between the mobile terminal 160 and the connection relay unit 143, and then appropriately transmit the data of the corresponding packet based on the results of the determination. This method is described in detail with reference to FIG. 4. Referring to FIG. 4, in a general network layer structure, each of the data portions of layer packets loads the entire high-level layer packet thereof, that is, a header and a data portion. An application layer packet processed by the system according to the present invention is loaded onto the data portion of a Transmission Control Protocol (TCP) layer packet. This application layer packet includes a header and data so as to be similar to a low-level layer packet, and an Identification (ID) exists in the header, so that the type of the packet is determined by the value of the ID. When a packet is transmitted from the mobile terminal 160 to the relay server 130, the relay server 130 refers to the value of that ID. If the value of the ID corresponds to a general protocol between the mobile terminal 160 and the relay server 130, the relay server 130 processes the packet for the operation therebetween, and, if the value of the ID corresponds to a value for a virtual connection, the relay server 130 removes the header of the packet and then transmits the resulting packet to the connection relay unit 143. The case in which a packet is transmitted from the relay server 130 to the mobile terminal 160 is processed in a similar manner. Therefore, data for general use and data for a virtual connection can be divided from each other and then processed as if they are used over separate connections even through a single network connection is used.

[40] Accordingly, the connection relay unit 143 constructs no connection between the mobile terminal 160 and the relay server 130 by directly using a general network system but receives connection information through the terminal connection provision unit 150 of the relay server 130 which recognizes and processes such a specific situation. Thereafter, the connection relay unit 143 performs a sort of software gateway function which transmits data, received from one side connection, to an opposite side connection while managing both connections. Therefore, a virtual connection is constructed between the mobile terminal 160 and the connection server unit 120, and then a virtual secure connection is constructed between the mobile terminal 160 and the connection server unit 120 by initializing a general end-to-end secure connection over the virtual connection.

[41] The connection relay unit 143 extracts the information of the Web page 110, in which the connection relay unit 143 is included, using a DOM or another method, and then transmits the extracted information to the connection server unit 120, so that the web server 100 and the connection server unit 120 can perform appropriate operations based on relation with the Web page 110.

[42] FIGS. 2 and 3 are message sequence charts for showing a method of operating the

system for providing virtual secure connections between a terminal and a web server in a relay server-based web browsing environment according to an embodiment of the present invention.

[43] First, FIG. 2 is a message sequence chart showing a process of requesting and downloading a Web page and then initializing a module related to a virtual secure connection in the method of operating the system for providing virtual secure connections in a relay server-based web browsing environment according to an embodiment of the present invention.

[44] Referring to FIG. 2, a Web page address is entered in the mobile terminal 160 at step

S200, and the mobile terminal 160 transmits the corresponding Web page address to the relay server 130 and then requests the Web page at step S205. The relay server 130 requests the corresponding Web page, indicated by the corresponding Web page address, from the web server 100 at step S210, so that the corresponding Web page and a connection relay unit 143, included in the corresponding Web page, are downloaded to the relay server 130 at step S215.

[45] Thereafter, the relay server 130 drives the connection relay unit 143, included in the

Web page, at step S220, the driven connection relay unit 143 is registered in the relay server 130 at step S225, and the relay server 130 transmits the terminal connection provision unit 150 to the connection relay unit 143 such that the connection relay unit 143 can receive a connection to a terminal at step S230. Therefore, the operation of the preparation of the connection relay unit 143 is completed. Here, in the case in which the connection relay unit 143 is realized in the form of the above-described general extension module, the connection relay unit 143 is driven using a general method of driving the corresponding module. Otherwise, the connection relay unit 143 is driven using a method defined in the relay server 130. Further, in the case in which the function of registering the connection relay unit is included in the interface of the terminal connection provision unit, the registration of the connection relay unit may be performed after the interface is transmitted.

[46] Thereafter, the relay server 130 performs conversion on the Web page at step S235, and then transmits the resulting Web page to the terminal 300 at step S240. The mobile terminal 160 displays the received conversion performed Web page on a screen at step S245.

[47] FIG. 3 is a message sequence chart showing a process of constructing and using an actual virtual secure connection after initialization is performed in the method of operating the system for providing virtual secure connections in the relay server-based web browsing environment according to an embodiment of the present invention.

[48] Referring to FIG. 3, the mobile terminal 160 requests a virtual connection for a virtual secure connection from the relay server 130 at step S300, and the relay server

130 transmits the corresponding request to the connection relay unit 143, registered in the initialization sequence, at step S305.

[49] The connection relay unit 143 requests a connection to the mobile terminal 160 from the terminal connection provision unit 150 at step S310, and the terminal connection provision unit 150 constructs an actual connection to the terminal or a virtual connection using an existing connection for general web browsing between the terminal 160 and the relay server 130 as based on limitations imposed by the terminal' connection to a network, and then provides the constructed connection to the connection relay unit 143. Thereafter, the connection relay unit 143 requests a connection from the connection server unit 120 indicated by the Web page, in which the connection relay unit 143 is included, or information, which is defined therein, at step S320, and then receives a connection request response at step S325. The connection relay unit 143 constructs a virtual connection using the two connections received from both sides at step S330, and then transmits the results of the construction of the virtual connection to the mobile terminal 160 at step S335.

[50] Here, information, which can be used to access the web server 100 in consideration of the Web page in which the connection relay unit 143 is currently included, may be included in the information which is transmitted from the connection relay unit 143 to the mobile terminal 160. An example of such information may be session information, a login ID, or a one-time authentication key which is necessary for access. The mobile terminal 160 can access the content of the web server 100 through the virtual secure connection using the information, or the mobile terminal 160 can access the related content of the web server 100 by constructing a separate connection to the web server 100.

[51] The mobile terminal 160, which has received the virtual connection, initializes the secure connection by exchanging information with the connection server unit 120 through the virtual connection at step S340, and then exchanges required secure information at step S345. When the secure connection is not necessary anymore, the mobile terminal 160 requests to terminate the virtual connection from the connection relay unit 143 at step S350. The termination of the virtual connection may be requested by the connection server unit 120. Here, the request may be performed using a specific packet within the virtual connection, or, in the case of the mobile terminal 160, the request may be performed using an existing connection for general web browsing with the relay server 200. The connection relay unit 143, requested to terminate the virtual connection, terminates the virtual connection at step S355.

[52] According to the above-described processes, a virtual secure connection can be provided between a terminal and a web server in a relay server-based web browsing environment in which the Web pages of the web server is viewed at the terminal

through a conversion by the relay server.

[53] The above-described process will be described in detail using an example in which the connection relay unit 143 is realized using ActiveX.

[54] The connection relay unit 143 is included in a Web page in the same method as a method in which an ActiveX control is included in a Web page used by Microsoft Internet Explorer. That is, the reference information of an ActiveX control for the connection relay unit 143 is included in the Web page using the tag "OBJECT", and the relay server 130 downloads and executes the connection relay unit 143 based on the corresponding reference information.

[55] An example of the detailed tag is described below.

[56] <OBJECT

[57] classid="clsid:A21FE9D5-2FF6-4CE9-8595-4D02BCDE35El"

[58] width=350

[59] height=250

[60] align=center

[61] hspace=0

[62] vspace=0

[63] >

[64] </OBJECT>

[65] A method of the connection relay unit 143 receiving an interface, which is provided by the terminal connection provision unit 150 and which can be used to request a connection to the mobile terminal 160, is described below. According to the specification of ActiveX defined by Microsoft Corporation, when a container program, including a module realized in the form of ActiveX as an extension module, dynamically loads and drives the corresponding module, a Compact Object Model (COM) interface for describing the container itself is transmitted to the ActiveX module. The ActiveX module can request and use another COM interface of the container using this COM interface. In further detail, the container obtains the COM interface IOleObject based on the ActiveX module using the COM Application Programming Interface (API) of Microsoft Windows, and then transmits the COM interface IOleClientSite, provided by itself, to a parameter while calling the function SetClientSiteO of the corresponding interface. The ActiveX module obtains the COM interface IOleContainer, which is the main interface of the container, by calling the function GetContainer() of the interface IOleClientSite, and calls the function Queryl nterfaceO of the corresponding interface, so that the ActiveX module can obtain a desired additional COM interface from the container. In the case of the present patent, the relay server 130 corresponds to the container, the connection relay unit 143 corresponds to the ActiveX module, and the interface, which is provided by the

terminal connection provision unit 150 and is capable of requesting a connection to the mobile terminal 160, corresponds to the additional COM interface. For reference, the ActiveX module can extract a COM interface having the DOM information of a Web page in a similar manner.

[66] Actual additional COM interface may be defined as below. The definition below is described using the grammar of Borland Delphi, and those skilled in the art related to an ActiveX-related field can convert it into another computer language without difficulty.

[67] ISXContainer = interface(IUnknown)

[68] ['{F81FA7El-5010-4db2-90BC-19971B6E6503}']

[69] function Advise(plntf: ISXObject; out pdwCookie: DWORD): HResult; stdcall;

[70] function Unadvise(dwCookie: DWORD): HResult; stdcall;

[71] function OpenConnection(pdwHandle: PDWORD): HResult: stdcall;

[72] function CloseConnection(dwHandle: DWORD): HResult: stdcall;

[73] function SendConnectionResult(dwHandle; PDWORD; pData: PChar; dwDataSize:

DWORD

[74] function Send(dwHandle: DWORD, pData: PChar; dwSize: DWORD): HResult: stdcall;

[75] end;

[76] The functions of respective functions included in the COM interface are described below.

[77] The functions Advise() and Unadvise() are functions used when the connection relay unit 143, which is an ActiveX module, registers or releases itself in or from the relay server 130. The connection relay unit 143 obtains the additional COM interface, calls the function Advise() so as to register itself, and then releases the registration of itself by calling the function Unadvise() when all the functions are terminated.

[78] The functions OpenConnection() and CloseConnection() are functions used when the connection relay unit 143 requests and terminates a connection to the mobile terminal 160, respectively.

[79] The function SendConnectionResult() is a function called when the connection relay unit 143 constructs a connection using the function OpenConnection() and a connection to the web server 100, and then transmits the results of the construction and data, including information used to access the web server 100 as described above, to the mobile terminal 160. The data is different from data, which is received from the web server 100 and will be transmitted using the function Send() below, so that it is preferable that both data be transmitted using separate methods.

[80] The function Send() is a function used when the connection relay unit 143 transmits data, received from the web server 100, to the mobile terminal 160 connected using the

function OpenConnection(). When this function is called, the terminal connection provision unit 150 of the relay server 130 transmits data, which is transmitted to a parameter, to the mobile terminal 160. For reference, the function Receive() does not exist, and data is passively received using the function of the COM interface ISXObject transmitted to the relay server 130, which is a container, through the function Advise(). Since data is asynchronously received, the function of a gateway can be easily realized while a separate thread is not made.

[81] The definition below is realized by the connection relay unit 143, and is the definition of a COM interface transmitted using the function Advise(). This definition is also described using the grammar of Borland Delphi.

[82] ISXObject = interface(IUnknown)

[83] ['{F81FA7E0-5010-4db2-90BC-19971B6E6503}']

[84] function OnConnectionOpenRequest(): HResult; stdcall;

[85] function OnConnectionCloseRequest(); HResult; stdcall;

[86] function OnData(pData: PChar; dwSize: DWORD): HResult; stdcall;

[87] end;

[88] The functions OnConnectionOpenRequest() and OnConnectionCloseRequest() are functions used when the mobile terminal 160 respectively requests a connection to the connection relay unit 143 and requests the termination of an existing connection from the relay server 130. In this case, it is considered that the connection request and the connection termination request made by the mobile terminal 160 are realized using separate data packets between the mobile terminal 160 and the relay server 120. When the functions are called, the connection relay unit 143 actually constructs or terminates a connection by respectively calling the functions OpenConnection() and CloseC- onnection(). As described above, an actual process for the connection between the mobile terminal 160 and the connection relay unit 143 is performed by the terminal connection provision unit 150 through the COM interface, and remaining portions of the relay server 130 are configured to be little affected by a method of actually realizing a virtual connection. Here, the connection may be a general connection to a network or a virtual connection using an existing connection, as described above.

[89] When the terminal connection provision unit 150 of the relay server 130 receives data from the mobile terminal 160, the function OnData() is called so as to transmit corresponding data to the connection relay unit 143. The connection relay unit 143 transmits the data, which is transmitted to a parameter, to the web server 100.

[90] In this case, the connection relay unit 143 provides only a single connection, so that functions include no parameter for describing a connection. In the case in which a plurality of connections is provided, the connection may be realized by adding a parameter such as a handle.

[91] As described above, the connection relay unit 143 and the terminal connection provision unit 150 of the relay server 130 exchange data through the COM interface, thereby supporting the virtual connection.

[92] For reference, the connection realized in this embodiment is limited to the connection between the relay server 130 and the mobile terminal 160, and a connection between the connection relay unit 143 and the connection server unit of the web server 100 has not been mentioned. The reason for this is that the connection between the connection relay unit 143 and the connection server unit of the web server 100 is a connection over a general network which has no relationship with the mobile terminal 160, so that this connection can be realized by the connection relay unit 143 accessing the web server 100 using a network function, such as a socket API, provided by an operating system without the help of the relay server 130, as described above. Further, the definition of the COM interface is an example for realization hereby, and the usage thereof may be realized differently from the detailed functions.

[93] For reference, since the realization method shown in this embodiment is not an original method which is designed and used in the present patent but a method which is generally used in an ActiveX module, those skilled in the art related to an ActiveX- related field can realize the method based on the ActiveX specification, defined by Microsoft, without difficulty. It should be understood that the use of this method is not the point of the present patent but one of a plurality of methods that can be used to realize the system according to the present patent. Therefore, even if the method is realized while departing from the examples of the "document. external" and the "ActiveX module", it does not depart from the basic spirit of the present patent.

[94] Further, as described above, the present invention can be configured such that the mobile terminal 160 can access the related content of the web server 100, while a virtual secure connection is not constructed, by applying the process of the connection relay unit 143 transmitting information, which enables access to the web server 100, to the mobile terminal 160. That is, the relay server 130 transmits only the information which enables access to the web server 100, for example, session information, a login ID, or a one-time authentication key which is necessary for access, to the mobile terminal 160, so that the mobile terminal 160 can access the related content of the web server 100 by constructing a separate connection to the web server using the information.

[95] If a method of making a virtual connection between the mobile terminal 160 and the connection server unit 120 of the web server 100 is common throughout all Web sites and the information transmitted to the mobile terminal 160 by the connection relay unit 143 is common throughout all the Web pages, the connection relay unit 143 may be a module which is fixedly included in the relay server 130. However, in actuality, an

internal protocol for a virtual secure connection may vary depending on each web site, and information to be transmitted may vary depending on the purpose of the corresponding Web page or a method of realizing the corresponding Web page, so that it is essential that the connection relay unit 143 be configured as an extension module which can be downloaded from a web server, as described in the present invention. Meanwhile, a module, which interacts with the connection relay unit 143 and is operated in the mobile terminal 160, may vary depending on the connection relay unit 143, so that it is preferable that the module be dynamically added to the mobile terminal 160. A method of dynamically adding the module varies depending on the programming environment of the mobile terminal 160. If the module cannot be dynamically added to the mobile terminal 160, a second best method, for example, a module interacting with the connection relay units 143 of a small number of famous web sites is statically included, may be taken or a specific site-dedicated terminal program may be manufactured. For such cases, the relay server can support all web servers using connection relay units 143, which can be downloaded, without modification.

[96] The present invention can be implemented using computer readable code written on a computer readable recording medium. The computer readable recording medium includes all types of recording devices for recording data, which can be read by a computer system. The computer readable recording medium may be, for example, Read Only Memory (ROM), Random Access Memory (RAM), Compact Disc-ROM (CD-ROM), a magnetic tape, a floppy disk, and an optical data recording device. Further, the computer readable recording medium may be implemented in the form of a carrier wave (for example, a transmission over the Internet). Furthermore, the computer readable recording medium may be distributed throughout computer systems connected to each other through a network, and computer readable code may be recorded and executed in a distributed manner.

[97] Although the preferred embodiments of the present invention have been illustrated and disclosed, the present invention is not limited to the above-described specific embodiments. Those skilled in the art will appreciate that various modifications are possible, without departing from the gist of the invention as disclosed in the accompanying claims. It should be understood that those modifications are not separate from the technical spirit or perspective of the present invention.

[98]