A USER INTERFACE AND A SYSTEM. OF BI-DIRECTIONAL COMMUNICATION, COMPATIBLE WITH INTERNET
This invention relates to a system and a convenient user interface for use in an interactive bi-directional communication such as a cable modem, computer, TV, VCR, decoder or an associated peripheral device. Home entertainment systems increasingly include both personal computer functions and television functions (PC / TV functions) that involve multiple resources and multi-destination communication. These systems can receive data from satellite or terrestrial sources that include high-definition television (HDTV) transmissions, multi-point microwell distribution systems (MMDS) and digital video transmissions (DVB). Such a system can also provide high-speed Internet access through the transmission link or with a coaxial link (e.g. cable TV lines) using a cable modem or a telephone line link using an ADSL-compatible modem. or ISDN (asynchronous digital subscriber line or integrated services digital network), for example. A home entertainment system can also communicate with local sources such as digital video disc players (DVD), CDROM, VHS, and digital VHS (DVHS®), personal computers (PC) decoders and many other types of sources. It is desirable for a home entertainment system that supports bi-directional communication compatible with the Internet using cable or other types of modems to be able to provide security and flexibility of operation. Specifically, it is desirable to provide a secure user interface that prevents unauthorized access to the Internet and that supports interactive tasks of complex Users while providing a simple command interface convenient for the general public. It is also desirable to provide User flexibility for configuring home entertainment communication functions and assigning Internet domain names (eg universal resource locators-URLs) to manage and access elements and peripherals of a home entertainment system and to support Internet applications. These applications may include devices that include video receivers, audio receivers, VCRs, DVDs, PCs, printers, scanners, copiers, telephones, fax machines, and home appliances that are operated in standalone mode or on a domestic intranet (or other), for example. These problems and related problems are attacked by a system according to the present invention.
A system that includes a modem locally generates a web page as a User interface that allows a User to block the modem and prevent unauthorized access to the Internet. The modem (a bi-directional communication device such as an ADSL cable modem or other type of modem) uses a plurality of protocol layers to communicate over a communication link. The system prevents access to the Internet by validating the authorization of a User command and inhibiting Internet access, limiting the communication bridging between a first port and a second port in response to the validated User command. The system maintains communication with a remote device over a first link via a first port using a plurality of communication protocol layers during a period in which communication bridging is inhibited. In another aspect, the system prevents access to the Internet by inhibiting access to the Internet on a first communication protocol layer of a plurality of protocol layers. The system maintains communication with a remote device over a second communication protocol layer different from the plurality of protocol layers during a period in which communication on the first protocol layer is inhibited. Brief description of the drawings In the drawing: Figure 1 shows a cable modem system, according to the invention. Figure 2 shows a functional representation of the cable modem in a network environment with multiple personal computers and a front end cable television system, according to the invention. Figures 3 show a flow chart of a method for transferring a domain name to a corresponding Internet compatible web page address, according to the invention. Figures 4 show a flow chart of a method for inhibiting and unblocking Internet access using a cable modem, according to the invention. Figures 5-8 show web pages generated by cable modem of Figure 1 representing examples of User interface menu that provide the ability to block and unblock Internet access, according to the invention. Figures 9-11 show the interface menus of
User generated by the cable modem of Figure 1 exemplifying the password and the user identification entry (userid) for use in managing access to the Internet, in accordance with the invention.
Figures 12 and 13 show web pages generated by the cable modem of Figure 1, according to the invention. Figure 1 shows a cable modem system that advantageously prevents unauthorized Internet access by providing a User with the ability to block and unblock the Internet communication function by modem. The cable modem system also incorporates a domain name sniffing server (DNSS) to advantageously intercept domain name resolution requests and to translate a domain name into a corresponding Internet-compatible web page address. In support of these and other aspects, the modem advantageously generates a web page based on the graphical user interface to display a user on a personal computer using different standardized browser applications. These aspects of the modem address the problems of preventing unauthorized access to the Internet and provide the User with flexibility to assign Internet domain names to manage and access elements and peripherals of a home (or other) intranet system using a simple convenient command interface. For the general public. The exemplary embodiment of system 12 of Figure 1 supports cable modem bridging communication between a forward selection end by remote cable and local area network (LAN) devices, for example, a personal computer, that are local to the modem of cable. The bi-directional communications between the system 12 and the front end of the cable television are in a multi-layer protocol format. This multi-layer protocol format includes a physical quadrature amplitude modulation QAM layer or quadrature phase shift modulation (QPSK). This physical layer transports the transport protocol data of MEPG2 (group of experts in moving images) transporting access control data boxes to the media (DOCSIS MAC). The MAC data carries Ethernet data frames or MAC management data and the Ethernet data in turn carries Internet Protocol (IP) layer data. The cable modem also maintains a return communication path to the forward end of cable television using multiplexed time division communication of the return data in the Ethernet protocol. Covered physical layer data transmitted from the front end of cable television to the cable modem is processed and converted into Ethernet or USB format for communication with local area network devices attached to the corresponding Ethernet or USB ports . The cable modem maintains bi-directional communication with the local area network devices and also receives data from the devices in the corresponding Ethernet or USB protocol. Bi-directional communications between the system 12 and devices compatible with Ethernet or compatible with USB (attached to ports 72 and 82 of the system 12) include a multilayer protocol format similar to the communication between the front end of cable television and system 12. This multi-layer protocol format can include Ethernet / USB, HTTP (hypertext transmission protocol) and TCP / IP (transmission control protocol / Internet protocol) and other protocols depending on the the applications served. The cable modem described herein employs an MPEG-compliant protocol conforming to the MPEG2 image coding standard, termed the "MPEG standard". This standard is composed of a system coding section (ISO / IEC 13818-1, June 10, 1994) and a video coding section (ISO / IEC 13818-2)., January 20, 1995). Internet TCP / IP (transmission control protocol / Internet protocol) and Ethernet-compatible protocols described herein provide compatibility with multimedia cable network systems (MCNS) preliminary requirements and requirements of DOCSIS 1.0 (specification of cable service interface over data 1.0) ratified by the International Telecommunication Union (ITU) of March 1998 and as specified in RFC 2669 (Request to Comment Document 2669). In addition, the domain name discussion that is processed here includes the domain name resolution procedures that are documented in RFC 1591 of March 1994 and RFC 1918 of February 1996 and other documents. RFC documents are available via the Internet and are prepared by groups working on Internet standards. The principles of the invention can be applied to any bi-directional communication system and are not restricted to cable (ADSL, ISDN or modems of the conventional type.) Furthermore, although the described system is described as processing website data for its display, this is only exemplary The term "web page" will generally be construed as representing any form of data that can be communicated via Internet Protocol (IP) from an Internet source and includes any form of data package including video data audio in the stream, telephone messages, computer programs, emails or other types of communication, for example The cable modem (system 12) of Figure 1 communicates with a forward end of cable television over a broadband bi-directional high-speed radio frequency link on line 10 which typically consists of coaxial cable or a fiber / coax hybrid (HFC) The modem system 12 communicates bi-directionally with devices located in a Users site over the local area networks (LAN). Typical user-side local area networks include compatible Ethernet / Intel / Xerox Ethernet networks attached via connector 72. Other devices on the User side communicate via a universal serial bus (USB) compatible network attached via the connector 82. User devices attached to Ethernet and USB networks may include equipment such as personal computers (PCs), network printers, video receivers, audio receivers, VCRs, DVDs, scanners, copiers, telephones, fax machines and domestic appliances, for example. In operation, the diplexer 20 of the cable modem system 12 of Figure 1 separates the upstream communications (sent from the modem 12 to the front end of cable television) from downstream communications (sent from a front end of television by cable to the modem 12) transported via the cable line 10. the diplexer 20 separates the upstream data from the downstream data based on the different frequency ranges that the data upstream (typically 5-42 megahertz) and downstream (typically 92-855 megahertz) are used respectively. The controller 60 configures the elements of the cable modem 12 of Figure 1 to receive MPEG2 transport data from the front end of cable television on the cable line 10 and to convert the data to Ethernet or USB compatible format for the exit ports 72 and 82 respectively. Similarly, controller 60 configures its modem elements of Figure 1 to receive data compatible with Ethernet or USB from ports 72 and 82 and to convert and transmit MPEG2 transport protocol data at the front end of television. by wire on the cable line 10. The controller 60 configures the elements of the system 12 by setting the control register values within these elements using a bus of control signals and bi-directional data. Specifically, the controller 60 configures the tuner 15, the saw filter 25, the differential amplifier 30 and the MCNS interface device (multimedia cable network systems) 35 to receive a DOCSIS formatted signal on a previously identified radiofrequency channel frequency. The formatted DOCSIS signal comprises an MPEG2 transport protocol format that carries data frames compatible with Ethernet including data content of Internet protocols. The controller 60 employs an initialization process to determine the frequency of the radio frequency channel that the tuner 15 is going to configure to receive. The initialization process includes iteratively tuning to successive radiofrequency channel frequencies until a satisfactory DOCSIS signal is obtained. The controller 60 recognizes a satisfactory DOCSIS signal on a candidate channel through successful decoding by the MCNS 35 interface processor of the received data and through a correspondingly acceptable error rate for the decoded data. In the initialization process, the controller 60 together with the MCNS interface 35, the amplifier 85 and the radiofrequency transformer 87, also transmit data upstream to the front end of the cable television for a variety of purposes including to adaptively and iteratively adjust the communication parameters upstream and downstream. These parameters include the level of cable modem transmission power and the time lag, for example. After initialization in a normal operation, a radiofrequency carrier is modulated with MPEG2 transport protocol data using quadrature amplitude modulation of 64 or 257 QAM. The MPEG2 transport data includes Ethernet formatted data which in turn includes Internet protocol data representing an HTML web page (hypertext marker language) requested by the User, for example. The MPEG transport data is provided by the diplexer 20 to the tuner 15. The tuner 15 converts downwards the input signal from the diplexer 20 to the lower frequency band which is filtered by the saw filter 25 to enhance the isolation of the signal from neighboring radiofrequency channels. The signal filtered from the unit 25 is changed in level and damped by a differential amplifier 30 to provide a signal compatible with the MCNS 35 interface processor. The signal with level change, converted downward resulting from the amplifier 30 it is demodulated by the MCNS processor 35. These demodulated data are further decoded by trellis, mapped in data segments aligned by bytes, de-interleaved and the error corrected by Reed-Solomon within the processor 35. Decoding by trellis, deinterleaving and the Reed-Solomon error correction are known functions described, for example, in the reference text Digi tal Communication, Lee and Messerschmidt (Kluwer Academic Press, Boston, MA, USA, 1988). The processor 35 further converts the data into MPEG2 format in Ethernet data frames that are provided to the processor 60.
The processor 60 analyzes and filters the Ethernet compatible data from the unit 35 using filters configured from the forward end of the cable television. The filters implemented by the processor 60 compare Internet protocol data identifiers in incoming Ethernet frame packets provided by the unit 35 with Internet protocol identifier values previously loaded from the forward end of the cable television. The Internet Protocol Identifier values are pre-loaded during a previously performed initialization or configuration operation. Hereby the processor 60 implements a data admission control function that sends selected data to local area network devices and discards other selected data content. This configurable filter system can be advantageously used to filter data based on metadata items in the incoming data for a variety of purposes including based on (a) content classification for parental control or other blocking control, (b) preferences User settings to direct ads and "push content", (c) filter protections (firewall), (d) source identification, and (e) a data search function. The serial data compatible with filtered Ethernet is communicated to a personal computer and the Ethernet interface 65, the filter and isolation transformer 70 and the port 72. The interface 65 damps and conditions the data from the processor 60 to filter and transform them by the unit 70 for output to a personal computer via port 72. Similarly, controller 60 converts and filters Internet protocol data (transported in Ethernet data boxes) from processor 35 to output in USB via format port 82. The USB data is buffered by the tranceptor 75 and filtered by the noise suppression and interference filter (EMI / ESD) 80 before the output to the USB compatible LAN devices connected to port 82. The modem system 12 also communicates upstream data from a linked personal computer, for example, to a front end of cable television. For this purpose, the controller 60 of the system 12 receives data compatible with Ethernet from the personal computer linked via the port 72, interface 65 and the filter / isolation transformer 70 and provided by the processor 35. The processor 35 modulates a carrier of radio frequency with the Ethernet format data received using 16 QAM or QPSK modulation (quadrature phase change modulation). The resulting modulated data is multiplexed by time division on the cable line 10 for upstream communication via the amplifier 85, the transformer 87 and the diplexer 20. The amplifier 85 outputs the data to the front end of cable television with a level of adequate energy selected in the initialization process described above. The transformer 87 provides a degree of fault isolation and noise in the case of a failure in the modem 12 or after the occurrence of noise generated locally in the modem or in attached devices. In a similar manner, the modem system 12 also communicates data upstream of the devices attached via the USB port 82. In an exemplary implementation, the controller 60 of the system 12 receives data compatible with Ethernet from the tranceptor 75 and provides them to the processor 35 for upstream communication in the manner previously described. For this purpose, the tranceptor 75 receives Ethernet data encapsulated within USB frames from port 82 via the 80 filter and removes the data from the USB frame to provide Ethernet format data to the controller 60. The controller 60 also responds to the turn on / off and re-establish it 90 and perform a variety of functions in addition to those already described. Specifically, the modem 12 under the control of the controller 60 advantageously,
(a) enables a User to block the modem and prevent unauthorized access to the Internet, (b) supports the interception of domain name resolution requests and the translation of a domain name to a compatible web page address. The corresponding Internet, (c) enables the assignment of Internet domain names for use in a layer, private Internet, or other intranet system independently of the public Internet, and (d) generates interactive HTML web pages as a graphical user interface . In addition, the controller 60 configures parameters of the modem 12 using configuration information provided from the forward end of the cable television. The controller 60 also directs the system 12 in synchronization and multiplexing communication upstream on the cable line 10 and implements a speed limit to control the upstream data traffic. In addition, the controller 60 bi-directionally filters received data and provides selected data to either the forward end of the cable television and the local area network devices attached to the ports 72 and 82. The controller 60 also maintains a data stack. TCP / IP for damping and data management purposes and supports data range communication with the front end of cable television. Range communication is initiated by the forward end of cable television and comprises the continuous but intermittent gathering of individual modems to determine the status and to identify faults of the modem or the line. Figure 2 shows a functional representation of the cable modem of Figure 1 in a network environment including multiple personal computers and a forward end of cable television. The functional elements of Figure 2 shown within the system 12 are executed by the controller 60 (Figure 1) in conjunction with the remaining elements of the system 12 shown in Figure 1. In Figure 2, the cable modem 12 provides communication of bi-directional bridge between cable service provider 240 at a front end and personal computers 220 connected to the local area network and 265. In system 12, bidirectional bridge communication between different input and output protocols is provided by the interface and protocol conversion functions 225 and 235. The bi-directional communication path provided by units 225 and 235 supports protocol conversion in a multi-layer protocol structure. As previously described in connection with Figure 1, the protocol layers include hierarchical protocol layers MPEG2, Ethernet, and Internet Protocol as well as a USB protocol layer and a physical layer of QAM or QPSK modulation. In addition, a stack of TCP / IP 260 buffer the request and response message data from the web page generator, the server and administration function 255 and the SNMP (simple network management protocol) communication function 245. In addition, both the SNMP communication function 245 and the web page manager function 255 use modem database 250 to respond to the commands. The SNMP function 245 receives and interprets SNMP communications from the forward end of the cable television 240 and manages the operation of the system 12 in response to these communications. Specifically, the function 245 configures the modem 12 and updates the system parameters using configuration information provided from the forward end of the cable television. Function 245 also configures bi-directional filters in system 12 to analyze and either re-send, redirect or discard messages received from personal computers 220, 265 and the front end of cable television 240. Function 245 also Supports the communication function of previously described range initiated by the front end 240 for the continuous meeting of the modem 12 to determine the state of the modem and the operating condition. The web page generator function 255 generates interactive HTML web pages as exemplified in Figures 12 and 13 discussed below. The generated web pages comprise a graphical user interface that allows a technician to easily perform distic tests on the system 12 and the associated networks. Function 255 generates HTML web pages for display on a personal computer of User annex 220, for example, allowing a technician to determine faults and status directly through the User's personal computer. A generated web page can also be accessed remotely by following a User ID and password authorization procedure with a remote personal computer using the SNMP or other protocol. The generated web pages allow an Authorized User to avoid unauthorized access to the Internet by providing a User with the ability to block and unblock the modem's Internet communication function. The web pages generated also provide a user with the interface that allows to see and / or update the system parameters and the received data such as security alerts, special events (promotions, etc.), network traffic statistics and low-level conditions. flow or overflow and data transfer statistics. The web pages also provide diagnosis, billing, status, internal configuration and other information and allow the modem configuration change. In another embodiment, the functions performed by the generated web pages described herein may be incorporated into a web browser page. Web pages generated by function 255 also provide an interface that allows a User to assign an Internet domain name to a private Internet (against the public Internet). The interface, for example, allows a User to assign an Internet domain name to an element on an intranet (or other) home system. For this purpose, a domain name sniffer server (DNSS) 230 supports the interception of domain name resolution requests generated by the personal computer 220 in response to a user's Internet web page request initiated via a browser that is run on personal computer 220, for example. DNSS 230 translates the intercepted domain name to a corresponding private Internet website address, whereby it allows private Internet domain names to be assigned via web pages generated for use in a home or on a private Internet or intranet system independently of the public Internet. Figures 3 show a flow chart of a method for translating a domain name to a corresponding Internet compatible web page address. The method is employed by the controller 60 of Figure 1 (in conjunction with the other elements of the system 12 of Figures 1 and 2) to enable the private Internet domain names that are allocated via the web page generated by the use in a house or another private intranet system. After the start in step 300, the personal computer 220 (Figure 2) in step 303 (Figure 3) transmits a request for domain name resolution to the system 12 (Figure 2) in response to a request from the User's website via a browser running on the personal computer 220. The personal computer browser 220 submits a domain name request following the standard Internet resolution protocols as detailed in the RFC documents (request for comment) available on the Internet for example RFC 1035, 1591, 1816 as well as the subsequent and previous RTCs associated with these documents. A request for domain name resolution from
Internet is answered by a domain name server
(DNS) used to resolve domain names to Internet protocol addresses. The requests are submitted by a resolver to one or more DNS to obtain the complete Internet protocol address of a particular machine or device. For example, in a web browser a User can write RCA.com. This is then sent to a DNS which can translate it to the Internet protocol address 157.254.235.215. A web browser uses this Internet protocol address to make contact with the web server and retrieve information from the web page. Note that this example is extremely simplified. In practice, several hierarchically organized DNS are used via a reference or recursion process, plus many other processes are involved including age factor and cache processing. The domain name resolution request is submitted by the personal computer 220 to system 12 to send and translate the domain name entered by the User into a corresponding Internet protocol address of the source of the requested web page. In step 305, an intercept domain name database (unit 250 of Figure 2) is provided for use within the system 12. The intercept domain name database associates Internet protocol addresses with domain names of intranet devices over a home local area network (a private intranet) and is derived from domain names and Internet protocol address information locally assigned by a User via a web page interface generated by the system 12. Alternatively, the permissions domain name database can be loaded using DHCP
(dynamic host configuration protocol) from a remote Internet location for example from the forward end of the cable television. In another embodiment, the intercept domain name database may be loaded from the local Internet location for example from the local storage or the database may previously be stored within the system 12. In step 310, the snooping server (DNSS) 230 of system 12 (Figure 2) examines the domain name resolution request message from personal computer 220 to determine if the domain name conveyed matches a name in database 250 In step 315, the system 12 (under the direction of the controller 60 of Figure 1) intercepts the domain name resolution request from the personal computer 220 (Figure 2) if the domain name conveyed matches a domain name. name in database 250 (Figure 2). After a name matches, system 12, in step 313, inhibits further communication of the domain name resolution message to a public Internet domain name server. The snooping server (DNSS) 230 in step 320, together with the database 250, translates the intercepted domain name to an address compatible with Internet protocol and in step 323 communicates the Internet protocol address back to the requesting source (the personal computer 220 in this example). In addition, the system 12 in step 325 maintains a history of the domain name and Internet protocol address translations and requests within the database 250 and relates and compiles the information for monitoring or other purposes including, for example , parental control, protection filtering, or for the accumulation of data of the User's preference as a background operation. The compiled information is made available for display on a web page generated by unit 255 either continuously or at the request of the User via the web page. The process of Figure 3 ends in step 330. In other modalities, step 317 is not performed and system 12 also communicates the domain name resolution message received from personal computer 220 to a public Internet domain name server. In this case, the system 12 can receive two translations of Internet protocol address in response. One from DNSS 230 and one from the remote public domain name server. The Internet protocol addresses received may or may not be the same, consequently, a potential conflict of addresses and career condition arises. In order to prevent a race condition from causing a problem, the system 12 is programmed to select the first received Internet protocol address response. The first typically received response is the response of the local DN? 5 230. Alternatively, the system 12 can be conditioned differently, for example, the system 12 can be conditioned to give priority to responses from a particular source such as to from a remote server. The domain name server and the characteristics of the process in Figure 3 provide a means for a User to easily and quickly assign, add, or alter the names of Internet domains used in a private Internet, for example, to accommodate the addition of devices to the private Internet. This allows a user to flexibly manage and change the configuration of the elements and peripherals of a home intranet system (or others) via a web page that runs on a standardized browser, for example. A User can advantageously manage the allocation of the domain name on a private Internet without impacting the public Internet or burden and delayed burden of having to register domain name assignments and changes in public Internet portals and service providers (ISP) . In addition, a User requesting a web page generated within the private Internet does not need to know the complex Internet protocol address of this web page. Instead, the User can access the web page by submitting a locally assigned private Internet domain name that is recognized by the intercept domain name server as the one corresponding to the required web page. The intercept domain name server and the process characteristics of Figure 3 also advantageously allow: (a) that the Internet protocol addresses of the web pages generated by the system 12 or other information sources or devices on a Private Internet is assigned dynamically for security or other purposes; (b) assignment domain names or aliases (or adaptable to the User) and Internet protocol addresses to a system that allows the information source 12 (or a DNS server) to intercept and respond to DNS requests that do not they are directed directly at him, for example; and (c) the preponderance of a domain name with a surrogate name assigned locally. By this, system 12 is able to communicate to a device over a local area network or subnet using a locally assigned private Internet domain name or Internet protocol address that identifies the device by being on this particular local area network or subnet. The domain name or Internet protocol address can be assigned via a web page generated by the unit 255 or it can be assigned by the local or remote load of data to the database 250 (Figure 2) as previously mentioned. This eliminates the need for a User to have to adjust the Internet protocol address or the network mask of a personal computer over the local area network in order to have access to the web page generated by unit 255 in the system 12, for example. Figure 4 shows a flow chart of a method for inhibiting and unblocking Internet access using a cable modem. The User interface is presented on a personal computer attached to the Ethernet port 72. The method is employed by the controller 60 of Figure 1
(together with the other elements of the system 12 of the Figures
1 and 2) to allow secure blocking of the modem to prevent unauthorized access to the Internet. This ensures that the
Unauthorized users (for example children) will not have access to careless network devices. It also provides security to a User that his personal computer can not have access to his personal computer while the modem is blocked. In step 405 of Figure 4, following the start in step 400, the communication bridge capacity of the cable modem 12 is enabled. As previously described, this bridging capability allows an Ethernet device, e.g., a personal computer connected to port 72 of system 12 of Figure 1, to connect to a radio frequency network for communication over the cable line. as specified according to DOCSCIS standards. The DOCSIS specifications provide that a modem will consistently vary (ie maintain bi-directional communication) with the cable modem termination system (CMTS) while it is connected. Therefore, in order to remove Internet connectivity, the consumer either needs to physically disconnect the modem from the radiofrequency network, or needs to remove the modem's power. The method and system described in connection with Figure 4 provides a locking mechanism, either via the hardware
(ie, lock and key) or software (ie, name of
Username and password) to disable the modem from its bridging capability. This protects consumer network devices connected to the modem from outside traffic, and also prevents unauthorized users from accessing the Internet through the modem. The authorization of a User to initiate the blocking of the modem is verified in steps 410 and 415 of Figure 4. Specifically, a User identification and password entered in step 410 is verified in step 415 using a menu exemplified in the Figure 9. This menu and other menus used in the process of Figure 4 are displayed on a personal computer attached to a port 72 (Figure 1). The entry of an incorrect password or incorrect User ID gives co or result in steps 410 and 415 repeated during a specified number of attempts using the incorrect password processing menu of Figure 11 until the controller 60 (Figure 1) declares successful verification or failure. The password for the modem is changed using a password change menu as exemplified in Figure 10. This menu can be invoked via icons 505 and 605 on the web pages generated by the exemplary modem of Figures 5 and 6 respectively. The password change menu in Figure 10 • asks the User for the original password and the new password twice (as confirmation of the new password). A typical password can be, for example, any combination of letters, numbers, and non-alpha numeric characters to its maximum of 10 characters. The menu of Figure 10 or a similar menu can be used to initially set the password after the initialization of mode 12. Alternatively, a software mechanism, a MIB (administration information base) comprising a software procedure that allows remote administration) can also be used to allow the password to be reset by the front end, in the case of a lost password. A default password (for example, "let's leave"), detailed in the User's manual, can be used to invoke the procedure to allow a front end to reset the password. In such a system, a private MIB enabled in the modem allows a management station, operated from the front end of the cable, or from the network operations center controlled by an Internet service provider, to reset the password back to the by omission, in the event that the password is lost or forgotten. For this purpose, an SNMP administrator at the front end, or at the network operations center, commands the MIB to reset either the User's password or the User's identification or both the User's password and identification. In order to invoke this procedure, a User telephones the cable operator or network operations center and provides the default password as authorization to request that the password on his modem be reset. Alternatively, assuming that the modem 12 is not in a locked mode and the modem 12 allows bridge communication between a joined personal computer and the forward end of the cable television then the default password can be communicated to the front end via the modem 12 to directly invoke the MIB based on the procedure to reset the password. After the successful verification in step 415, a User requests the display of a web page in step 420. The requested web page acts as the User interface that allows the User to block the modem and inhibit the communication of Internet access. The User initiates the blocking and unblocking of the modem Internet access communication in step 425 via icons 500 and 700 of the web pages of Figures 5 and 7 respectively. Alternatively, a User initiates the unblocking and blocking of the Internet access communication via the check boxes 600 and 800 of the web pages of Figures 6 and 8 respectively. A User initiates the blocking of the modem in step 425 via the icon 500 of the web page of Figure 5 or via a check box (for example as shown in the icon 800 of the web page of Figure 8). In other modalities the described functions can be activated and inactivated using the User interface menus and web pages that differ from those represented in Figures 5-12. The Internet access communication by modem 12 is disabled in step 430 and the web page is displayed indicating this disabling state in the manner exemplified by icons 500 and 800 of Figures 5 and 8 respectively. Modem 12 disables access to the Internet by advantageous inhibition of bridge communication of Internet protocol data between the front end of the cable television and the local area network devices connected to ports 72 and 82. In the blocked condition, any attempt to access the Internet originating from a web browser on a client device (for example the personal computer 220 of Figure 2) is limited to accessing the content stored in memory on the same personal computer, or to a web page generated internally by the modem 12. While the modem is blocked, no traffic passes from the customer's home network, or personal computer (and private Internet), to the radiofrequency side of the network to the front end and the Internet publishes. The modem bridge function is disabled. In its locked condition, the modem 12 maintains multi-layer protocol communication with the forward end of the cable television to support the variation process of the DOCSIS standard and to support the SNMP
(Simple network management protocol as defined in
RFC 1157) of access to the database (unit 250 of the
Figure 2) inside the modem 12. The process of varying the communication is initiated by the front end of cable television and described in the DOCSIS radio frequency interface specification. The variant communication messages comprise periodic variant maintenance messages that are transported over the MAC (media access control) layer of the OSI network model (open systems interconnection). The communication of the database involves the SNMP and involves the User datagram protocol (UDP) that operates on the Internet protocol to the session layer of the OSI model. In the locked mode, the modem 12 also maintains multi-layer protocol communication with a personal computer (for example the personal computer 220 of Figure 2 attached to an Ethernet port) to provide a web page based on the User interface ( as exemplified in Figures 5-8) allowing a User to unblock and re-lock the modem as required. The modem 12 disables access to the Internet by advantageous inhibition of bridge communication of the Internet protocol data between the front end of the cable television and the local area network devices attached using a filter mechanism. In this mode, the bi-directional communication of the data from the Internet protocol layer is inhibited. However, in other embodiments the filter mechanism can be used to pass data between the forward end of cable television and the local area network devices joined in one or more particular protocol layers at the same time communication is inhibited. in other layers of protocols. In addition, the use of bi-directional filtering allows the particular protocol layers to pass in one direction, for example from the front end to the local area network device, while one or more different layers pass from a local area network device. to the front end. Alternatively, all bridge communication can be inhibited. The filter can be implemented as a configurable filter and used to bi-directionally filter data between the forward end of the cable television and the local area network devices attached based on one or more of (a) content, (b) type of protocol and (c) data source or destination. Content filtering can be implemented based on metadata or other content or articles derived from the content for a variety of specific purposes including those previously described in connection with Figure 1. The filter can be implemented in a manner similar to the DOCSIS cable device MIB. as specified in RFC 2669 which defines the docsdevFilterIPDirection object and the docsDevFilterlpDaddr object or can be implemented using other filter mechanisms. A filter using mainly these two objects can be used to restrict all traffic, or selected traffic, from a User's network browser (for example, on the personal computer 220 of Figure 2) to the front end and also to the Internet . After initialization of the lock, the modem filters the data traffic to restrict all browser traffic (for example on the personal computer 220) with a destination address that matches the portal's Internet protocol address (corresponding to the Internet protocol address of the cable modem termination system at the front end). Alternatively, this filter, based on the docsdevFilterIPDirection object and the docsDevFilterlpProtocol object (or based on another mechanism), can be configured to restrict any selected protocol or selected content that is being passed either in any direction through the modem. This ensures that a User can block access to the Internet and this access is also blocked from the Internet (via the front ^ end) to the User's personal computer to increase security. In another modality, in step 430 of Figure 4, modem 12 prevents unauthorized Internet access by inhibiting communication to the front end of cable television over the Ethernet communication protocol layer while concurrently maintaining communication with the front end of the cable television over the MAC protocol layer. The MAC protocol layer carries management information that supports the range operation and other management functions of the modem and the network. In addition, the modem 12 concurrently maintains multi-layer protocol communication with a personal computer (eg PC 220 of Figure 2 attached to the Ethernet port of the modem 12) to provide a user interface based on the web page.
(as exemplified in Figures 5-8) allowing a
User unblock and relock the modem as required. Continuing with the process of Figure 4 and after blocking the modem in step 430, an attempt by an unauthorized user, for example, in step 445, to navigate the network is blocked and results in the termination of this branch of the process of Figure 4 in step 450. Alternatively, the modem can be unlocked by an unauthorized user in steps 440, 455 and 460. In this case, a password prompting menu (for example the menu of Figure 9) is displayed in response to the User's attempt to unlock the modem in step 440. A User may attempt to unlock the modem either by activating the unlocking button 700 of the web page of Figure 7 or by checking the box of check 800 of "web access" of Figure 8 for example. After validation of the correct password in step 460, after entering the password in step 455, the modem is unlocked to support the bridge communication in step 470 and to provide the user with access to the Internet. This branch of the process of Figure 4 ends in step 475. After identification of an invalid password in step 460, the User is notified that the password entered is invalid in step 465 via a menu as exemplified by the Figure 11. Through this menu, the User in step 465 can retry the validation of the password starting with step 440 or the User can cancel the attempt to unlock the modem. If the User cancels his unlock attempt in step 465 the process is returned to step 430 and displayed on the web page. In other modalities, the authorization of a User to block and unblock the modem to provide Internet access can be done in other ways and does not need to involve the entry of a password or User identification. An access card mechanism may be provided within the modem 12 for use to validate the authorization based on a digital signature, or other authorization or rights data, for example. Similarly, modem 12 may respond to a different access device such as a physical or electronic key to determine User authorization. Figures 12 and 13 show the web pages generated by the cable modem of Figure 1. These web pages advantageously allow a technician, for example, to determine and adjust specific internal modem configurations. Web pages support interactive features that comprise one or more of, (a) modem configuration 12, (b) request for display of system parameters, (c) select a service payment option, and (d) assign addresses to Internet. The website uses password protection access similar to that previously described in relation to preventing unauthorized access to the Internet. Consequently, even if an unauthorized user discovers the URL of a particular web page, it is protected by the password. The web page also displays specific diagnostic information to a technician thereby eliminating the need for the technician to rely on LED indications and special diagnostic equipment to be able to access the internal state (for example, points 910-920 of the Figure 13) and establish configurations. In addition, the use of this web page allows a technician to use a client's personal computer to access and configure the modem 12 (Figure 1) eliminating the expense involved in providing the technician with a personal computer or laptop, for example. A technician can set the power level of the return channel (point 913 of Figure 12), for example. The information available about the web page includes specific information about the configuration of the customer's network. Specifically, it includes the number of personal computers connected to the network, the Internet speed (100 Mb or 10 Mb) and the MAC address of the modem 12 (points 900 and 902 of Figure 13), for example. Similarly, the website displayed may indicate information from other addresses such as (a) the Internet protocol address of the website, (b) a file transfer protocol (FTP) address, and (c) address of e-mail. The website also provides other customer network information including the amount of traffic and details concerning collisions over the network. This advantageously eliminates the need for diagnostic equipment or software adapted to the customer. Modem 12 also generates browser warning boxes for certain network events of which the User would like to be informed. In addition, the browser allows special HTML information to be displayed during the recovery of the website's data. During this period of time, the modem 12 sends information to a User concerning certain events that are presented in the network. These events include alerts about unauthorized access to the User's local area network, overflow of local area network traffic, and amounts of data transfer through modem 12. Modem 12 also allows a provider to Cable Internet services limit the transfer of data by setting quotas and the User is also able to see the amount of data transferred. Alert boxes also allow a User to view statistics of specific types of accesses including web page recoveries, DNS requests, FTP file transfers, e-mail messages, and so on. In other modalities these cases and the associated information are not confined to be displayed in warning boxes on an explorer but are also available on the web page generated by the modem 12 in response to a request for retrieval of user information on demand. The previously mentioned information points in relation to Figures 12 and 13 may be displayed in areas 905 and 907 of Figures 12 and 13, for example, or may be presented in another display format. In addition, the command line (point 911) in Figures 12 and 13 can be used for the introduction and assignment of the domain name or Internet protocol address to a peripheral device (locally connected to the modem 12). The command line 911 can also be used to associate an entered domain name with a corresponding Internet protocol address (and vice versa) involving the updating of the database within the modem 12. A peripheral device may comprise, (a) a device on an intranet, and (b) a device on a home network, and (c) a device on a private Internet. Similarly, command line 911 provides a data entry line that allows the User to enter data for configuration of a data traffic filter within modem 12. This traffic filter can be used to filter data based on, (a) the content rating for a parental control or other blocking control, (b) predetermined user preferences for directing ads and "push content", (c) protection filtering, (d) identification of the source or destination; and (c) a search function. Alternatively, the web pages of Figures 12 and 13 may employ menus displayed in areas 905 and 907, for example, which specifically support the entry, assignment and association of domain names and the corresponding Internet protocol addresses. Similarly, the specific menus presented in areas 905 and 907 can also be used to activate, deactivate and configure data traffic filters. The modem 12 also acts as a browser proxy agent for navigation on the web page. This increases the speed of the browser to navigate the web, especially if there is more than one browser active at the same time (ie more than one personal computer in the local area network of the client). Modem 12 previously saves and extracts information from web pages associated with the web page that the User is currently viewing. This increases Internet browsing speeds by eliminating the delay caused by a remote web site or Internet infrastructure. Further, by configuring the internal filters previously described in connection with Figure 4, the modem 12 is used as a firewall excluding interrupting and objectionable traffic to protect a user's network system in a home or business from external invasion and disruption. . The architectures of the system of Figure 1 and Figure 2 are not exclusive. Other architectures may be derived in accordance with the principles of the invention to carry out the same objectives. In addition, the functions of the elements of the modem 12 of FIGS. 1 and 2 and the process steps of FIGS. 3 and 4 can be implemented in whole or in part within the programmed instructions of the controller 60. In addition, the principles of the invention are applied to any multi-layer protocol of the bi-directional communication system and are not limited to DOCSIS-compatible modems or any other type of modem.