USING SMART NOMADIC OBJECTS TO IMPLEMENT SECURE DISTRIBUTED MULTIMEDIA MESSAGING APPLICATIONS AND SERVICES
FDXLD OF THE INVENTION
The present invention relates to a mechanism for the creation, deployment, operation, administration, and management of service delivery over communication networks.
BACKGROUND OF THE INVENTION References
6272536 van Hoff, et al. August 7, 2001 6151628 Xu, et al. November 21, 2000 6424991 Gish July 23, 2002 6434598 Gish August 13, 2002 6563919 Aravamudhan, et al. May 13, 2003
Description of the Prior Art
A communication network is used to send information between and among several sets of users. Such transfer of information typically involves transfer of some text or graphics or video or some such matter, which we shall refer to as 'content'.
Communication is primarily of two types - 'Real-time' and 'non real-time'. In real-time communication, it is unacceptable for content to be delivered beyond a time limit. In 'non realtime' communication delays are more tolerable. This invention primarily addresses non real-time communication.
The transfer of content is part of the larger issue of service delivery. Service delivery essentially involves the process of delivering value to a consumer of such services (called 'user' or 'subscriber'), and may require to be managed and billed. Such services may also have associated service level agreements, cost bounds, delivery guarantees, etc. Additional issues involved may include security, privacy, reliability, broadcast / multicast, transcoding etc.
Although several new and elegant methods and techniques have been proposed in the recent past to address issues such as reliability, security, and management of the process of service delivery,
all of them are inherently inflexible, i.e., a small change in the nature of service delivery inevitably require significant reprogramming and expensive redeployment.
A single comprehensive solution to address all issues relating to service delivery does not exist. Individual solutions that are available for existing activities associated with service delivery are supplementary solutions. These supplementary solutions are lumped together to form smaller secondary networks like that of 'Intelligent Networks' in telecom. The limitations of 'Intelligent Networks' are well known.
Furthermore almost all communication networks are designed only to transport content efficiently from one place to another and factors relating to service delivery are standalone solutions that are not designed to form a part of an integrated solution. Any such attempt at providing an integrated solution using such standalone solutions tends to be a 'one of and contrived.
DISCLOSURE OF THE INVENTION
Summary of the invention
To overcome the limitations in the prior art described above, preferred embodiments disclose a system, device, and method to bring about flexibility in a communication network without introducing expensive changes. This result in an integrated solution encompassing security, privacy, reliability, broadcast / multicast, transcoding and other issues relating to service design and delivery.
This is achieved by a system that preferably consists of three aspects. According to the first aspect of the invention there is provided a 'Bubble'. A 'Bubble' is a logical entity that contains within it one of three types of content -
1. A 'control bubble' carries the logic (or a reference to the logic) that needs be executed to accomplish the process of delivery. A Control bubble may be modified in the course of its traversal through a network.
2. A 'context bubble' carries the status information, which gets updated by the interaction of a bubble with a B-box (described later in this section). The content of the 'context bubble' also influences the outcome of the execution of the service logic contained in the 'control bubble'. Although 'control' and 'context' bubbles are functionally interlinked,
context bubbles can also be used to recover from errors in the underlying communication network.
3. A 'content bubble' essentially carries the final content, which needs to be delivered.
According to another aspect of the invention the system involves a piece of hardware called a 'Bubble box' (also called "B-box"). A preferred embodiment of the present invention configures the B-Box to essentially be a piece of special computer hardware running customized software to process bubbles and to offer special services. For content to be delivered througli a network there needs to be at least one B-box associated with and connected to that network. A network can have one or more of such B-Boxes. Several such B-boxes are securely interconnected to form a virtual overlay network called a Secure Multimedia Messaging Network (SMMN). The B-Box could be connected to existing platforms, underlying networks and independent/third party services to offer these special services, thereby enhancing the utility and efficiency of the existing network resources.
According to another aspect of the invention the process of service delivery is modelled as a network of stages, in which each stage consists of a B-box offering a well-defined set of services. In further embodiments, the process of service delivery involves the following steps:
Initially, a control bubble moves through the SMMN preferably carrying the following information:
1. An Identifier to the service being delivered
2. A reference to the associated context bubble 3. Priority level
4. The address of the next B-box to move to
In still further embodiments, the associated context bubble also moves with the control bubble, but as an independent entity. The context bubble carries, preferably, the following:
1. A self identifier
2. Information of the current state of the process of service delivery
With preferred embodiments the separation of control and context allows greater security, better ability to recover from errors and to handle concurrency in the implementation of service logic.
In this way each B-box enroute uses the identifier to the service (contained in the control bubble) being delivered to determine the precise set of actions to be performed. It modifies the control bubble to reflect the address of the next B-box, and updates the information contained in the context bubble creating a dynamic log.
This process is used to determine not only the precise route(s) to be taken by the content bubble, but also identifies. transcoding needs, encryption needs, transport services needed for delivery, billing etc.
When the service logic is fully executed, the context bubble has all the information necessary to handle content delivery. This information is then used to ensure that resources are committed by all the B-boxes and network elements when the time comes for the transfer of the content bubble. B-boxes 'pull' the content bubble from the source, and relay it along the pre-determined path(s) of B-boxes enroute to end user terminal(s). Such apriori commitment of resources helps realize service level guarantees.
Because service logic is implemented as a network of stages, redesigning service logic simply involves rearranging the path(s) to be taken by the control bubble. This can be handled, by merely changing the logic at the B-box at which the logic of the two services diverge.
Another variation of the invention provides for the design of B-boxes as a network of service queues wherein each service queue offers a well-defined service. This is very similar to the design of service logic as a network of stages, as was discussed earlier. This enables B-boxes offering different services to have a uniform design.
Such a method of design also provides for queues that offer special services, such as entry queues that accept bubbles form outside to enter the network; exit queues that route bubbles to destinations outside the network of service queues; router queues that route bubbles within the network of service queues; queues that provide redundancy to facilitate fault-tolerance and better
availability of the B-box; queues that provide support for the operation and management of the network of queues, etc.
Such a method of design provides mechanisms to allocate and assign identifiers to service queues; allocate resources dynamically to service queues; Create service queues without disruption of operations in a B-box; Balance the load in service queues, etc.
Other features and advantages of the present invention will become apparent from the following description taken in conjunction with the accompanying drawings
Brief Description of Drawings
The following detailed description of the invention is supported by the schematically described embodiment examples, which function only for better understanding and are to be evaluated in no way as a restriction of the range of protection of the invention.
Figure 1 illustrates a generic network consisting of access networks with gateways and B-Boxes.
Figure 2: A Secure Multimedia Messaging Network (SMMN) logically formed by the interconnection of several B-boxes. Figure 3 shows a B-Box making use of plurality of existing network resources and independent
/third party services.
Figure 4 depicts the logical creation and association bubbles. The thick bold lines indicate references.
Figure 5 illustrates process of service delivery with multiple stages. Figure 6 illustrates process of service delivery with concurrent network stages.
Figure 7 illustrates the design of a B-box as a network of service queues.
Figure 8 illustrates the use of a load-balancing-service queue to balance the load on a set of service queues offering identical services
Detailed Description of the Preferred Embodiment
The following detailed schematic description functions for the understanding of the invention concept, however, it cannot depict this exhaustively since uncounted construction variations both in the design, as well as in the functional construction, are possible.
The network shown in figure 1 is a generic network consisting of several access networks (1) (i.e., networks connecting directly to end-users) interconnected via gateways (2) to a backbone network (3). Access networks (1) could be wireless networks (such as GSM, GPRS, CDMA, IEEE 802.11 etc.) or wireline networks (such as IP networks). For content to be delivered through a network there needs to be at least one B-box (4) associated with and connected to that network. A network can have one or more of such B-Boxes.
As depicted in Figure 2 several such B-boxes (4) are securely interconnected to form a virtual overlay network called a Secure Multimedia Messaging Network (SMMN) (5).
The B-Box (4) as illustrated in Figure 3 could be connected to a plurality of existing network resources (6) and independent/third party services (7) to offer special services, thereby enhancing the utility and efficiency of the existing network resources. The B-Box (4) are connected to these underlying network resources (6) & (7) through adapters (8). The B-Boxes (4) can also act as gateways to the underlying networks (1). To further illustrate the same in a GSM network a B- box (4) may be connected to the MSC via an IS-41 interface as a Service Control Point (SCP), while in an IP network, it may be a simple server connected to the network. A B-box can also act as a gateway between the SMMN and the corresponding access network.
Figure 4 illustrates the logic of association of the various entities involved in the delivery of services and how such an association could be used to help recover from underlying network failures as envisaged by the invention. Every 'Service Logic' (9) has a 'unique identifier' (10). Every instance of a 'Service Logic' (9) is called as session (11) of service delivery and that is identified by an unique session identifier (12), which is formed by combination of the following identifiers source id (13), service id (10), date and time.
Based on the above three bubbles are generated for each session (11), they are control bubble (14), context bubble (15) and content bubble (16).
The context bubble (15) carries the context bubble id (17). The control bubble (14) carries two identifiers within it, one is the service id (10) and other being the id of the corresponding context bubble (15) called the context id (17). The context id (17) is formed by combining the session id
(12), the B-Box id (18) and a number (#) based on which the bubble is formed. The content bubble (16) carries the session id (12) and the content.
In addition the control bubble (14) carries preferably the following information:
5. Priority level
6. The id (18) of the next B-box to move to
The associated context bubble (15) also moves with the control bubble (14), but as an independent entity. The context bubble (15) in addition to the above mentioned identifiers carries the information of the current state of the process of service delivery.
The content in the content bubble (16) is encoded in such a manner that it does not contain any information about the content, other than the content size. All the content information is stored on the corresponding context bubble (15) bringing about enhanced security to the process of service delivery. If in case any of the above said bubbles are intercepted by an unauthorized B- Box (4), such a B-Box (4) would require the corresponding service logic (9) to decode the context bubble (15) and the content bubble (16), which it has no access. This makes the system inherently secure.
The above methodology apart from bringing about enhanced security also helps in the case of a network failure. To illustrate the same consider the case where a control bubble (14) is lost. Using the context bubble id (17), a B-Box (4) can identify the source id (13) and request a new control bubble (14). Likewise if a context bubble (15) is lost, a B-Box (4) can use the context bubble id (17) contained in the control bubble (14) to identify the session id (12) to commence the session (11) again thus ensuring that the process of service delivery is revived. If the content bubble (16) is lost, the corresponding B-Box (4) can create a new content bubble (16) based on the context information from the context bubble (15).
An alternate method of recovery from network failures emerges from the fact that the B-boxes (4) commit resources for the content bubble (16) to travel, if these resources are not consumed within a predetermined time which is contained in the service logic (9), the corresponding B-Box (4) request the source for a retransmission of the content bubble (16) bring about enhance reliability in the process of service delivery.
Now, there are several variations as to what functions the invention can perform in the process of service delivery and two exemplary cases are described in Figures 5 & 6.
Figure 5 illustrates Example 1 wherein the service logic (9) requires a content to be delivered to a user (19) from a source (20). The process of service delivery is modelled as a network of intermediate stages in which each stage offers a special service essential for the ultimate delivery of service content. In the current example the control bubble (14) taking four stages (while passing through four B-Boxes (4)). The first stage is to authenticate (21) the user (19). Once the user (19) is authenticated, the next stage is identifying the location (22) of the user (19) so as to determine the location of content delivery. This enables rerouting to a different network if required avoiding the actual travel of content across the networks if the user (19) has moved from one network to another network thus improving the efficiency of content delivery. The third stage is identification of the capability (23) of the user device (24). Amongst other things this stage (23) identifies whether the native format of the content stored in the content bubble (16) needs transcoding to make it compactable to the user device (24). If transcoding is required the content bubble (16) moves to the transcoding stage (25) to reserve resources for the content contained in the content bubble (16) to be transcoded into a format compatible to the user device (24). This is the path (called control path (26)) shown in bold in Figure 5. If on the other hand content in the content bubble (16) is compatible with the user device, the stage four (25) is not visited. The content bubble (16) travels from the source (20) directly to the transcoding stage (25) and then to the user device (24) (such a path - called the content path (27) is shown in Figure 5), or directly from the source (20) to the user device (24) if no transcoding is required.
Figure 6 illustrates Example 2 wherein the stages in deliver of services have been reordered to exploit the inherent concurrency so as to enhance the efficiency of services delivery and depict the versatility of the invention. In Example 2 the first stage is to authenticate (21) the user (19). Once the user (19) is authenticated (21), the content bubble (14) and the context bubble (15) are replicated to create two or more separate sets of bubble. Each set contains a control bubble (14) and a context bubble (15). Each such set of bubbles is sent to travel on concurrent paths and all such sets later converge at a single stage where the information contained in the multiple context bubbles is consolidated into a single context bubble, and the multiple control bubbles are discarded in favour of a single control bubble. To take cue once the user (19) is authenticated (21) one set of the replicated bubble goes to the B-Box (4) to identify the location (22), another set
concurrently goes to the B-Box (4) to identify the capability (23) of the end user device (24), if required this set travels to the transcoding stage (25) and moves on to the location stage (22) for consolidation. This further contributes to the inherent capabilities and enhances the utilization and illustrates the flexibility of the system. In this Figure the control path (26) is shown in Bold for the case where the format of the content stored in the content bubble (16) is incompatible with that of the user device (24); the corresponding content path (27) is shown in bold dashed lines.
Figure 7 illustrates the design of a B-box (4) as a network (28) of service queues (29). The network (28) shown in Figure 7, consists of an entry (or input) queue (30) that allows bubbles to enter such a network (28), a router queue (31) that moves bubbles within the network (28), an exit queue (32) that helps bubbles exit the network (28), and several service queues (29) that offer special services.
Figure 8 illustrates the design of a B-box (4) as a network (28) of service queues (29) in which a special queue called a load balancer queue (33) allows the demand for a certain type of service to be shared among several similar or identical service queues (29).