CN1379945A - Secure internet compatible bi-directional communication system and user interface - Google Patents
Secure internet compatible bi-directional communication system and user interface Download PDFInfo
- Publication number
- CN1379945A CN1379945A CN00814293A CN00814293A CN1379945A CN 1379945 A CN1379945 A CN 1379945A CN 00814293 A CN00814293 A CN 00814293A CN 00814293 A CN00814293 A CN 00814293A CN 1379945 A CN1379945 A CN 1379945A
- Authority
- CN
- China
- Prior art keywords
- communication
- port
- internet
- data
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/22—Arrangements for preventing the taking of data from a data transmission channel without authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2801—Broadband local area networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0806—Configuration setting for initial configuration or provisioning, e.g. plug-and-play
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/082—Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/22—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/75—Indicating network or usage conditions on the user display
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/437—Interfacing the upstream path of the transmission network, e.g. for transmitting client requests to a VOD server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4622—Retrieving content or additional data from different sources, e.g. from a broadcast channel and the Internet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/47—End-user applications
- H04N21/475—End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data
- H04N21/4751—End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data for defining user accounts, e.g. accounts for children
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/47—End-user applications
- H04N21/478—Supplemental services, e.g. displaying phone caller identification, shopping application
- H04N21/4782—Web browsing, e.g. WebTV
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Human Computer Interaction (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Child & Adolescent Psychology (AREA)
- General Health & Medical Sciences (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Communication Control (AREA)
Abstract
A system including a modem prevents unauthorized Internet access by validating authorization of a User command and inhibiting (425, 430) Internet access by limiting bridging communication between a first port and a second port in response to the validated (410, 415) User command. The system maintains communication with a remote device on a first link via a first port using a plurality of communication protocol layers during a period in which bridging communication is inhibited. The system also prevents Internet access by inhibiting (425, 430) Internet access on a first communication protocole layer of a plurality of protocole layers. The system maintains communication with a remote device on a different second communication protocol layer of the plurality of protocol layers during a period in which communication on the first protocol layer is inhibited.
Description
The present invention relates to a kind of being suitable for such as system and user interface in the mutual two-way communication of cable modem, computer, TV, VCR (video cassette recorder), set-top box or relevant ancillary equipment.
Home entertainment system more and more trends towards comprising personal computer and TV functions (PC/TV function), wherein comprises communicating by letter of multiple source (source) and a plurality of targets.A kind of system like this can receive data from satellite or source, ground, comprises high definition TV (HDTV) broadcasting, multiple spot microwave distribution system (MMDS) broadcasting and digital video broadcasting (DVB).A system so also can utilize cable modem or provide high-speed Internet to insert by the telephone wire link that utilizes the compatible modulator-demodulator of ADSL for example or ISDN (asynchronous digital subscriber line or integrated services network) by broadcasting link or coaxial link (as wired tv line).Home entertainment system also can with player, PC, the local source of set-top box and the sources traffic of many other types such as Digital video disc (DVD), CDROM, VHS and digital VHS (DVHSTM) type.
For the home entertainment system of the two-way communication of the compatible with internet of the modulator-demodulator of supporting to utilize cable or other types desired be fail safe and the flexibility that operation can be provided.Specifically, expectation provides a kind of safe user interface, and it prevents that unwarranted internet from inserting and supporting complicated user interactions task and the simple command that is suitable for public purpose interface is provided simultaneously.Further expectation is provided at configuration home entertaining communication function and distributes internet domain name (as the customer flexibility of aspect of resource locator-URL), so that the element and the peripheral components of management and visit home entertainment system and support the internet to use.Such application can comprise such equipment, this equipment comprises video receiver, voice receiver, VCR, DVD, PC, printer, scanner, photocopier, phone, facsimile machine and household electrical appliance, and they can be separately or for example use in (or other) in-house network of family.These problems and the problem of deriving are by handling according to system of the present invention.
The system that comprises modulator-demodulator produces webpage as user interface in this locality, make the user can lock modulator-demodulator and prevent unwarranted access to the Internet.Use a plurality of protocol layers in the communication of this modulator-demodulator (such as the bi-directional communication device of the modulator-demodulator of cable modem ADSL or other types) on communication link.This system by the checking user command authority and forbid that access to the Internet prevents access to the Internet, forbid that wherein access to the Internet is by limiting bridge communications between first and second ports in response to the user command through checking.System utilizes a plurality of communications protocol layers to communicate by letter with the remote equipment maintenance on first link by first port during forbidding bridge communications.
In another feature, system is by forbidding that access to the Internet prevents access to the Internet on first communications protocol layers of a plurality of protocol layers.System keeps communicating by letter with remote equipment on the different second communication protocol layer of a plurality of communications protocol layers in the communication period of forbidding on first protocol layer.
The accompanying drawing summary
In the accompanying drawings:
Fig. 1 shows according to cable modem system of the present invention.
Fig. 2 shows the functional description according to the cable modem of the present invention in the network environment with a plurality of PC and cable television system front end (head-end).
Fig. 3 shows the flow chart that is used for domain name is converted to the method for corresponding internet web page address according to of the present invention.
Fig. 4 shows according to of the present invention and is used to forbid conciliate the flow chart of Lock Lee with the method for the access to the Internet of cable modem.
Fig. 5 to 8 shows according to the webpage that cable modem produced by Fig. 1 of the present invention, has described the example of the user interface menu that the locking and unlocking access to the Internet is provided.
Fig. 9 to 11 shows according to the user interface menu that cable modem produced by Fig. 1 of the present invention, illustration be used for the password and user ID (userid) clauses and subclauses of managing internet visit.
Figure 12 and 13 shows according to the webpage that cable modem produced by Fig. 1 of the present invention.
Fig. 1 shows cable modem system, the ability of its Internet traffic function by this modulator-demodulator of the locking and unlocking is provided to the user and advantageously prevent unwarranted access to the Internet.This cable modem system comprises that also a domain name spies upon (Snoop) server (DNSS), is used for advantageously intercepting the domain name mapping request and is used for domain name is converted to corresponding compatible with internet web page address.In order to support these and other characteristics, this modulator-demodulator advantageously produces a graphical user interface based on webpage, is used for being shown to the user on the PC of the browser application that adopts various criterion.These modulator-demodulator characteristics are at the problem about the customer flexibility that prevents unwarranted access to the Internet and provide in distributing internet domain name, so that utilize the element and the ancillary equipment of internal network system of the simple command interface management that is suitable for public purpose and visit family (or other).
The illustrated embodiment of the system 12 of Fig. 1 is supported in long-range Headend and is that this multi-layer protocol form of multi-layer protocol form comprises a QAM (quadrature amplitude modulation) or QPSK (quadriphase PSK) physical layer with respect to cable modem for cable modem bridge communications system 12 and the two-way communication between the Headend between the Local Area Network equipment of local PC for example.This physical layer transmits MPEG2 (motion picture expert group) transmission protocol data, and these data transmit DOCSISMAC (medium access control) Frame.The MAC data transmit ethernet data frame or MAC management data and Ethernet data and then transmit the IP layer data.Cable modem also uses the time-division multiplex communication of the return data in the Ethernet protocol to remain to the communication path that returns of Headend.
Comprise that from what Headend was transferred to cable modem physical layer data is processed and be converted to Ethernet or USB form, be used for communicating by letter with the lan device that is connected corresponding Ethernet or USB port.Cable modem and lan device keep two-way communication and also with corresponding Ethernet and usb protocol from these equipment receiving datas.Two-way communication between the equipment of system 12 and Ethernet compatibility or USB compatibility (being connected the port 72 and 82 of system 12) comprise with Headend and system 12 between the multi-layer protocol form of the similar type of communicating by letter.This multi-layer protocol form can comprise Ethernet/USB frame, HTTP (HTTP) and TCP/IP (transmission control protocol/Internet Protocol) data and other agreement, and application that is provided is provided for this.
Cable modem described herein uses the mpeg compatible agreement, and is consistent with MPEG2 image encoding standard, is called as " mpeg standard ".This standard comprises a system coding part (ISO/IEC13818-1, on June 10th, 1994) and a video coding part (ISO/IEC 13818-2, January 20 nineteen ninety-five).Internet TCP/IP described herein (transmission control protocol/Internet Protocol) and Ethernet compatible protocol provide the compatibility with the requirement of the elementary requirement of MCNS (MCNS) in March, 1998 International Telecommunication Union approval and that stipulate and DOCSIS 1.0 (by the data standard 1.0 of cable services interface) among RFC2669 (consulting on file 2669).And the discussion that the domain name is here handled is included in written domain name mapping step in the RFC 1591 in March, 1994 and RFC in February in 1996 1918 and the alternative document.The RFC file can obtain by the internet, and working group provides by Internet Standard.
Principle of the present invention can be applied to any intercommunication system and be not limited to the modulator-demodulator of cable, ADSL, ISDN or traditional type.And, though the system that is announced is described to handle web data for showing that this only is schematic.Term " webpage " is interpreted as any type of data that can be communicated by letter from internet source by Internet Protocol (IP) of representative by general solution, and comprise any type of packet packing (packaged) data, comprising for example video flowing or voice data, telephone message, computer program, Email or other communication.
The cable modem of Fig. 1 (system 12) is communicated by letter with Headend by two-way broadband high speed RF (radio frequency) link on the circuit 10 that generally comprises coaxial cable or hybrid fiber/coaxial (HFC).This modem system 12 carries out two-way communication by Local Area Network and the equipment that is positioned at user side.Typical user side local area network (LAN) comprises the Digital/Intel/Xerox Ethernet compatible network that connects by connector 72.USB (USB) the compatible network communication of other user side equipments by connecting via connector 82.Be connected subscriber equipment on Ethernet and the USB network and for example can comprise equipment such as personal computer (PC), the network printer, video receiver, voice receiver, VCR, DVD, scanner, photocopier, phone, facsimile machine and household electrical appliance.
In operation, the duplexer 20 of the cable modem system 12 of Fig. 1 will by descending (downstream) communication (sending to modulator-demodulator 12) that cable 10 transmits from Headend communicate by letter with up (upstream) (from the front end transmission of modulator-demodulator 12) to cable TV be separated.Duplexer 20 separates upstream data with the different frequency scope that downlink data (being generally 92-855MHz) uses respectively according to upstream data (being generally 5-42MHz) with downlink data.The element of the cable modem 12 of controller 60 allocation plans 1 to be being received on the cable 10 from the MPEG2 of wired television headend transmission data, and the form that these data is converted to Ethernet or USB compatibility is with respectively by port 72 and 82 outputs.Similarly, the element of the cable modem 12 of controller 60 allocation plans 1 to be receiving the data of Ethernets or USB compatibility from port 72 and 82, and with the conversion of MPEG2 transmission protocol data with on cable 10, be transferred to the front end of cable TV.Controller 60 comes the element of configuration-system 12 by the numerical value that utilizes bi-directional data and control signal bus that the control register in these elements is set.Specifically, controller 60 configuration tuners 15, sawtooth waveforms filter (saw filter) 25, differential amplifier 30 and MCNS (MCNS) interface device 35 are to receive the formative signal of DOCSIS on the RF channel frequency of identification formerly.The formative signal of this DOCSIS comprises the MPEG2 transmission format protocol of Frame that transmission package is drawn together the Ethernet compatibility of IP data content.
With in service normally, the RF carrier wave is utilized 64 or 256 QAM (quadrature amplitude modulation) and modulates with the MPEG2 transmission protocol data after initialization.This MPEG2 transmits data packets is drawn together the ethernet format data, and the ethernet format data comprise the IP data of HTML (HTML) webpage of representing the request of user for example.These MPEG transmission data offer tuner 15 by duplexer 20.Tuner 15 will be low-frequency band from the input signal downward conversion of duplexer 20, this low-frequency band by 25 filtering of sawtooth waveforms filter to promote the Signal Spacing with adjacent RF channel.Moved and cushion so that a signal with MCNS interface processor 35 compatibilities to be provided by differential amplifier 30 level from the filtering signal of unit 25.Downward conversion, level move and from the signal of amplifier 30 by 35 demodulation of MCNS processor.This demodulated data further in processor 35 by trellis decode, be mapped as row formula byte data segment, deinterleave (deinterleave) and Reed-Solomon (Reed-Solomon) error correction.Trellis decode, deinterleave and the Reed-Solomon error correction is known function, for example at " digital communication " (the Bostonian Kluwer of Massachusetts, United States academic press-Kluwer Academic Press in 1988 of list of references Lee and Messerschmidt, Boston, MA, USA, 1988) obtain in describing.Processor 35 further is converted to the ethernet data frame that offers processor 60 with the data of MPEG2 form.
In a similar fashion, the IP data (transmitting in ethernet data frame) of controller 60 conversions and filtering from processor 35 are so that export with the USB form by port 82.Usb data was cushioned by transceiver 75 before the lan device that outputs to the USB compatibility that is connected to port 82 and is suppressed 80 filtering of (EMI/ESD) filter by noise and interference.
In a similar fashion, modem system 12 also passes through USB port 82 from attached equipment uplink communication data.In exemplary a kind of implementation, the controller 60 of system 12 receives the data of Ethernet compatibility from transceiver 75, and provides it to processor 35, is used for carrying out uplink communication in previous described mode.For this reason, transceiver 75 receives the Ethernet data that is encapsulated in the USB frame by filter 80 from port 82, and removes the USB frame data to provide the ethernet format data to controller 60.
Fig. 2 shows the functional description of the cable modem of the Fig. 1 in the network environment that comprises a multiple pc and a Headend.Combine with other element of the described system 12 of Fig. 1 by controller 60 (Fig. 1) and carry out in the function element of the Fig. 2 shown in the system 12.In Fig. 2, cable modem 12 be provided at front end cable service provider 240 and with local area network (LAN) that PC 220 and 265 links to each other between two-way bridge communications.In system 12, be provided at two-way bridge communications between the different input and output agreements by interface and protocol conversion function 225 and 235.The two-way communication path that provides by unit 225 and 235 is supported in the protocol conversion in the multi-layer protocol structure.As the description that the front combines with Fig. 1, protocol layer comprises MPEG2, Ethernet and ip protocol layer and usb protocol layer and the QAM or the QPSK modulation physical layer of layering.In addition, TCP/IP stack 260 bufferings are used for the request and the response message data of web page generator, server and management function 255 and SNMP (Simple Network Management Protocol) communication function 245.And SNMP communication function 245 and management of webpage function 255 use modem data storehouse 250 to come response command.
Web page generator function 255 produces mutual html web page, anticipates as shown in the Figure 12 and 13 that discusses as the back.The webpage that is produced comprises a graphical user interface, makes the technical staff can easily carry out the diagnostic test on system 12 and relevant network.Function 255 produces html web pages, is used for for example showing on attached user's PC 220, make the technical staff can be directly PC by the user determine fault and state.The webpage that is produced also can be by remote access after the far-end PC that uses SNMP or another agreement is carried out password and user ID mandate.The ability of the Internet traffic function by the locking and unlocking modulator-demodulator is provided to the user, the webpage that is produced makes authorized users can prevent unwarranted access to the Internet.The webpage that is produced also provides user interface, makes it possible to watch and/or update system parameter and the data that received, as security warning, special event (sales promotion etc.), Internet traffic statistics with overflow or underflow condition and transfer of data statistics.Webpage also provides diagnosis, makes out the bill, state, internal configurations and other information, and makes modem configuration to change.In another embodiment, the function of being carried out by the webpage that produces described herein may be included in the Web browser webpage.
The webpage that is produced by function 255 also provides an interface, makes the user to distribute an internet domain name to private internet (relative with public the Internet).This interface for example makes the user to distribute internet domain name to the element in family's (or other) intranet systems.For this purpose, intercepting domain name is spied upon domain name mapping request that server (DNSS) 230 supports that intercepting produces by PC 20 with in response to the user's internet webpage request by for example the browser of operation starts on PC 220.DNSS 230 is converted to corresponding private internet web page address with the domain name that is intercepted, and therefore the webpage that makes it possible to pass through to be produced distributes the private internet domain name, is used for family or other private internets or intranet systems and irrelevant with public the Internet.
Fig. 3 shows the flow chart of method that is used for domain name is converted to the web page address of corresponding compatible with internet.The controller 60 of this method by Fig. 1 (combining with other elements of the system 12 of Fig. 1 and 2) uses, and the webpage that makes it possible to pass through to be produced distributes the private internet domain name, is used for family or other private intranet systems.After step 300 beginning, at step 303 (Fig. 3), PC 220 (Fig. 2) sends a domain name mapping request to system 12 (Fig. 2), with the user's web-page requests in response to the browser that passes through to move on PC 220.PC 220 browsers provide a domain name request according to the standard the Internet analysis protocol, the standard the Internet analysis protocol is having a detailed description in obtainable RFC (consulting on) file on the internet, as some RFC files of RFC 1035,1591,1816 and front and back relevant with these files.
The internet domain name analysis request is that the name server (DNS) of IP address responds by being used for domain name mapping.By resolver request is offered the address of IP completely that one or more DNS obtain a particular machine or equipment.For example, on a Web browser, the user can key in RCA.com.It is sent to a DNS then, and this DNS can be converted into IP address 157.254.235.215.A Web browser uses this IP address to get in touch and searching web pages information with Web server.Notice that this example has greatly been simplified.In practice, by reference or recurrence handle the DNS that uses several laminated tissues, and add and comprise many other processing, comprise the processing of high-speed cache and life-span (age) factor.
PC 220 submits to system 12 with the domain name mapping request, is used to transmit domain name with the converting users input and is the source IP address of the correspondence of the webpage of being asked.In step 305, provide an intercepting dns database (unit 250 of Fig. 2) to be used in the system 12.This intercepting dns database interrelates the domain name of IP address and the in-house network equipment on local lan (private intranet), and from coming local domain name and IP address information of distributing to derive out by the user by the web-page interface that produces by system 12.Another kind of alternative is can use DHCP (DHCP) to download the intercepting dns database from the far-end the Internet locations, as the front end from cable TV.In another embodiment, can download the intercepting dns database from the Internet locations of this locality, as from local storage, perhaps this database can be pre-stored in the system 12.
In step 310, the server (DNSS) 230 (Fig. 2) of spying upon of system 12 is checked domain name mapping request message from PC 220, name-matches in domain name that is transmitted to determine whether and the database 250.In step 315, if a name-matches in domain name that is transmitted and the database 250 (Fig. 2), then system 12 (under the control of the controller 60 of Fig. 1) intercepting is from the domain name mapping request of PC 220 (Fig. 2).Under the situation that has such name-matches, system 12 forbids further domain name mapping message being communicated by letter with the public the Internet name server in step 317.In step 320, spy upon server (DNSS) 230 and combine with database 250, the domain name that is intercepted is converted to the address of an IP compatibility, and gives request source (being PC220 in this example) with the IP address to returning communication in step 323.And system 12 is kept in the database 250 in the history of step 325 with domain name and IP address transition and request, and put and compile this information in order, be used for monitoring and other purposes, comprise for example parent control, firewall filtering, perhaps be used to accumulate user preference data as consistency operation.The information that is compiled be caught to obtain to be used on the webpage that produces by unit 255 continuously or show when obtaining the user by webpage and asking.The processing of Fig. 3 finishes in step 330.
In other embodiment, execution in step 317, and system 12 also will communicate by letter to the public the Internet name server from the domain name mapping message that PC 220 receives.In this case, system 12 can receive two IP address transition in response.One from 230, one of DNSS from far-end common domain name server.The IP address that is received may be identical or inequality, therefore, produces potential address conflict and race condition.In order to prevent that the such race condition from causing problem, system 12 is programmed selects first IP address response of being received.First response that this received is generally the response from local dns S 230.Another kind of alternative is, system 12 can carry out different adjustings, and for example system 12 can be adjusted to preferential selection from the response such as the special source of far-end server.
The characteristic of the processing of intercepting name server and Fig. 3 provides means for the user, makes the user can distribute, add or change the internet domain name that uses easily and promptly in private internet, adds equipment so that for example satisfy to private internet.This makes user's webpage by for example moving neatly on standard browser, manage and change family's (or other) element of intranet systems and the configuration of ancillary equipment.The domain name that the user can advantageously manage on private internet is distributed, and domain name must not distributed and change registers to public the Internet gateway and service provider's (ISP) burden loaded down with trivial details and consuming time and do not influence public the Internet or do not bring.In addition, the user of the webpage that produced in private internet of request does not need to know the IP address of the complexity of this webpage.But the user can visit webpage by submitting local private internet domain name of distributing, and this domain name is intercepted name server and is identified as corresponding with the webpage of being asked.
The characteristic of the processing of intercepting name server and Fig. 3 also advantageously enables following each side: (a) make IP address webpage or other information sources or equipment that produced by system 12 on private internet to be dynamically allocated for safety or other purpose; (b) make it possible to distribute another name (or user customizable) domain name and IP address the DNS request that makes system 12 (or dns server) to intercept and to respond for example not address directly to it to information source; (c) make it possible to cover domain name with local alternative name of distributing.Therefore, system 12 can utilize local private internet domain name of distributing or the devices communicating on IP address and LAN or the subnet, and this private internet domain name or IP address are used for being identified in this special LAN or the equipment on the subnet.Domain name or IP address can be distributed by the webpage that is produced by unit 255.Perhaps can be by distributing to aforesaid database 250 (Fig. 2) Local or Remote data download.This has eliminated the user must be adjusted at the IP address of PC on the LAN or netmask so that necessity of the webpage that visit is for example produced by unit 255 in system 12.
Fig. 4 shows the flow chart of method of forbidding using with release the access to the Internet of cable modem.User interface is provided on the PC that is attached on the Internet ports 72.This method is used by the controller 60 of Fig. 1 (combining with other elements of the system 12 of Fig. 1 and 2), so that modulator-demodulator can prevent unwarranted access to the Internet by safety locking.This has guaranteed that unwarranted user (as children) does not have access right to the unwatched network equipment.It also provides the assurance that his/her PC can not be accessed when modulator-demodulator is blocked to the user.
In the step 405 of Fig. 4, after step 400 beginning, the communication bridging capability of cable modem 12 is enabled.As previously mentioned, this bridging capability makes can be on cable 10 being connected with the RF network such as the internet equipment of PC of port 72 of the system 12 be connected to Fig. 1 be used for communicating by letter, as defined in the DOCSIS standard.Docsis specification provide a modulator-demodulator should be when connecting consistently with Cable Modem Terminal System (CMTS) directed (promptly keeping two-way communication).Therefore, in order to remove the connection of internet, the consumer need physically disconnect modulator-demodulator from the RF network, needs to disconnect the power supply of modulator-demodulator exactly.This method and system in conjunction with Fig. 4 explanation provides a locking mechanism, makes modulator-demodulator lose bridging capability by hardware (being lock ﹠ key) or software (being username and password).This feasible consumer's who is connected with modulator-demodulator the network equipment and the shielding of PERCOM peripheral communication amount, and prevent that also unwarranted user is by the modem access internet.
The user's of the locking of startup modulator-demodulator authority is verified in the step 410 and 415 of Fig. 4.Specifically, user ID and the password in step 410 input utilizes menu illustrated in Figure 9 to be verified in step 415.This menu that uses during Fig. 4 handles and other menus are gone up at the PC that is attached to port 72 (Fig. 1) and are shown.The input of bad password and user ID causes step 410 and 415 to use the bad password processing menu of Figure 11 to be repeated to attempt several times, up to controller 60 (Fig. 1) statement good authentication or failure.
The password of modulator-demodulator uses the change password menu of Figure 10 signal to change.Icon 505 and 605 in the webpage that this menu can be produced by the signal modulator-demodulator of Fig. 5 and Fig. 6 calls respectively.The password of Figure 10 changes the menu prompt user and imports original code and twice new password (as the affirmation of new password).Typical password can be any combination of for example maximum 10 letters, numeral and non-alphabetic characters.The menu of Figure 10 or similarly menu can be used for initial setting up password when modulator-demodulator 12 is initialized.Another kind of alternative is, also can use a software configuration, and a MIB (management information bank comprises the software steps that can carry out telemanagement) makes that when losing password password is resetted by front end.Can use the password default (as " letmeout ") that in user's manual, provides in detail to call the step that allows the front end reseting cipher.In a such system, a special-purpose MIB who enables in modulator-demodulator allows from a management work station of the front-end operations of cable TV or the password that under the situation of losing or forgetting Password password is resetted back and gives tacit consent to by the network operation center that the ISP controls.For this purpose, snmp management device of front end or network operation center order MIB reset user's password or user ID or this both.In order to call this step, take on the telephone in user and cable operator or network operation center, and the password that acquiescence is provided asks to reset at the password in his modulator-demodulator as authority.Another kind of mode is, suppose that modulator-demodulator 12 is not under the mode of locking, and the bridge communications that modulator-demodulator 12 allows between the front end of attached PC and cable TV, then password default can come reseting cipher directly to call based on the step of MIB by modulator-demodulator 12 front end of communicating by letter.
After the good authentication in step 415, the user asks display web page in step 420.The webpage of being asked is as user interface, allows the Subscriber Locked modulator-demodulator and forbids that access to the Internet communicates by letter.In step 425, the locking and unlocking that the user communicates by letter with 700 access to the Internet that start modulator-demodulator by the icon 500 of the webpage among Fig. 5 and 7 respectively.Another kind of alternative is, the user starts the locking and unlocking that access to the Internet are communicated by letter by the check box 600 of Fig. 6 and 8 webpage with 800 respectively.In step 425, the locking and unlocking of the icon 500 of the webpage of user by Fig. 5 or check box (for example as shown in the icon 800 of the webpage of Fig. 8) startup modulator-demodulator.In other embodiments, can utilize and start with those different user interface menu described in Fig. 5-12 and webpage or forbid described function.
In step 430, modulator-demodulator 12 access to the Internet communication is disabled, and the webpage that shows the state of indicating this forbidding in the icon 500 and 800 modes of being illustrated of Fig. 5 and 8 respectively.Modulator-demodulator 12 is by advantageously forbidding forbidding access to the Internet at the front end of cable TV with the bridge communications of IP data between the lan device that port 72 and 82 is connected.Under the condition of locking, the trial of going up the access the Internet that produces by Web browser at customer equipment (as the PC 220 of Fig. 2) is restricted in the visit of the content of the buffer memory of PC own or to the visit by the modulator-demodulator 12 inner webpages that produce.When modulator-demodulator is blocked, there is not the traffic to pass through to the RF of network side, forward end and public the Internet from client's home network or PC (and private internet).The bridging functionality of modulator-demodulator is disabled.
Under the condition of this locking, modulator-demodulator 12 maintenances are communicated by letter with the multi-layer protocol of the front end of cable TV, to support the DOCSIS standard orientation to handle and to support the SNMP (Simple Network Management Protocol of definition in RFC file 1157) to the database in modulator-demodulator 12 (unit 250 of Fig. 2) to visit.The frontal startup by cable TV is handled in beam communication, obtains explanation in DOCSIS radio frequency interface standard.Beam communication message is included in the regular directed maintain message that transmits on MAC (medium access control) layer of OSI (open system interconnection) network model.Database communication comprises SNMP, and the IP that this SNMP is included in the session layer of osi model goes up the User Datagram Protoco (UDP) (UDP) of operation.Under the mode of locking, modulator-demodulator 12 also keeps communicating by letter with the multi-layer protocol of PC (as be attached at Fig. 2 of the Internet ports PC 220), so that user interface based on webpage (as in meaning as shown in Fig. 5-8) to be provided, allow user's release and lock modulator-demodulator more as requested.
Modulator-demodulator 12 forbids advantageously that by using filtering mechanism the bridge communications of the IP data between the front end of cable TV and appended lan device forbids access to the Internet.In this embodiment, the two-way communication of IP layer data is under an embargo.Yet, in other embodiments, can use filtering mechanism to come in one or more particular protocol layers between the front end of cable TV and appended lan device to forbid the communication in other protocol layers simultaneously by data.And, use bidirectional filtering to allow to pass through in one direction the particular protocol layer, as from the front end to the lan device, from the lan device to the front end, pass through one or more different layers simultaneously.A kind of alternative is to forbid all bridge communications.Filter may be implemented as configurable filter, and be used for according to following listed one or more come bi-directional filtered at cable TV front end and the data between the appended lan device: (a) content, (b) protocol type and (c) data source or destination.Information filtering can realize according to the project that metadata or other guide or content are derived, and is used for multiple specific purposes, comprises described those purposes in conjunction with Fig. 1.
Filter can be realized in the similar mode of docsis cable equipment MIB with appointment in RFC file 2669, RFC file 2669 has defined docsdevFilterIPDirection object and docsDevFilterIpDaddr object, and perhaps filter can utilize other filtering mechanism to realize.The main filter that uses these two kinds of objects can be used to limit Web browser (as on the PC 220 of Fig. 2) from the user to front end also further to all traffics of internet or the traffic of selection.In the initialization of locking, the modulator-demodulator filtering data traffic is to limit all offered traffics of the browser (as in PC 220) that carries the destination address that mates with gateway ip address (corresponding to the IP address of the Cable Modem Terminal System in front end).In addition, according to docsdevFilterIPDirection object and docsDevFilterIpProtocol object (or according to another mechanism), a such filter can be configured to limit the agreement of any selection or the content of selection is passed through modulator-demodulator in any direction.This guarantees that user can stop the visit to the internet, and guarantees to stop and (pass through front end) from the internet to the visit of user PC to strengthen fail safe.
In another embodiment, step 430 at Fig. 4, modulator-demodulator 12 prevents unwarranted access to the Internet by forbidding at the ethernet communication protocol layer to the communication of the front end of cable TV and remain on the communication to the front end of cable TV on the MAC protocol layer simultaneously.The management information of directional operation and other modulator-demodulators and Network Management Function is supported in the transmission of MAC protocol layer.And, modulator-demodulator 12 keeps communicating by letter with the multi-layer protocol of the PC PC220 of Fig. 2 of the ethernet port of modulator-demodulator 12 (as be attached at) simultaneously, so that the user interface based on webpage (as Fig. 5-8 signal) to be provided, make user's release and lock modulator-demodulator more as requested.
In step 430, continue the processing of Fig. 4 and after the locking modulator-demodulator, any as trial by unwarranted user's roaming network in step 445 is prevented from, and cause in step 450 Fig. 4 this handle the termination of branch.In addition, in step 440,455 and 460, modulator-demodulator can be by the user's release through authorizing.In this case, password prompt menu (as the menu of Fig. 9) is shown, with will be in the trial of step 440 release modulator-demodulator in response to the user.The user can attempt coming the release modulator-demodulator by the release button 700 of the webpage that for example starts Fig. 7 or " access to netwoks " check box of choosing Fig. 8.After step 455 input password, in step 460, when having verified correct password, modulator-demodulator is unlocked to be supported in the bridge communications in the step 470 and to provide access to the Internet to the user.In step 475, this branch process of Fig. 4 finishes.In step 460, when bad password of identification, the user is by menu illustrated in Figure 11 password useless in the notified input of step 465.By this menu, in step 465, the user can cancel trial release modulator-demodulator from password authentification or the user that step 440 begins by retry.Attempt if cancel its release step 465 user, then handle and return step 430 and produce a webpage.
In other embodiments, can otherwise carry out, provide access to the Internet with locking or release modulator-demodulator, and do not need to comprise the input of password or user ID subscriber authorisation.Can provide an access card mechanism to modulator-demodulator 12, to be used for coming verifying authorization according to digital signature for example or other mandates or rights data.Similarly, modulator-demodulator 12 can be in response to the authority of determining the user such as the different access means of physics or electronic key.
Figure 12 and 13 shows the webpage that cable modem produced by Fig. 1.These webpages make that advantageously for example the technical staff can determine and adjust concrete internal modems configuration.These webpages are supported interactive functions, and comprising following one or multinomial: (a) setup of modulator-demodulator 12, and (b) request display system parameter (c) is selected make out the bill option and (d) distribute IP address of a business.This webpage uses and before combines those similar cryptoguard visits that prevent that unwarranted access to the Internet from describing.As a result, even unwarranted user has found the URL address of a special web page, but it is by cryptoguard.Therefore this webpage also shows concrete diagnostic message to the technical staff, has removed the technical staff from and has depended on LED indication and special-purpose diagnostic device can visit internal state (as the 910-920 item of Figure 13) and the needs of configuration are set.In addition, use such webpage to make the technical staff can use user's PC to visit and setup of modulator-demodulator 12 (Fig. 1), removed the cost that PC or portable computer for example are provided to the technical staff from.The technical staff can be provided with Return Channel power level for example (Figure 12 the 913rd).Obtainable information comprises the specifying information about the customer network configuration on webpage.Specifically, it comprises the MAC Address (Figure 13 the 900th and 902) of quantity, ethernet speed (100Mb or 10Mb) and the modulator-demodulator 12 of the PC that for example links to each other with network.In an identical manner, shown webpage can be indicated other address information, as: (a) webpage IP address, (b) file transfer protocol (FTP) (FTP) address and (c) e-mail address.This webpage also provides other customer network informations, is included in the traffic and the details about conflicting on the network.This has advantageously eliminated the diagnostic device of customization or the demand of software.
Modulator-demodulator 12 also produces at the user is ready the browser alert box of some network event of being apprised of.And browser can show special HTML information during the search and webpage data.During this period, modulator-demodulator 12 sends the information of event on the related network to the user.These incidents comprise about warning, the lan network traffic of the unwarranted visit of user's lan network being overflowed and passed through the transfer of data quantity of modulator-demodulator 12.Modulator-demodulator 12 also makes the cable the Internet service provider to come the transmission of restricting data by setting up limit, and the user also can see institute's data quantity transmitted.Alert box also makes the user can check the statistics for the visit of specific type, comprises Webpage search, DNS request, FTP (file transfer protocol (FTP)) file transfer, email message, or the like.In other embodiments, these incidents are not limited to show in the alert box of browser with relevant information, but can obtain on the webpage that is produced in response to the information retrieval requests that the user who needs is arranged by modulator-demodulator 12.The front can show in the zone in for example Figure 12 and 13 905 and 907 in conjunction with Figure 12 and 13 described information projects, perhaps can provide with another kind of display format.
And, can be used to periphery (the local connection) equipment input and distribution domain name or IP address in Figure 12 and 13 order line (the 911st) to modulator-demodulator 12.The domain name that order line 911 also can be used to be imported is associated with corresponding IP address (vice versa), comprising the renewal of the database in the modulator-demodulator 12.Ancillary equipment can comprise: (a) at equipment on the in-house network with (b) at equipment on the local network and (c) equipment on private internet.Similarly, order line 911 provides the data line of input, makes the user can import data and is used for configuration at the data traffic filter of modulator-demodulator 12.A traffic filter like this can be used to come filtering data according to following: the Content Ratings that (a) is used for parent or other prevention (blocking) control, (b) be used for advertisement and " promotional component (push-content) " predetermined user preference as target, (c) firewall filtering, (d) identity of source or target and (e) data search function.Another kind of mode is, Figure 12 and 13 webpage can use the menu that is presented in the zone 905 and 907 for example, it support clearly domain name and corresponding IP address input, distribute and be associated.Similarly, the concrete menu that occurs in zone 905 and 907 also can be used to startup, forbidding and configuration data traffic filter.
Modulator-demodulator 12 also serves as the browser agent server, is used for the webpage roaming.This has improved the speed of browser roaming network, if particularly when existing a more than browser movable simultaneously (a more than PC is arranged on the lan network the client).Modulator-demodulator 12 extracts the webpage of the high-speed cache relevant with the current webpage of watching of user with forwarding in advance.This has improved the internet roam speed by eliminating the delay that is caused by far-end website or the Internet infrastructure.In addition, in conjunction with the described inner filter of Fig. 4, modulator-demodulator 12 is used as fire compartment wall by the configuration front, is used to get rid of destruction and the traffic that can not adopt, exempts from the outside with the network system of protecting the user in family or commercial affairs and invades and destroy.
The structure of the system of Fig. 1 and 2 is not an exclusiveness.Can derive other structure to reach identical purpose according to principle of the present invention.And the treatment step of the element of the modulator-demodulator 12 of Fig. 1 and 2 and function and Fig. 3 and 4 can be with all or part of realization the in the instruction of the programming of controller 60.In addition, principle of the present invention may be used on any multi-layer protocol intercommunication system and is not limited to the modulator-demodulator of DOCSIS compatibility or the modulator-demodulator of other any kind.
Claims (22)
- Be used for utilizing more than first communications protocol layers by first communication link of first port on and utilizing more than second communications protocol layers by carrying out the equipment of two-way communication on second link of second port, a kind of method that is used to prevent access to the Internet is characterized in that following step:The authority of checking user command;In response to described user instruction, forbid access to the Internet communication by the bridge communications that is limited between described first port and described second port through checking;During forbidding described bridge communications, utilizing described more than first communications protocol layers to keep on by described first communication link of described first port and the communicating by letter of remote equipment.
- 2. according to the method for claim 1, it is characterized in that the described step of forbidding comprises:Utilize the first filtering standard filter from described first port to the data of described second port communication andUtilize the second filtering standard different to filter from the data of described second port to described first port communication with the described first filtering standard.
- 3. according to the method for claim 1, it is characterized in that the described step of forbidding comprises:The data that filtration is communicated by letter between described first port and described second port.
- 4. according to the method for claim 3, it is characterized in that the described step of forbidding comprises:Come filtering data according in following at least one: (a) be used for parent (parental) or other stops the Content Ratings of control, (b) be used for advertisement and " promotional component (push-content) " predetermined user preference as target, (c) firewall filtering, (d) identity of source or target and (e) data search function.
- 5. according to the method for claim 3, it is characterized in that the described step of forbidding comprises:Come filtering data according in following at least one: (a) IP address, (b) protocol type, (c) data identifier, (d) source or destination identifier.
- 6. according to the method for claim 3, it is characterized in that the described step of forbidding comprises:Configuration is used to carry out the filter of described filtration step.
- 7. according to the method for claim 1, it is characterized in that:In response to coming the described forbidden access to the Internet communication of release through the user command of checking.
- 8. according to the method for claim 1, it is characterized in that the described step of forbidding comprises:The communication of all data of prevention between described first port and described second port.
- 9. according to the method for claim 1, it is characterized in that:Described more than first communications protocol layers comprises each DOCSIS compatible layer, comprising at least two in following: (a) QAM layer, (b) MPEG (motion picture expert group) transmission protocol layer, (c) MAC (medium access control) layer, (d) ethernet layer and (e) IP layer.
- 10. according to the method for claim 1, it is characterized in that:Described bi-directional communication device is at least one in following: (a) modulator-demodulator, (b) telephone set and (c) treatment facility; WithStep that described maintenance is communicated by letter with remote equipment is supported at least one in following: (i) cryptographic processing and (ii) from the described bi-directional device of remote source poll.
- 11. the method according to claim 1 is characterized in that:Described verification step comprises that below utilizing at least one verify the authority of described user command: (a) password, (b) user ID, (c) PIN (personal identity number), (d) security code, (e) fetcher code and (f) physical key.
- 12. be used for utilizing a plurality of communications protocol layers by carrying out the equipment of two-way communication on first communication link of first port, a kind of method that is used to prevent access to the Internet is characterized in that following step:The authority of checking user command;In response to described user instruction, use first communications protocol layers of described a plurality of protocol layers and forbid access to the Internet communication through checking;In the described communication period of forbidding on described first protocol layer, on the different second communication protocol layer of described a plurality of communications protocol layers, keep and the communicating by letter of remote equipment.
- 13. the method according to claim 12 is characterized in that:Described more than first communications protocol layers comprises each DOCSIS compatible layer, and the described step of forbidding comprises:Forbid in following communication at least one: (a) physical layer, (b) MPEG (motion picture expert group) transmission protocol layer, (c) MAC (medium access control) layer, (d) ethernet layer and (e) IP layer.
- 14. the method according to claim 12 is characterized in that the following step:In response to the described forbidden access to the Internet communication of separating through the user command of checking on first communications protocol layers that is locked in described a plurality of protocol layers.
- 15., it is characterized in that the described step of forbidding comprises according to the method for claim 12:Come filtering data according in following at least one: (a) be used for parent or other stops the Content Ratings of control, (b) be used for identity and (c) the data search function as predetermined user preference, (c) firewall filtering, (d) source or the target of target advertisement and " promotional component (push-content) ".
- 16. the method according to claim 12 is characterized in that:Described bi-directional communication device is at least one in following: (a) modulator-demodulator, (b) telephone set and (c) treatment facility;Step that described maintenance is communicated by letter with remote equipment is supported at least one in following: (i) cryptographic processing and (ii) from the described bi-directional device of remote source poll.
- 17. the method according to claim 12 is characterized in that:Described verification step comprises that below utilizing at least one verify the authority of described user command: (a) password, (b) user ID, (c) PIN (personal identity number), (d) security code, (e) fetcher code and (f) physical key.
- 18. be used for utilizing more than first communications protocol layers by first communication link of first port on and utilize more than second communications protocol layers by carrying out the equipment of two-way communication on second link of second port, a kind of method that is used to prevent access to the Internet is characterized in that the following step:The authority of checking user command;In response to described user instruction, separate and be locked in forbidden bridge communications between described first port and described second port through checking;During forbidding described bridge communications, utilizing described more than first communications protocol layers to keep on by described first communication link of described first port and the communicating by letter of remote equipment.
- 19. the method according to claim 18 is characterized in that the following step:In response to user command, separate the described forbidden access to the Internet communication on first communications protocol layers that is locked in a plurality of protocol layers through checking.
- 20. the method according to claim 18 is characterized in that:Keep described communication to support at least one in following: (i) cryptographic processing and (ii) from the described bi-directional device of remote source poll.
- 21. the method according to claim 20 is characterized in that:Described cryptographic processing comprises following at least one: (i) make the password input can remove described forbidding, so that allow the access to the Internet on described first communications protocol layers, (ii) make it possible to change password by remote source.
- 22. the method according to claim 20 is characterized in that:Described poll comprises by remote source inquires described intercommunication system, to determine the state of described intercommunication system.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15978899P | 1999-10-15 | 1999-10-15 | |
US60/159,788 | 1999-10-15 | ||
US56753000A | 2000-05-09 | 2000-05-09 | |
US09/567,530 | 2000-05-09 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1379945A true CN1379945A (en) | 2002-11-13 |
Family
ID=26856297
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN00814293A Pending CN1379945A (en) | 1999-10-15 | 2000-10-13 | Secure internet compatible bi-directional communication system and user interface |
Country Status (8)
Country | Link |
---|---|
EP (1) | EP1222765A2 (en) |
JP (1) | JP2003512763A (en) |
KR (1) | KR20020047222A (en) |
CN (1) | CN1379945A (en) |
AU (1) | AU1332701A (en) |
BR (1) | BR0014773A (en) |
MX (1) | MXPA02003709A (en) |
WO (1) | WO2001030009A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1509032B (en) * | 2002-12-16 | 2011-12-21 | 微软公司 | Detection for dynamic wide-area network port |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8291457B2 (en) | 2001-05-24 | 2012-10-16 | Vixs Systems, Inc. | Channel selection in a multimedia system |
US7617515B1 (en) | 2001-05-24 | 2009-11-10 | Vixs Systems, Inc. | Method and apparatus for managing resources in a multimedia system |
CN100379289C (en) * | 2001-05-24 | 2008-04-02 | Vixs系统公司 | Method and apparatus for managing resources and multiplexing a plurality of channels in a multimedia system |
US20090031419A1 (en) | 2001-05-24 | 2009-01-29 | Indra Laksono | Multimedia system and server and methods for use therewith |
CN102695029A (en) * | 2012-05-11 | 2012-09-26 | 易程(苏州)智能系统有限公司 | Video signal remote transmission system |
JP6111067B2 (en) * | 2012-12-28 | 2017-04-05 | 株式会社エヌ・ティ・ティ・データ | COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL METHOD, AND PROGRAM |
US9811839B2 (en) | 2014-04-30 | 2017-11-07 | Sap Se | Multiple CRM loyalty interface framework |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5835727A (en) * | 1996-12-09 | 1998-11-10 | Sun Microsystems, Inc. | Method and apparatus for controlling access to services within a computer network |
EP2346242A1 (en) * | 1997-07-21 | 2011-07-20 | Gemstar Development Corporation | Systems and methods for program recommendation |
-
2000
- 2000-10-13 BR BR0014773-7A patent/BR0014773A/en not_active IP Right Cessation
- 2000-10-13 WO PCT/US2000/028344 patent/WO2001030009A2/en not_active Application Discontinuation
- 2000-10-13 MX MXPA02003709A patent/MXPA02003709A/en unknown
- 2000-10-13 KR KR1020027004574A patent/KR20020047222A/en not_active Application Discontinuation
- 2000-10-13 CN CN00814293A patent/CN1379945A/en active Pending
- 2000-10-13 EP EP00975248A patent/EP1222765A2/en not_active Withdrawn
- 2000-10-13 AU AU13327/01A patent/AU1332701A/en not_active Abandoned
- 2000-10-13 JP JP2001531243A patent/JP2003512763A/en not_active Withdrawn
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1509032B (en) * | 2002-12-16 | 2011-12-21 | 微软公司 | Detection for dynamic wide-area network port |
Also Published As
Publication number | Publication date |
---|---|
JP2003512763A (en) | 2003-04-02 |
WO2001030009A3 (en) | 2002-01-03 |
WO2001030009A2 (en) | 2001-04-26 |
BR0014773A (en) | 2002-06-11 |
MXPA02003709A (en) | 2002-08-30 |
KR20020047222A (en) | 2002-06-21 |
EP1222765A2 (en) | 2002-07-17 |
AU1332701A (en) | 2001-04-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7574494B1 (en) | User interface for a bi-directional communication system | |
CN1197000C (en) | User interface for bi-directional communication system | |
US11582057B2 (en) | Multi-services gateway device at user premises | |
US10389853B2 (en) | Apparatus and methods for content distribution to packet-enabled devices via a network bridge | |
CN1197323C (en) | Application operation in bi-directional communication system compatible with internet | |
JP5714106B2 (en) | Apparatus and method for content management and account linking via multiple content distribution networks | |
CN1379946A (en) | System for processing internet domain names and addresses | |
CN101902623B (en) | Method and device for transmitting network video service | |
CN1379945A (en) | Secure internet compatible bi-directional communication system and user interface | |
KR100872228B1 (en) | Method for providing set top box with ip address using dhcp server in iptv network, method for providing harmful web page blocking service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |