CN1379945A - Secure internet compatible bi-directional communication system and user interface - Google Patents

Secure internet compatible bi-directional communication system and user interface Download PDF

Info

Publication number
CN1379945A
CN1379945A CN00814293A CN00814293A CN1379945A CN 1379945 A CN1379945 A CN 1379945A CN 00814293 A CN00814293 A CN 00814293A CN 00814293 A CN00814293 A CN 00814293A CN 1379945 A CN1379945 A CN 1379945A
Authority
CN
China
Prior art keywords
communication
port
internet
data
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN00814293A
Other languages
Chinese (zh)
Inventor
罗伯特·E·杰克逊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thomson Licensing SAS
Original Assignee
Thomson Licensing SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing SAS filed Critical Thomson Licensing SAS
Publication of CN1379945A publication Critical patent/CN1379945A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2801Broadband local area networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/22Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/75Indicating network or usage conditions on the user display
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/437Interfacing the upstream path of the transmission network, e.g. for transmitting client requests to a VOD server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4622Retrieving content or additional data from different sources, e.g. from a broadcast channel and the Internet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/475End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data
    • H04N21/4751End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data for defining user accounts, e.g. accounts for children
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/478Supplemental services, e.g. displaying phone caller identification, shopping application
    • H04N21/4782Web browsing, e.g. WebTV
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Child & Adolescent Psychology (AREA)
  • General Health & Medical Sciences (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Communication Control (AREA)

Abstract

A system including a modem prevents unauthorized Internet access by validating authorization of a User command and inhibiting (425, 430) Internet access by limiting bridging communication between a first port and a second port in response to the validated (410, 415) User command. The system maintains communication with a remote device on a first link via a first port using a plurality of communication protocol layers during a period in which bridging communication is inhibited. The system also prevents Internet access by inhibiting (425, 430) Internet access on a first communication protocole layer of a plurality of protocole layers. The system maintains communication with a remote device on a different second communication protocol layer of the plurality of protocol layers during a period in which communication on the first protocol layer is inhibited.

Description

The intercommunication system of secure internet compatible and user interface
The present invention relates to a kind of being suitable for such as system and user interface in the mutual two-way communication of cable modem, computer, TV, VCR (video cassette recorder), set-top box or relevant ancillary equipment.
Home entertainment system more and more trends towards comprising personal computer and TV functions (PC/TV function), wherein comprises communicating by letter of multiple source (source) and a plurality of targets.A kind of system like this can receive data from satellite or source, ground, comprises high definition TV (HDTV) broadcasting, multiple spot microwave distribution system (MMDS) broadcasting and digital video broadcasting (DVB).A system so also can utilize cable modem or provide high-speed Internet to insert by the telephone wire link that utilizes the compatible modulator-demodulator of ADSL for example or ISDN (asynchronous digital subscriber line or integrated services network) by broadcasting link or coaxial link (as wired tv line).Home entertainment system also can with player, PC, the local source of set-top box and the sources traffic of many other types such as Digital video disc (DVD), CDROM, VHS and digital VHS (DVHSTM) type.
For the home entertainment system of the two-way communication of the compatible with internet of the modulator-demodulator of supporting to utilize cable or other types desired be fail safe and the flexibility that operation can be provided.Specifically, expectation provides a kind of safe user interface, and it prevents that unwarranted internet from inserting and supporting complicated user interactions task and the simple command that is suitable for public purpose interface is provided simultaneously.Further expectation is provided at configuration home entertaining communication function and distributes internet domain name (as the customer flexibility of aspect of resource locator-URL), so that the element and the peripheral components of management and visit home entertainment system and support the internet to use.Such application can comprise such equipment, this equipment comprises video receiver, voice receiver, VCR, DVD, PC, printer, scanner, photocopier, phone, facsimile machine and household electrical appliance, and they can be separately or for example use in (or other) in-house network of family.These problems and the problem of deriving are by handling according to system of the present invention.
The system that comprises modulator-demodulator produces webpage as user interface in this locality, make the user can lock modulator-demodulator and prevent unwarranted access to the Internet.Use a plurality of protocol layers in the communication of this modulator-demodulator (such as the bi-directional communication device of the modulator-demodulator of cable modem ADSL or other types) on communication link.This system by the checking user command authority and forbid that access to the Internet prevents access to the Internet, forbid that wherein access to the Internet is by limiting bridge communications between first and second ports in response to the user command through checking.System utilizes a plurality of communications protocol layers to communicate by letter with the remote equipment maintenance on first link by first port during forbidding bridge communications.
In another feature, system is by forbidding that access to the Internet prevents access to the Internet on first communications protocol layers of a plurality of protocol layers.System keeps communicating by letter with remote equipment on the different second communication protocol layer of a plurality of communications protocol layers in the communication period of forbidding on first protocol layer.
The accompanying drawing summary
In the accompanying drawings:
Fig. 1 shows according to cable modem system of the present invention.
Fig. 2 shows the functional description according to the cable modem of the present invention in the network environment with a plurality of PC and cable television system front end (head-end).
Fig. 3 shows the flow chart that is used for domain name is converted to the method for corresponding internet web page address according to of the present invention.
Fig. 4 shows according to of the present invention and is used to forbid conciliate the flow chart of Lock Lee with the method for the access to the Internet of cable modem.
Fig. 5 to 8 shows according to the webpage that cable modem produced by Fig. 1 of the present invention, has described the example of the user interface menu that the locking and unlocking access to the Internet is provided.
Fig. 9 to 11 shows according to the user interface menu that cable modem produced by Fig. 1 of the present invention, illustration be used for the password and user ID (userid) clauses and subclauses of managing internet visit.
Figure 12 and 13 shows according to the webpage that cable modem produced by Fig. 1 of the present invention.
Fig. 1 shows cable modem system, the ability of its Internet traffic function by this modulator-demodulator of the locking and unlocking is provided to the user and advantageously prevent unwarranted access to the Internet.This cable modem system comprises that also a domain name spies upon (Snoop) server (DNSS), is used for advantageously intercepting the domain name mapping request and is used for domain name is converted to corresponding compatible with internet web page address.In order to support these and other characteristics, this modulator-demodulator advantageously produces a graphical user interface based on webpage, is used for being shown to the user on the PC of the browser application that adopts various criterion.These modulator-demodulator characteristics are at the problem about the customer flexibility that prevents unwarranted access to the Internet and provide in distributing internet domain name, so that utilize the element and the ancillary equipment of internal network system of the simple command interface management that is suitable for public purpose and visit family (or other).
The illustrated embodiment of the system 12 of Fig. 1 is supported in long-range Headend and is that this multi-layer protocol form of multi-layer protocol form comprises a QAM (quadrature amplitude modulation) or QPSK (quadriphase PSK) physical layer with respect to cable modem for cable modem bridge communications system 12 and the two-way communication between the Headend between the Local Area Network equipment of local PC for example.This physical layer transmits MPEG2 (motion picture expert group) transmission protocol data, and these data transmit DOCSISMAC (medium access control) Frame.The MAC data transmit ethernet data frame or MAC management data and Ethernet data and then transmit the IP layer data.Cable modem also uses the time-division multiplex communication of the return data in the Ethernet protocol to remain to the communication path that returns of Headend.
Comprise that from what Headend was transferred to cable modem physical layer data is processed and be converted to Ethernet or USB form, be used for communicating by letter with the lan device that is connected corresponding Ethernet or USB port.Cable modem and lan device keep two-way communication and also with corresponding Ethernet and usb protocol from these equipment receiving datas.Two-way communication between the equipment of system 12 and Ethernet compatibility or USB compatibility (being connected the port 72 and 82 of system 12) comprise with Headend and system 12 between the multi-layer protocol form of the similar type of communicating by letter.This multi-layer protocol form can comprise Ethernet/USB frame, HTTP (HTTP) and TCP/IP (transmission control protocol/Internet Protocol) data and other agreement, and application that is provided is provided for this.
Cable modem described herein uses the mpeg compatible agreement, and is consistent with MPEG2 image encoding standard, is called as " mpeg standard ".This standard comprises a system coding part (ISO/IEC13818-1, on June 10th, 1994) and a video coding part (ISO/IEC 13818-2, January 20 nineteen ninety-five).Internet TCP/IP described herein (transmission control protocol/Internet Protocol) and Ethernet compatible protocol provide the compatibility with the requirement of the elementary requirement of MCNS (MCNS) in March, 1998 International Telecommunication Union approval and that stipulate and DOCSIS 1.0 (by the data standard 1.0 of cable services interface) among RFC2669 (consulting on file 2669).And the discussion that the domain name is here handled is included in written domain name mapping step in the RFC 1591 in March, 1994 and RFC in February in 1996 1918 and the alternative document.The RFC file can obtain by the internet, and working group provides by Internet Standard.
Principle of the present invention can be applied to any intercommunication system and be not limited to the modulator-demodulator of cable, ADSL, ISDN or traditional type.And, though the system that is announced is described to handle web data for showing that this only is schematic.Term " webpage " is interpreted as any type of data that can be communicated by letter from internet source by Internet Protocol (IP) of representative by general solution, and comprise any type of packet packing (packaged) data, comprising for example video flowing or voice data, telephone message, computer program, Email or other communication.
The cable modem of Fig. 1 (system 12) is communicated by letter with Headend by two-way broadband high speed RF (radio frequency) link on the circuit 10 that generally comprises coaxial cable or hybrid fiber/coaxial (HFC).This modem system 12 carries out two-way communication by Local Area Network and the equipment that is positioned at user side.Typical user side local area network (LAN) comprises the Digital/Intel/Xerox Ethernet compatible network that connects by connector 72.USB (USB) the compatible network communication of other user side equipments by connecting via connector 82.Be connected subscriber equipment on Ethernet and the USB network and for example can comprise equipment such as personal computer (PC), the network printer, video receiver, voice receiver, VCR, DVD, scanner, photocopier, phone, facsimile machine and household electrical appliance.
In operation, the duplexer 20 of the cable modem system 12 of Fig. 1 will by descending (downstream) communication (sending to modulator-demodulator 12) that cable 10 transmits from Headend communicate by letter with up (upstream) (from the front end transmission of modulator-demodulator 12) to cable TV be separated.Duplexer 20 separates upstream data with the different frequency scope that downlink data (being generally 92-855MHz) uses respectively according to upstream data (being generally 5-42MHz) with downlink data.The element of the cable modem 12 of controller 60 allocation plans 1 to be being received on the cable 10 from the MPEG2 of wired television headend transmission data, and the form that these data is converted to Ethernet or USB compatibility is with respectively by port 72 and 82 outputs.Similarly, the element of the cable modem 12 of controller 60 allocation plans 1 to be receiving the data of Ethernets or USB compatibility from port 72 and 82, and with the conversion of MPEG2 transmission protocol data with on cable 10, be transferred to the front end of cable TV.Controller 60 comes the element of configuration-system 12 by the numerical value that utilizes bi-directional data and control signal bus that the control register in these elements is set.Specifically, controller 60 configuration tuners 15, sawtooth waveforms filter (saw filter) 25, differential amplifier 30 and MCNS (MCNS) interface device 35 are to receive the formative signal of DOCSIS on the RF channel frequency of identification formerly.The formative signal of this DOCSIS comprises the MPEG2 transmission format protocol of Frame that transmission package is drawn together the Ethernet compatibility of IP data content.
Controller 60 uses initialization process to determine the RF channel frequency that tuner 15 is configured to receive.This initialization process comprise repeatedly be tuned to continuous candidate RF channel frequency up to the signal that obtains a DOCSIS compatibility.Controller 60 is by being identified in the DOCSIS compatible signal on the candidate channel by the successful decoding of 35 pairs of data that received of MCNS interface processor and the corresponding acceptable error rate by decoded data.In initialized processing, controller 60 combines with MCNS interface 35, amplifier 85 and RF transformer 87, also sends upstream data and is used for a plurality of purposes to the front end of cable TV, comprises adaptively and regulates the uplink and downlink messaging parameter repeatedly.These parameters comprise for example cable modem transmission power level and time migration.
With in service normally, the RF carrier wave is utilized 64 or 256 QAM (quadrature amplitude modulation) and modulates with the MPEG2 transmission protocol data after initialization.This MPEG2 transmits data packets is drawn together the ethernet format data, and the ethernet format data comprise the IP data of HTML (HTML) webpage of representing the request of user for example.These MPEG transmission data offer tuner 15 by duplexer 20.Tuner 15 will be low-frequency band from the input signal downward conversion of duplexer 20, this low-frequency band by 25 filtering of sawtooth waveforms filter to promote the Signal Spacing with adjacent RF channel.Moved and cushion so that a signal with MCNS interface processor 35 compatibilities to be provided by differential amplifier 30 level from the filtering signal of unit 25.Downward conversion, level move and from the signal of amplifier 30 by 35 demodulation of MCNS processor.This demodulated data further in processor 35 by trellis decode, be mapped as row formula byte data segment, deinterleave (deinterleave) and Reed-Solomon (Reed-Solomon) error correction.Trellis decode, deinterleave and the Reed-Solomon error correction is known function, for example at " digital communication " (the Bostonian Kluwer of Massachusetts, United States academic press-Kluwer Academic Press in 1988 of list of references Lee and Messerschmidt, Boston, MA, USA, 1988) obtain in describing.Processor 35 further is converted to the ethernet data frame that offers processor 60 with the data of MPEG2 form.
Processor 60 utilizes from the filter of the front-end configuration of cable TV the Ethernet compatible data from unit 35 is carried out syntactic analysis and filtering.IP data identifier in the ethernet frame data bag of the introducing that the filter of being realized by processor 60 will be provided by unit 35 mates with numerical value from the IP identifier of Headend prepackage.Pre-installed in initialization that IP identifier numerical value is formerly carried out or the configuration operation.By this means, processor 60 has been realized the data admission control function, promptly sends selected data and abandons other selected data contents to local area network equipment.This configurable filtering system can advantageously be used to come filtering data to be used for multiple purpose according to the metadata project in the data of introducing, comprise basis: the Content Ratings that (a) is used for parent or other prevention control, (b) be used for advertisement and " promotional component (push-content) " predetermined user preference as target, (c) firewall filtering, (d) resource identity, (e) data search function.The compatible serial data of filtered Ethernet is communicated by letter to PC by Ethernet interface 65, filtering and isolating transformer 70 and port 72.Interface 65 buffering and the data of regulating from processor 60 are used for by unit 70 filtering and conversion to output to PC by port 72.
In a similar fashion, the IP data (transmitting in ethernet data frame) of controller 60 conversions and filtering from processor 35 are so that export with the USB form by port 82.Usb data was cushioned by transceiver 75 before the lan device that outputs to the USB compatibility that is connected to port 82 and is suppressed 80 filtering of (EMI/ESD) filter by noise and interference.
Modem system 12 is also from the front end uplink communication data of for example attached PC to cable TV.For this reason, the controller 60 of system 12 receives the data of Ethernet compatibility by port 72, interface 65 and filtering/isolating transformer 70 from attached PC, and provides it to processor 35.Processor 35 utilizes 16 QAM or the ethernet format data-modulated RF carrier wave of QPSK (quadriphase PSK) to be received.Resultant modulating data to cable 10, is used for the uplink communication by amplifier 85, transformer 87 and duplexer 20 by time division multiplexing.Amplifier 85 is used in a suitable power level selecting in the previously described initialization process front end dateout to cable TV.Transformer 87 provides the degree of fault (degree of fault) and noise to isolate at modem failure or at cable modem or in attached equipment in the local generation noise.
In a similar fashion, modem system 12 also passes through USB port 82 from attached equipment uplink communication data.In exemplary a kind of implementation, the controller 60 of system 12 receives the data of Ethernet compatibility from transceiver 75, and provides it to processor 35, is used for carrying out uplink communication in previous described mode.For this reason, transceiver 75 receives the Ethernet data that is encapsulated in the USB frame by filter 80 from port 82, and removes the USB frame data to provide the ethernet format data to controller 60.
Controller 60 is also in response to break-make and reset switch 90 and the various functions of execution except that function described above.Specifically, modulator-demodulator 12 under the control of controller 60 is advantageously: (a) make the user can lock this modulator-demodulator and prevent unwarranted access to the Internet, (b) intercepting of support region name analysis request and domain name is transformed to corresponding compatible with internet web page address, (c) branch that enables internet domain name is used in family, private internet or other intranet systems that is independent of public the Internet, (d) produces mutual html web page as graphical user interface.In addition, the parameter that the configuration information that provides from the front end of cable TV comes setup of modulator-demodulator 12 is provided for controller 60.Controller 60 is also in synchronous and multiplexed uplink communication control system 12 to the cable 10, and is implemented in the rate limit on the control upstream data communication amount.Controller 60 filters the data that received also two-wayly, and the data of selecting are offered Headend and the lan device that is connected to port 72 and 82.Controller 60 also keeps a TCP/IP data base, is used to cushion the purpose with data management, and support communicate by letter with the data-directed of Headend (ranging communication).Beam communication is started and comprises the continuous still poll at intermittence of each modulator-demodulator by Headend, to determine state and identification modulator-demodulator or line fault.
Fig. 2 shows the functional description of the cable modem of the Fig. 1 in the network environment that comprises a multiple pc and a Headend.Combine with other element of the described system 12 of Fig. 1 by controller 60 (Fig. 1) and carry out in the function element of the Fig. 2 shown in the system 12.In Fig. 2, cable modem 12 be provided at front end cable service provider 240 and with local area network (LAN) that PC 220 and 265 links to each other between two-way bridge communications.In system 12, be provided at two-way bridge communications between the different input and output agreements by interface and protocol conversion function 225 and 235.The two-way communication path that provides by unit 225 and 235 is supported in the protocol conversion in the multi-layer protocol structure.As the description that the front combines with Fig. 1, protocol layer comprises MPEG2, Ethernet and ip protocol layer and usb protocol layer and the QAM or the QPSK modulation physical layer of layering.In addition, TCP/IP stack 260 bufferings are used for the request and the response message data of web page generator, server and management function 255 and SNMP (Simple Network Management Protocol) communication function 245.And SNMP communication function 245 and management of webpage function 255 use modem data storehouse 250 to come response command.
SNMP function 245 receives with translation and communicate by letter the operation of management system 12 also with in response to these communication from the SNMP of Headend 240.Specifically, function 245 utilizes the configuration information that provides from Headend to come setup of modulator-demodulator 12 and update system parameter.Function 245 also in system 12 the configuration bidirectional filter be used for syntactic analysis and or transmit, redirect or abandon from PC220,265 and the message that receives of Headend 240.Function 245 is also supported the previously described beam communication function that is started by front end 240, and the continuous poll that is used for modulator-demodulator 12 is to determine the state and the service conditions of modulator-demodulator.
Web page generator function 255 produces mutual html web page, anticipates as shown in the Figure 12 and 13 that discusses as the back.The webpage that is produced comprises a graphical user interface, makes the technical staff can easily carry out the diagnostic test on system 12 and relevant network.Function 255 produces html web pages, is used for for example showing on attached user's PC 220, make the technical staff can be directly PC by the user determine fault and state.The webpage that is produced also can be by remote access after the far-end PC that uses SNMP or another agreement is carried out password and user ID mandate.The ability of the Internet traffic function by the locking and unlocking modulator-demodulator is provided to the user, the webpage that is produced makes authorized users can prevent unwarranted access to the Internet.The webpage that is produced also provides user interface, makes it possible to watch and/or update system parameter and the data that received, as security warning, special event (sales promotion etc.), Internet traffic statistics with overflow or underflow condition and transfer of data statistics.Webpage also provides diagnosis, makes out the bill, state, internal configurations and other information, and makes modem configuration to change.In another embodiment, the function of being carried out by the webpage that produces described herein may be included in the Web browser webpage.
The webpage that is produced by function 255 also provides an interface, makes the user to distribute an internet domain name to private internet (relative with public the Internet).This interface for example makes the user to distribute internet domain name to the element in family's (or other) intranet systems.For this purpose, intercepting domain name is spied upon domain name mapping request that server (DNSS) 230 supports that intercepting produces by PC 20 with in response to the user's internet webpage request by for example the browser of operation starts on PC 220.DNSS 230 is converted to corresponding private internet web page address with the domain name that is intercepted, and therefore the webpage that makes it possible to pass through to be produced distributes the private internet domain name, is used for family or other private internets or intranet systems and irrelevant with public the Internet.
Fig. 3 shows the flow chart of method that is used for domain name is converted to the web page address of corresponding compatible with internet.The controller 60 of this method by Fig. 1 (combining with other elements of the system 12 of Fig. 1 and 2) uses, and the webpage that makes it possible to pass through to be produced distributes the private internet domain name, is used for family or other private intranet systems.After step 300 beginning, at step 303 (Fig. 3), PC 220 (Fig. 2) sends a domain name mapping request to system 12 (Fig. 2), with the user's web-page requests in response to the browser that passes through to move on PC 220.PC 220 browsers provide a domain name request according to the standard the Internet analysis protocol, the standard the Internet analysis protocol is having a detailed description in obtainable RFC (consulting on) file on the internet, as some RFC files of RFC 1035,1591,1816 and front and back relevant with these files.
The internet domain name analysis request is that the name server (DNS) of IP address responds by being used for domain name mapping.By resolver request is offered the address of IP completely that one or more DNS obtain a particular machine or equipment.For example, on a Web browser, the user can key in RCA.com.It is sent to a DNS then, and this DNS can be converted into IP address 157.254.235.215.A Web browser uses this IP address to get in touch and searching web pages information with Web server.Notice that this example has greatly been simplified.In practice, by reference or recurrence handle the DNS that uses several laminated tissues, and add and comprise many other processing, comprise the processing of high-speed cache and life-span (age) factor.
PC 220 submits to system 12 with the domain name mapping request, is used to transmit domain name with the converting users input and is the source IP address of the correspondence of the webpage of being asked.In step 305, provide an intercepting dns database (unit 250 of Fig. 2) to be used in the system 12.This intercepting dns database interrelates the domain name of IP address and the in-house network equipment on local lan (private intranet), and from coming local domain name and IP address information of distributing to derive out by the user by the web-page interface that produces by system 12.Another kind of alternative is can use DHCP (DHCP) to download the intercepting dns database from the far-end the Internet locations, as the front end from cable TV.In another embodiment, can download the intercepting dns database from the Internet locations of this locality, as from local storage, perhaps this database can be pre-stored in the system 12.
In step 310, the server (DNSS) 230 (Fig. 2) of spying upon of system 12 is checked domain name mapping request message from PC 220, name-matches in domain name that is transmitted to determine whether and the database 250.In step 315, if a name-matches in domain name that is transmitted and the database 250 (Fig. 2), then system 12 (under the control of the controller 60 of Fig. 1) intercepting is from the domain name mapping request of PC 220 (Fig. 2).Under the situation that has such name-matches, system 12 forbids further domain name mapping message being communicated by letter with the public the Internet name server in step 317.In step 320, spy upon server (DNSS) 230 and combine with database 250, the domain name that is intercepted is converted to the address of an IP compatibility, and gives request source (being PC220 in this example) with the IP address to returning communication in step 323.And system 12 is kept in the database 250 in the history of step 325 with domain name and IP address transition and request, and put and compile this information in order, be used for monitoring and other purposes, comprise for example parent control, firewall filtering, perhaps be used to accumulate user preference data as consistency operation.The information that is compiled be caught to obtain to be used on the webpage that produces by unit 255 continuously or show when obtaining the user by webpage and asking.The processing of Fig. 3 finishes in step 330.
In other embodiment, execution in step 317, and system 12 also will communicate by letter to the public the Internet name server from the domain name mapping message that PC 220 receives.In this case, system 12 can receive two IP address transition in response.One from 230, one of DNSS from far-end common domain name server.The IP address that is received may be identical or inequality, therefore, produces potential address conflict and race condition.In order to prevent that the such race condition from causing problem, system 12 is programmed selects first IP address response of being received.First response that this received is generally the response from local dns S 230.Another kind of alternative is, system 12 can carry out different adjustings, and for example system 12 can be adjusted to preferential selection from the response such as the special source of far-end server.
The characteristic of the processing of intercepting name server and Fig. 3 provides means for the user, makes the user can distribute, add or change the internet domain name that uses easily and promptly in private internet, adds equipment so that for example satisfy to private internet.This makes user's webpage by for example moving neatly on standard browser, manage and change family's (or other) element of intranet systems and the configuration of ancillary equipment.The domain name that the user can advantageously manage on private internet is distributed, and domain name must not distributed and change registers to public the Internet gateway and service provider's (ISP) burden loaded down with trivial details and consuming time and do not influence public the Internet or do not bring.In addition, the user of the webpage that produced in private internet of request does not need to know the IP address of the complexity of this webpage.But the user can visit webpage by submitting local private internet domain name of distributing, and this domain name is intercepted name server and is identified as corresponding with the webpage of being asked.
The characteristic of the processing of intercepting name server and Fig. 3 also advantageously enables following each side: (a) make IP address webpage or other information sources or equipment that produced by system 12 on private internet to be dynamically allocated for safety or other purpose; (b) make it possible to distribute another name (or user customizable) domain name and IP address the DNS request that makes system 12 (or dns server) to intercept and to respond for example not address directly to it to information source; (c) make it possible to cover domain name with local alternative name of distributing.Therefore, system 12 can utilize local private internet domain name of distributing or the devices communicating on IP address and LAN or the subnet, and this private internet domain name or IP address are used for being identified in this special LAN or the equipment on the subnet.Domain name or IP address can be distributed by the webpage that is produced by unit 255.Perhaps can be by distributing to aforesaid database 250 (Fig. 2) Local or Remote data download.This has eliminated the user must be adjusted at the IP address of PC on the LAN or netmask so that necessity of the webpage that visit is for example produced by unit 255 in system 12.
Fig. 4 shows the flow chart of method of forbidding using with release the access to the Internet of cable modem.User interface is provided on the PC that is attached on the Internet ports 72.This method is used by the controller 60 of Fig. 1 (combining with other elements of the system 12 of Fig. 1 and 2), so that modulator-demodulator can prevent unwarranted access to the Internet by safety locking.This has guaranteed that unwarranted user (as children) does not have access right to the unwatched network equipment.It also provides the assurance that his/her PC can not be accessed when modulator-demodulator is blocked to the user.
In the step 405 of Fig. 4, after step 400 beginning, the communication bridging capability of cable modem 12 is enabled.As previously mentioned, this bridging capability makes can be on cable 10 being connected with the RF network such as the internet equipment of PC of port 72 of the system 12 be connected to Fig. 1 be used for communicating by letter, as defined in the DOCSIS standard.Docsis specification provide a modulator-demodulator should be when connecting consistently with Cable Modem Terminal System (CMTS) directed (promptly keeping two-way communication).Therefore, in order to remove the connection of internet, the consumer need physically disconnect modulator-demodulator from the RF network, needs to disconnect the power supply of modulator-demodulator exactly.This method and system in conjunction with Fig. 4 explanation provides a locking mechanism, makes modulator-demodulator lose bridging capability by hardware (being lock ﹠ key) or software (being username and password).This feasible consumer's who is connected with modulator-demodulator the network equipment and the shielding of PERCOM peripheral communication amount, and prevent that also unwarranted user is by the modem access internet.
The user's of the locking of startup modulator-demodulator authority is verified in the step 410 and 415 of Fig. 4.Specifically, user ID and the password in step 410 input utilizes menu illustrated in Figure 9 to be verified in step 415.This menu that uses during Fig. 4 handles and other menus are gone up at the PC that is attached to port 72 (Fig. 1) and are shown.The input of bad password and user ID causes step 410 and 415 to use the bad password processing menu of Figure 11 to be repeated to attempt several times, up to controller 60 (Fig. 1) statement good authentication or failure.
The password of modulator-demodulator uses the change password menu of Figure 10 signal to change.Icon 505 and 605 in the webpage that this menu can be produced by the signal modulator-demodulator of Fig. 5 and Fig. 6 calls respectively.The password of Figure 10 changes the menu prompt user and imports original code and twice new password (as the affirmation of new password).Typical password can be any combination of for example maximum 10 letters, numeral and non-alphabetic characters.The menu of Figure 10 or similarly menu can be used for initial setting up password when modulator-demodulator 12 is initialized.Another kind of alternative is, also can use a software configuration, and a MIB (management information bank comprises the software steps that can carry out telemanagement) makes that when losing password password is resetted by front end.Can use the password default (as " letmeout ") that in user's manual, provides in detail to call the step that allows the front end reseting cipher.In a such system, a special-purpose MIB who enables in modulator-demodulator allows from a management work station of the front-end operations of cable TV or the password that under the situation of losing or forgetting Password password is resetted back and gives tacit consent to by the network operation center that the ISP controls.For this purpose, snmp management device of front end or network operation center order MIB reset user's password or user ID or this both.In order to call this step, take on the telephone in user and cable operator or network operation center, and the password that acquiescence is provided asks to reset at the password in his modulator-demodulator as authority.Another kind of mode is, suppose that modulator-demodulator 12 is not under the mode of locking, and the bridge communications that modulator-demodulator 12 allows between the front end of attached PC and cable TV, then password default can come reseting cipher directly to call based on the step of MIB by modulator-demodulator 12 front end of communicating by letter.
After the good authentication in step 415, the user asks display web page in step 420.The webpage of being asked is as user interface, allows the Subscriber Locked modulator-demodulator and forbids that access to the Internet communicates by letter.In step 425, the locking and unlocking that the user communicates by letter with 700 access to the Internet that start modulator-demodulator by the icon 500 of the webpage among Fig. 5 and 7 respectively.Another kind of alternative is, the user starts the locking and unlocking that access to the Internet are communicated by letter by the check box 600 of Fig. 6 and 8 webpage with 800 respectively.In step 425, the locking and unlocking of the icon 500 of the webpage of user by Fig. 5 or check box (for example as shown in the icon 800 of the webpage of Fig. 8) startup modulator-demodulator.In other embodiments, can utilize and start with those different user interface menu described in Fig. 5-12 and webpage or forbid described function.
In step 430, modulator-demodulator 12 access to the Internet communication is disabled, and the webpage that shows the state of indicating this forbidding in the icon 500 and 800 modes of being illustrated of Fig. 5 and 8 respectively.Modulator-demodulator 12 is by advantageously forbidding forbidding access to the Internet at the front end of cable TV with the bridge communications of IP data between the lan device that port 72 and 82 is connected.Under the condition of locking, the trial of going up the access the Internet that produces by Web browser at customer equipment (as the PC 220 of Fig. 2) is restricted in the visit of the content of the buffer memory of PC own or to the visit by the modulator-demodulator 12 inner webpages that produce.When modulator-demodulator is blocked, there is not the traffic to pass through to the RF of network side, forward end and public the Internet from client's home network or PC (and private internet).The bridging functionality of modulator-demodulator is disabled.
Under the condition of this locking, modulator-demodulator 12 maintenances are communicated by letter with the multi-layer protocol of the front end of cable TV, to support the DOCSIS standard orientation to handle and to support the SNMP (Simple Network Management Protocol of definition in RFC file 1157) to the database in modulator-demodulator 12 (unit 250 of Fig. 2) to visit.The frontal startup by cable TV is handled in beam communication, obtains explanation in DOCSIS radio frequency interface standard.Beam communication message is included in the regular directed maintain message that transmits on MAC (medium access control) layer of OSI (open system interconnection) network model.Database communication comprises SNMP, and the IP that this SNMP is included in the session layer of osi model goes up the User Datagram Protoco (UDP) (UDP) of operation.Under the mode of locking, modulator-demodulator 12 also keeps communicating by letter with the multi-layer protocol of PC (as be attached at Fig. 2 of the Internet ports PC 220), so that user interface based on webpage (as in meaning as shown in Fig. 5-8) to be provided, allow user's release and lock modulator-demodulator more as requested.
Modulator-demodulator 12 forbids advantageously that by using filtering mechanism the bridge communications of the IP data between the front end of cable TV and appended lan device forbids access to the Internet.In this embodiment, the two-way communication of IP layer data is under an embargo.Yet, in other embodiments, can use filtering mechanism to come in one or more particular protocol layers between the front end of cable TV and appended lan device to forbid the communication in other protocol layers simultaneously by data.And, use bidirectional filtering to allow to pass through in one direction the particular protocol layer, as from the front end to the lan device, from the lan device to the front end, pass through one or more different layers simultaneously.A kind of alternative is to forbid all bridge communications.Filter may be implemented as configurable filter, and be used for according to following listed one or more come bi-directional filtered at cable TV front end and the data between the appended lan device: (a) content, (b) protocol type and (c) data source or destination.Information filtering can realize according to the project that metadata or other guide or content are derived, and is used for multiple specific purposes, comprises described those purposes in conjunction with Fig. 1.
Filter can be realized in the similar mode of docsis cable equipment MIB with appointment in RFC file 2669, RFC file 2669 has defined docsdevFilterIPDirection object and docsDevFilterIpDaddr object, and perhaps filter can utilize other filtering mechanism to realize.The main filter that uses these two kinds of objects can be used to limit Web browser (as on the PC 220 of Fig. 2) from the user to front end also further to all traffics of internet or the traffic of selection.In the initialization of locking, the modulator-demodulator filtering data traffic is to limit all offered traffics of the browser (as in PC 220) that carries the destination address that mates with gateway ip address (corresponding to the IP address of the Cable Modem Terminal System in front end).In addition, according to docsdevFilterIPDirection object and docsDevFilterIpProtocol object (or according to another mechanism), a such filter can be configured to limit the agreement of any selection or the content of selection is passed through modulator-demodulator in any direction.This guarantees that user can stop the visit to the internet, and guarantees to stop and (pass through front end) from the internet to the visit of user PC to strengthen fail safe.
In another embodiment, step 430 at Fig. 4, modulator-demodulator 12 prevents unwarranted access to the Internet by forbidding at the ethernet communication protocol layer to the communication of the front end of cable TV and remain on the communication to the front end of cable TV on the MAC protocol layer simultaneously.The management information of directional operation and other modulator-demodulators and Network Management Function is supported in the transmission of MAC protocol layer.And, modulator-demodulator 12 keeps communicating by letter with the multi-layer protocol of the PC PC220 of Fig. 2 of the ethernet port of modulator-demodulator 12 (as be attached at) simultaneously, so that the user interface based on webpage (as Fig. 5-8 signal) to be provided, make user's release and lock modulator-demodulator more as requested.
In step 430, continue the processing of Fig. 4 and after the locking modulator-demodulator, any as trial by unwarranted user's roaming network in step 445 is prevented from, and cause in step 450 Fig. 4 this handle the termination of branch.In addition, in step 440,455 and 460, modulator-demodulator can be by the user's release through authorizing.In this case, password prompt menu (as the menu of Fig. 9) is shown, with will be in the trial of step 440 release modulator-demodulator in response to the user.The user can attempt coming the release modulator-demodulator by the release button 700 of the webpage that for example starts Fig. 7 or " access to netwoks " check box of choosing Fig. 8.After step 455 input password, in step 460, when having verified correct password, modulator-demodulator is unlocked to be supported in the bridge communications in the step 470 and to provide access to the Internet to the user.In step 475, this branch process of Fig. 4 finishes.In step 460, when bad password of identification, the user is by menu illustrated in Figure 11 password useless in the notified input of step 465.By this menu, in step 465, the user can cancel trial release modulator-demodulator from password authentification or the user that step 440 begins by retry.Attempt if cancel its release step 465 user, then handle and return step 430 and produce a webpage.
In other embodiments, can otherwise carry out, provide access to the Internet with locking or release modulator-demodulator, and do not need to comprise the input of password or user ID subscriber authorisation.Can provide an access card mechanism to modulator-demodulator 12, to be used for coming verifying authorization according to digital signature for example or other mandates or rights data.Similarly, modulator-demodulator 12 can be in response to the authority of determining the user such as the different access means of physics or electronic key.
Figure 12 and 13 shows the webpage that cable modem produced by Fig. 1.These webpages make that advantageously for example the technical staff can determine and adjust concrete internal modems configuration.These webpages are supported interactive functions, and comprising following one or multinomial: (a) setup of modulator-demodulator 12, and (b) request display system parameter (c) is selected make out the bill option and (d) distribute IP address of a business.This webpage uses and before combines those similar cryptoguard visits that prevent that unwarranted access to the Internet from describing.As a result, even unwarranted user has found the URL address of a special web page, but it is by cryptoguard.Therefore this webpage also shows concrete diagnostic message to the technical staff, has removed the technical staff from and has depended on LED indication and special-purpose diagnostic device can visit internal state (as the 910-920 item of Figure 13) and the needs of configuration are set.In addition, use such webpage to make the technical staff can use user's PC to visit and setup of modulator-demodulator 12 (Fig. 1), removed the cost that PC or portable computer for example are provided to the technical staff from.The technical staff can be provided with Return Channel power level for example (Figure 12 the 913rd).Obtainable information comprises the specifying information about the customer network configuration on webpage.Specifically, it comprises the MAC Address (Figure 13 the 900th and 902) of quantity, ethernet speed (100Mb or 10Mb) and the modulator-demodulator 12 of the PC that for example links to each other with network.In an identical manner, shown webpage can be indicated other address information, as: (a) webpage IP address, (b) file transfer protocol (FTP) (FTP) address and (c) e-mail address.This webpage also provides other customer network informations, is included in the traffic and the details about conflicting on the network.This has advantageously eliminated the diagnostic device of customization or the demand of software.
Modulator-demodulator 12 also produces at the user is ready the browser alert box of some network event of being apprised of.And browser can show special HTML information during the search and webpage data.During this period, modulator-demodulator 12 sends the information of event on the related network to the user.These incidents comprise about warning, the lan network traffic of the unwarranted visit of user's lan network being overflowed and passed through the transfer of data quantity of modulator-demodulator 12.Modulator-demodulator 12 also makes the cable the Internet service provider to come the transmission of restricting data by setting up limit, and the user also can see institute's data quantity transmitted.Alert box also makes the user can check the statistics for the visit of specific type, comprises Webpage search, DNS request, FTP (file transfer protocol (FTP)) file transfer, email message, or the like.In other embodiments, these incidents are not limited to show in the alert box of browser with relevant information, but can obtain on the webpage that is produced in response to the information retrieval requests that the user who needs is arranged by modulator-demodulator 12.The front can show in the zone in for example Figure 12 and 13 905 and 907 in conjunction with Figure 12 and 13 described information projects, perhaps can provide with another kind of display format.
And, can be used to periphery (the local connection) equipment input and distribution domain name or IP address in Figure 12 and 13 order line (the 911st) to modulator-demodulator 12.The domain name that order line 911 also can be used to be imported is associated with corresponding IP address (vice versa), comprising the renewal of the database in the modulator-demodulator 12.Ancillary equipment can comprise: (a) at equipment on the in-house network with (b) at equipment on the local network and (c) equipment on private internet.Similarly, order line 911 provides the data line of input, makes the user can import data and is used for configuration at the data traffic filter of modulator-demodulator 12.A traffic filter like this can be used to come filtering data according to following: the Content Ratings that (a) is used for parent or other prevention (blocking) control, (b) be used for advertisement and " promotional component (push-content) " predetermined user preference as target, (c) firewall filtering, (d) identity of source or target and (e) data search function.Another kind of mode is, Figure 12 and 13 webpage can use the menu that is presented in the zone 905 and 907 for example, it support clearly domain name and corresponding IP address input, distribute and be associated.Similarly, the concrete menu that occurs in zone 905 and 907 also can be used to startup, forbidding and configuration data traffic filter.
Modulator-demodulator 12 also serves as the browser agent server, is used for the webpage roaming.This has improved the speed of browser roaming network, if particularly when existing a more than browser movable simultaneously (a more than PC is arranged on the lan network the client).Modulator-demodulator 12 extracts the webpage of the high-speed cache relevant with the current webpage of watching of user with forwarding in advance.This has improved the internet roam speed by eliminating the delay that is caused by far-end website or the Internet infrastructure.In addition, in conjunction with the described inner filter of Fig. 4, modulator-demodulator 12 is used as fire compartment wall by the configuration front, is used to get rid of destruction and the traffic that can not adopt, exempts from the outside with the network system of protecting the user in family or commercial affairs and invades and destroy.
The structure of the system of Fig. 1 and 2 is not an exclusiveness.Can derive other structure to reach identical purpose according to principle of the present invention.And the treatment step of the element of the modulator-demodulator 12 of Fig. 1 and 2 and function and Fig. 3 and 4 can be with all or part of realization the in the instruction of the programming of controller 60.In addition, principle of the present invention may be used on any multi-layer protocol intercommunication system and is not limited to the modulator-demodulator of DOCSIS compatibility or the modulator-demodulator of other any kind.

Claims (22)

  1. Be used for utilizing more than first communications protocol layers by first communication link of first port on and utilizing more than second communications protocol layers by carrying out the equipment of two-way communication on second link of second port, a kind of method that is used to prevent access to the Internet is characterized in that following step:
    The authority of checking user command;
    In response to described user instruction, forbid access to the Internet communication by the bridge communications that is limited between described first port and described second port through checking;
    During forbidding described bridge communications, utilizing described more than first communications protocol layers to keep on by described first communication link of described first port and the communicating by letter of remote equipment.
  2. 2. according to the method for claim 1, it is characterized in that the described step of forbidding comprises:
    Utilize the first filtering standard filter from described first port to the data of described second port communication and
    Utilize the second filtering standard different to filter from the data of described second port to described first port communication with the described first filtering standard.
  3. 3. according to the method for claim 1, it is characterized in that the described step of forbidding comprises:
    The data that filtration is communicated by letter between described first port and described second port.
  4. 4. according to the method for claim 3, it is characterized in that the described step of forbidding comprises:
    Come filtering data according in following at least one: (a) be used for parent (parental) or other stops the Content Ratings of control, (b) be used for advertisement and " promotional component (push-content) " predetermined user preference as target, (c) firewall filtering, (d) identity of source or target and (e) data search function.
  5. 5. according to the method for claim 3, it is characterized in that the described step of forbidding comprises:
    Come filtering data according in following at least one: (a) IP address, (b) protocol type, (c) data identifier, (d) source or destination identifier.
  6. 6. according to the method for claim 3, it is characterized in that the described step of forbidding comprises:
    Configuration is used to carry out the filter of described filtration step.
  7. 7. according to the method for claim 1, it is characterized in that:
    In response to coming the described forbidden access to the Internet communication of release through the user command of checking.
  8. 8. according to the method for claim 1, it is characterized in that the described step of forbidding comprises:
    The communication of all data of prevention between described first port and described second port.
  9. 9. according to the method for claim 1, it is characterized in that:
    Described more than first communications protocol layers comprises each DOCSIS compatible layer, comprising at least two in following: (a) QAM layer, (b) MPEG (motion picture expert group) transmission protocol layer, (c) MAC (medium access control) layer, (d) ethernet layer and (e) IP layer.
  10. 10. according to the method for claim 1, it is characterized in that:
    Described bi-directional communication device is at least one in following: (a) modulator-demodulator, (b) telephone set and (c) treatment facility; With
    Step that described maintenance is communicated by letter with remote equipment is supported at least one in following: (i) cryptographic processing and (ii) from the described bi-directional device of remote source poll.
  11. 11. the method according to claim 1 is characterized in that:
    Described verification step comprises that below utilizing at least one verify the authority of described user command: (a) password, (b) user ID, (c) PIN (personal identity number), (d) security code, (e) fetcher code and (f) physical key.
  12. 12. be used for utilizing a plurality of communications protocol layers by carrying out the equipment of two-way communication on first communication link of first port, a kind of method that is used to prevent access to the Internet is characterized in that following step:
    The authority of checking user command;
    In response to described user instruction, use first communications protocol layers of described a plurality of protocol layers and forbid access to the Internet communication through checking;
    In the described communication period of forbidding on described first protocol layer, on the different second communication protocol layer of described a plurality of communications protocol layers, keep and the communicating by letter of remote equipment.
  13. 13. the method according to claim 12 is characterized in that:
    Described more than first communications protocol layers comprises each DOCSIS compatible layer, and the described step of forbidding comprises:
    Forbid in following communication at least one: (a) physical layer, (b) MPEG (motion picture expert group) transmission protocol layer, (c) MAC (medium access control) layer, (d) ethernet layer and (e) IP layer.
  14. 14. the method according to claim 12 is characterized in that the following step:
    In response to the described forbidden access to the Internet communication of separating through the user command of checking on first communications protocol layers that is locked in described a plurality of protocol layers.
  15. 15., it is characterized in that the described step of forbidding comprises according to the method for claim 12:
    Come filtering data according in following at least one: (a) be used for parent or other stops the Content Ratings of control, (b) be used for identity and (c) the data search function as predetermined user preference, (c) firewall filtering, (d) source or the target of target advertisement and " promotional component (push-content) ".
  16. 16. the method according to claim 12 is characterized in that:
    Described bi-directional communication device is at least one in following: (a) modulator-demodulator, (b) telephone set and (c) treatment facility;
    Step that described maintenance is communicated by letter with remote equipment is supported at least one in following: (i) cryptographic processing and (ii) from the described bi-directional device of remote source poll.
  17. 17. the method according to claim 12 is characterized in that:
    Described verification step comprises that below utilizing at least one verify the authority of described user command: (a) password, (b) user ID, (c) PIN (personal identity number), (d) security code, (e) fetcher code and (f) physical key.
  18. 18. be used for utilizing more than first communications protocol layers by first communication link of first port on and utilize more than second communications protocol layers by carrying out the equipment of two-way communication on second link of second port, a kind of method that is used to prevent access to the Internet is characterized in that the following step:
    The authority of checking user command;
    In response to described user instruction, separate and be locked in forbidden bridge communications between described first port and described second port through checking;
    During forbidding described bridge communications, utilizing described more than first communications protocol layers to keep on by described first communication link of described first port and the communicating by letter of remote equipment.
  19. 19. the method according to claim 18 is characterized in that the following step:
    In response to user command, separate the described forbidden access to the Internet communication on first communications protocol layers that is locked in a plurality of protocol layers through checking.
  20. 20. the method according to claim 18 is characterized in that:
    Keep described communication to support at least one in following: (i) cryptographic processing and (ii) from the described bi-directional device of remote source poll.
  21. 21. the method according to claim 20 is characterized in that:
    Described cryptographic processing comprises following at least one: (i) make the password input can remove described forbidding, so that allow the access to the Internet on described first communications protocol layers, (ii) make it possible to change password by remote source.
  22. 22. the method according to claim 20 is characterized in that:
    Described poll comprises by remote source inquires described intercommunication system, to determine the state of described intercommunication system.
CN00814293A 1999-10-15 2000-10-13 Secure internet compatible bi-directional communication system and user interface Pending CN1379945A (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US15978899P 1999-10-15 1999-10-15
US60/159,788 1999-10-15
US56753000A 2000-05-09 2000-05-09
US09/567,530 2000-05-09

Publications (1)

Publication Number Publication Date
CN1379945A true CN1379945A (en) 2002-11-13

Family

ID=26856297

Family Applications (1)

Application Number Title Priority Date Filing Date
CN00814293A Pending CN1379945A (en) 1999-10-15 2000-10-13 Secure internet compatible bi-directional communication system and user interface

Country Status (8)

Country Link
EP (1) EP1222765A2 (en)
JP (1) JP2003512763A (en)
KR (1) KR20020047222A (en)
CN (1) CN1379945A (en)
AU (1) AU1332701A (en)
BR (1) BR0014773A (en)
MX (1) MXPA02003709A (en)
WO (1) WO2001030009A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1509032B (en) * 2002-12-16 2011-12-21 微软公司 Detection for dynamic wide-area network port

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8291457B2 (en) 2001-05-24 2012-10-16 Vixs Systems, Inc. Channel selection in a multimedia system
US7617515B1 (en) 2001-05-24 2009-11-10 Vixs Systems, Inc. Method and apparatus for managing resources in a multimedia system
CN100379289C (en) * 2001-05-24 2008-04-02 Vixs系统公司 Method and apparatus for managing resources and multiplexing a plurality of channels in a multimedia system
US20090031419A1 (en) 2001-05-24 2009-01-29 Indra Laksono Multimedia system and server and methods for use therewith
CN102695029A (en) * 2012-05-11 2012-09-26 易程(苏州)智能系统有限公司 Video signal remote transmission system
JP6111067B2 (en) * 2012-12-28 2017-04-05 株式会社エヌ・ティ・ティ・データ COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL METHOD, AND PROGRAM
US9811839B2 (en) 2014-04-30 2017-11-07 Sap Se Multiple CRM loyalty interface framework

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5835727A (en) * 1996-12-09 1998-11-10 Sun Microsystems, Inc. Method and apparatus for controlling access to services within a computer network
EP2346242A1 (en) * 1997-07-21 2011-07-20 Gemstar Development Corporation Systems and methods for program recommendation

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1509032B (en) * 2002-12-16 2011-12-21 微软公司 Detection for dynamic wide-area network port

Also Published As

Publication number Publication date
JP2003512763A (en) 2003-04-02
WO2001030009A3 (en) 2002-01-03
WO2001030009A2 (en) 2001-04-26
BR0014773A (en) 2002-06-11
MXPA02003709A (en) 2002-08-30
KR20020047222A (en) 2002-06-21
EP1222765A2 (en) 2002-07-17
AU1332701A (en) 2001-04-30

Similar Documents

Publication Publication Date Title
US7574494B1 (en) User interface for a bi-directional communication system
CN1197000C (en) User interface for bi-directional communication system
US11582057B2 (en) Multi-services gateway device at user premises
US10389853B2 (en) Apparatus and methods for content distribution to packet-enabled devices via a network bridge
CN1197323C (en) Application operation in bi-directional communication system compatible with internet
JP5714106B2 (en) Apparatus and method for content management and account linking via multiple content distribution networks
CN1379946A (en) System for processing internet domain names and addresses
CN101902623B (en) Method and device for transmitting network video service
CN1379945A (en) Secure internet compatible bi-directional communication system and user interface
KR100872228B1 (en) Method for providing set top box with ip address using dhcp server in iptv network, method for providing harmful web page blocking service

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication