DEVICES AND METHODS FOR EXPEDITING REQUESTS IN A COMPUTERIZED NETWORK BY INTERCEPTION
FIELD AND BACKGROUND OF THE INVENTION The present invention relates to devices and methods for expediting requests in a computerized network by interception and, more particularly, to issue of an alternative response based upon analysis of an intercepted copy of a request. The invention further includes machine readable media containing instructions for performance of the method. The number of requests for information directed to distant destinations using http protocols has already exceeded all expectations and continues to grow. In many cases bandwidth restrictions at various points between the source and destination of an individual request cause unwanted delays in processing of the request. Further, currently available technologies do not permit an interested party at an intermediate point between the source and destination to influence the content of the response. There is thus a widely recognized need for, and it would be highly advantageous to have, devices and methods for expediting requests in a computerized network by interception devoid of the above limitation.
SUMMARY OF THE INVENTION According to one aspect of the present invention there is provided a request switching device (RSW) for use in a computerized network transmitting data packets. The RSW includes a computerized data processing device connectable to a computerized network. The data processing device is designed and configured to: (a) monitor at least a portion of the data packets en route from a source to a destination; (b) store a copy of at least some of the at least a portion of the data packets in a storage buffer of the RSW; (c) analyze
the copy to determine an interception desirability; (d) if the interception desirability is negative, delete the copy from the storage buffer and take no further action; (e) if interception desirability is positive, transmit an unrequested response to the source. According to another aspect of the present invention there is provided a method for providing a rapid response to a request sent to a destination across a computerized network, the method includes: (a) monitoring at least a portion of the data packets en route from a source to a destination; (b) storing a copy of at least some of the at least a portion of the data packets in a storage buffer of the RSW; (c) analyzing the copy to determine an interception desirability; (d) if the interception desirability is negative, deleting the copy from the storage buffer and taking no further action; (e) if interception desirability is positive, transmitting an unrequested response to the source. According to further features in preferred embodiments of the invention described below, the interception desirability is determined based upon confirmation that: (i) the copy of a data packet is a copy of an IP packet; (ii) the copy of the data packet includes TCP protocol information; (iii) the TCP protocol information contains HTTP protocol information; (iv) the HTTP protocol information contains a port designation; (v) the data packet encodes a form page with a pre-configured extension. According to still further features in the described preferred embodiments the interception desirability is determined based upon confirmation that a user sending the data packet is a potential request switching candidate according to a predetermined rule. According to still further features in the described preferred embodiments the data processing device is further designed and configured to issue a cancellation command to the destination. The cancellation command cancels a request contained in a data packet belonging to the data packets.
According to still further features in the described preferred embodiments the RSW employs a set of predetermined rules for transmission of the unrequested responses. According to still further features in the described preferred embodiments the RSW further includes a content database for use in formulation of the unrequested responses. According to still further features in the described preferred embodiments analyzing the copy to determine an interception desirability confirms that: (i) the copy of a data packet is a copy of an IP packet; (ii) the copy of the data packet includes TCP protocol information; (iii) the TCP protocol information contains HTTP protocol information; (iv) the HTTP protocol information contains a port designation; (v) the data packet encodes a form page with a pre-configured extension. According to still further features in the described preferred embodiments the interception desirability is determined based upon confiπnation that a user sending the data packet is a potential request switching candidate according to a predetermined rule. According to still further features in the described preferred embodiments the method further includes issuing a cancellation command to the destination, the cancellation command canceling a request contained in a data packet belonging to the data packets. According to still further features in the described preferred embodiments the method further includes employing a set of predetermined rules for transmission of the unrequested responses. According to still further features in the described preferred embodiments the method further includes employing content from a content database for use in formulation of the unrequested responses. According to still further features in the described preferred embodiments there is provided a digital storage medium characterized by control signals that can be read out electronically, the control signals being able
to interact/cooperate with a programmable computer system such that a method with distinguishing characteristics essentially as described hereinbelow and hereinabove is carried out. According to still further features in the described preferred embodiments there is provided a computer program product with program code stored on a machine-readable carrier for executing the method with distinguishing characteristics essentially as described hereinbelow and hereinabove when the program product is running on a computer. According to still further features in the described preferred embodiments there is provided a computer program with program code for executing a method with distinguishing characteristics essentially as described hereinbelow and hereinabove when the program is running on a computer. The present invention successfully addresses the shortcomings of the presently known configurations by providing a device and method for expediting requests in a computerized network by interception. Implementation of the device and method of the present invention involves performing or completing selected tasks or steps manually, automatically, or a combination thereof. Moreover, according to actual instrumentation and equipment of preferred embodiments of the method and system of the present invention, several selected steps could be implemented by hardware or by software on any operating system of any firmware or a combination thereof. For example, as hardware, selected steps of the invention could be implemented as a chip or a circuit. As software, selected steps of the invention could be implemented as a plurality of software instructions being executed by a computer using any suitable operating system. In any case, selected steps of the method and system of the invention could be described as being performed by a data processor, such as a computing platform for executing a plurality of instructions.
BRIEF DESCRIPTION OF THE DRAWINGS The invention is herein described, by way of example only, with reference to the accompanying drawings. With specific reference now to the drawings in detail, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of the preferred embodiments of the present invention only, and are presented in the cause of providing what is believed to be the most useful and readily understood description of the principles and conceptual aspects of the invention. In this regard, no attempt is made to show structural details of the invention in more detail than is necessary for a fundamental understanding of the invention, the description taken with the drawings making apparent to those skilled in the art how the several forms of the invention may be embodied in practice. In the drawings: FIG. 1 is cartoon illustrating network devices typically employed by an internet service provider (ISP) to facilitate communication between users and the Internet (prior art). FIG. 2 is a cartoon illustration placement of a network device according to the present invention in the context of the portion of the system depicted in figure 1. FIG. 3 illustrates one possible arrangement of components of a network device according to the present invention. FIG. 4 is a flow diagram illustrating selection of a portion of network traffic for interception by a network device according to the present invention. FIG. 5 illustrates in greater detail the processes implemented in block 52 offigure4. FIG. 6 illustrates in greater detail the processes implemented in block 53 of figure4. FIG. 7 provides a schematic overview of communications between a user, a network device according to the present invention and a destination on the Internet.
DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention is of a device and method which can be used to expedite requests in a computerized network. Specifically, the present invention relies upon interception of a selected subset of network traffic and issue of an alternative response from a source closer than the intended destination. The alternative response is based upon analysis of an intercepted copy of a request. Before explaining at least one embodiment of the invention in detail, it is to be understood that the invention is not limited in its application to the details of construction and the arrangement of the components set forth in the following description or illustrated in the drawings. The invention is capable of other embodiments or of being practiced or carried out in various ways. Also, it is to be understood that the phraseology and terminology employed herein is for the purpose of description and should not be regarded as limiting. For purposes of better understanding the present invention, as illustrated in Figures 2 through 7, reference is first made to the construction and operation of a conventional (i.e., prior art) ISP 16 connection between users 10 and Internet 14 as illustrated in Figure 1. Figure 1 (prior art) illustrates network devices 11; 12; and 13 typically employed by an Internet Service Provider (ISP) 16 to facilitate access of users 10; 10a; 10b and 10c to Internet 14. ISP 16 access device 11, switch/hub 12, router 13, Internet 14 connection and user/s 10a - 10c. Figure 2 shows a preferred placement of a network device according to the present invention, RSW 17, in the context of the ISP depicted in figure 1. RSW 17 is preferably installed using network connection to a switch hub 12 at a place where it can monitor all the traffic generated by users 10 of ISP 16. As the drawing illustrates, RSW 17 is preferably installed in parallel to the network line connecting users 10 to Internet 14. RSW 17 may also be place at additional hubs 18 if they are present between ISP 16 and users 10. As will be
come apparent, the greatest utility of the present invention is realized when RSW 17 is in close proximity to users 10. Figure 3 is a detailed diagram of the internal architecture of RSW 17. RSW 17 is connected to ISP 16 network using a network interface 41. Network interface 41 is a hardware device configured to receive all of the traffic passing through the network via hub/switch 12 and place it in an internal buffer. The network traffic is then passed to the sniffer module 43 for analysis. The analysis is done using the filter map 42 that contain rules on which request is "good" for interception. Upon determination that a specific request is "good" for interception, that request is transferred to user map 46. Map 46 checks if RSW is permitted to intercept the specific request. If interception is permitted, a spoofer 44 builds an HTML page using content 45 stored in an internal database issues the HTML page as a "spoof response" to user 10 that issued the intercepted request using the network interface 41. A control unit 47 allows designation of which users 10 groupsare eligible to have their requests intercepted. Figure 4 is a simplified flow diagram illustrating an analytic sequence occurring in RSW 17. RSW 17 constantly monitors 50 requests from users 10 and traffic passing through hub/switch 12 in general. RSW 17 places 51 requests in its buffer. The requests are then analyzed 52 to decide if interception 53 is needed. Figure 5 is a simplified flow diagram illustrating in more detail an analytic sequence occurring within analysis 52 of requests as shown in figure 4. RSW 17 performs the following task as known in the art of Internet networking. Requests placed 51 in buffer of RSW 17 are organized in packets. Analysis 52 includes inspection of packets to determine 61 if the packet is IP packet. If the packet is not an IP packet, no interception 53 occurs. If the packet is an IP packet, determine 62 "Is the lower protocol TCP ?". If the lower protocol is not TCP, no interception 53 is performed. If the lower protocol is not TCP, determine 63 if the packet contains an HTTP protocol. If
no http protocol is present, no interception 53 is performed. If an http protocol is present, determine 64 if specified port information is present (e.g. port 80). If predetermined port information is not present, no interception 53 is performed. 5. If predeteraiined port information is present, determine 65 if the request is from a page with a preconfigured extension (e.g. html, htm, asp, etc.) Monitoring continues on subsequent packets after a decision concerning interception 53 is made. Figure 6 is a simplified flow diagram illustrating in more detail a sequence of events occurring within block 53 in FIG. 4. After determination 52 that a specific request is "good" for interception 53, the following tasks are performed. First an HTML response is built 70. The HTML response is customized to fit the intercepted request using the content unit 45. The customized HTML response is divided 71 into TCP/IP packets. These packets are then sent 72 as a "Spoof response" to the source 9 of the intercepted request (i.e. one of users 10). Preferably, the Spoof response closely resembles the anticipated "genuine" response 98 which will arrive subsequently (see figure 7). Thus RSW 17 impersonates destination server 15. The genuine from server 15 will most likely be discarded or ignored by user 10 because the desired information/content has already been received in spoof response 95. Preferably RSW 17 closes 73 the connection to server 15 that was opened by the users concurrently with, or subsequent to, spoofing 72. This connection 94 is redundant, as user 10 is satisfied by content in spoof response 95. User 10 is preferably unaware of interception process 53. Figure 7 provides an overview of the process of interception of packets en route from a source 9 (typically one of users 10), generating requests 94 for web content stored on destination servers 15. RSW 17 is situated between source 9 and destination 15, preferably at ISP 16 as detailed hereinabove, and a remote web server 15 (residing on Internet 14) to which users 10 address the request 93. User 10 generates a request 94 for web content. The request is sent
to a remote server 15 and monitored by RSW 17, which finds the request "good" for interception 53. RSW 17 responds 95 to the users request by sending a customized HTML page as detailed hereinabove and hereinbelow. Request 94 also receives a response 98 from destination 15. However, the RSW "spoof response 95 typically arrives before the "genuine" response 98 because RSW 17 is located nearer users 10. Preferably, user 10 will act upon RSW "spoof response 95 prior to receipt of response 98 and will discard or ignore genuine respond 98 from server 15. Optionally, but preferably, RSW 17 closes 96 the connection with the remote server 15 by pretending to be the user 10. This prevents ACK store, which occurs when a server connection is left open without user acknowledgement. Spoof response 95 includes an HTML page and includes commands that open a popup window with content and commands that order the browser to perform reconnection 97 to original destination server 15. Reconnection 97 duplicates original request 94 but occurs after receipt of spoof response 95. RSW 17 ignores duplicate request 97 because user 10 has been noted in map 46. User 10 receives 98 the originally requested content which is displayed in a browser window separate from that employed for display of spoof response 95. Referring again to the drawings, Figure 2 illustrates a request switching device (RSW) 17 for use in a computerized network transmitting data packets. RSW 17 includes a computerized data processing device connectable to a computerized network. The data processing device is designed and configured to monitor 50 (figure 4) at least a portion of the data packets en route from source 9 to destination 15 (figure 4). The data processing device is further designed and configured to store 51 a copy of at least some of the at least a portion of the data packets in a storage buffer of RSW 17. The data processing device is further designed and configured to analyze the copy to determine 52 an interception desirability. If the interception
desirability is negative, RSW 17, deletes the copy from the storage buffer and take no further action with regard to that packet. If interception desirability is positive, RSW 17 transmits an unrequested response (i.e. "spoof response") to source 9. Source 9 is typically, but not exclusively, a user client operated by one of users 10. As detailed hereinabove and depicted graphically in figure 5, interception desirability is determined 52 based upon confirmation that the copy of a data packet is a copy of an IP packet 61, including TCP protocol infoπnation 62, containing HTTP protocol information 63, including a specified port designation 64 (e.g. port 80), and encoding 65 a form page with a pre-configured extension (e.g. HTML, HTM, or ASP). Alternately, or additionally, determination 52 of interception desirability may require confirmation that a specific user 10 sending the data packet is a potential request switching candidate according to a predetermined rule. These rules may reside in control 47 or user map 46 of RSW 17. For example, a service contract between ISP 16 and an individual user 10 may specify whether "spoof responses" 95 are allowed and/or at what frequency or under what conditions they are permitted. Control 47 and/or user map 46 may be used to assure that these conditions are met. Preferably, the data processing device of RSW 17 issues a cancellation command to destination 15 which cancels a request contained in a data packet belonging an intercepted data packet which. User 10 that sent the request is unaware of this cancellation as spoof response 95 is rapidly received and seems to be a response to the request. Preferably, RSW 17 employs a set of predetermined rules for transmission of the unrequested spoof responses 95. These rules may be stored, for example in spoofer 44. More preferably, implementation of the rules relies upon content stored content database 45 in formulation of the unrequested spoof responses 95.
The present invention is further embodied by a method for providing a rapid response to a request sent to a destination 15 across a computerized network. The method includes monitoring 51 at least a portion of the data packets en route from source 9 to destination 15. The method further includes storing 51 a copy of at least some of the at least a portion of the data packets in a storage buffer (e.g. of an RSW 17). The method further includes analyzing 52 the copy to determine an interception desirability. If the interception desirability is negative, the copy is deleted from the storage buffer and no further action is taken. If interception desirability is positive, an unrequested spoof response 95 to source 9 is transmitted. According to still further features in the described preferred embodiments there is provided a digital storage medium characterized by control signals that can be read out electronically, the control signals being able to interact/cooperate with a programmable computer system such that a method with distinguishing characteristics essentially as described hereinabove is carried out. For purposes of this specification and the accompanying claims, the phrase "digital storage medium" includes, but is not limited to a CD ROM disc, a computer diskette, a magneto-optical cartridge, a ZIP ™ disc, a JAZZ ™ disc, a Flash ™ memory card, a removable hard drive, magnetic tape and any other physical entity bearing digitally encoded data. According to still further features in the described preferred embodiments there is provided a computer program product with program code stored on a machine-readable carrier for executing the method with distinguishing characteristics essentially as described hereinabove when the program product is running on a computer. According to still further features in the described preferred embodiments there is provided a computer program with program code for executing a method with distinguishing characteristics essentially as described hereinbelow and hereinabove when the program is running on a computer.
Additional objects, advantages, and novel features of the present invention will become apparent to one ordinarily skilled in the art upon examination of the following examples, which are not intended to be limiting. Additionally, each of the various embodiments and aspects of the present invention as delineated hereinabove and as claimed in the claims section below finds experimental support in the following examples. As an illustrative, non-limiting, example of the potential utility of the present invention, an ISP 16 providing service to one million users 10 in a defined geographic location analyzes network traffic passing through hub 12 and discovers that there are sixty thousand requests per day pertaining to booking of airline reservations. Fifty eight thousand of these requests are directed to three large online travel agencies (e.g. flynet.com; airticket.com and econoflight.com) An additional two thousand requests are directed towards WWW sites of local travel agents operating in the defined geographic location. The operator of ISP 16 approaches several local travel agents operating in the defined geographic location and solicits bids for issue of spoof responses 95 in response to outgoing requests directed to flynet.com; airticket.com and econoflight.com. A specific local travel agent, Al travel, submits the highest bid. Operator of ISP 16 programs RSW 17 to include a predeteπnined rule in spoofer 44 indicating that all requests for airline reservations and/or ticket prices should become the subject of spoof responses 95. Details of Al travel agency are placed in content database 45. Subsequent requests from users 10 for airline reservations and/or ticket prices elicit spoof responses 95 from Al travel agency. According to various preferred embodiments of the invention, users 10 may or may not be aware that spoof responses 95 are not requested responses 98. If users 10 are aware that spoof responses 95 are not requested responses 98, spoof responses 95 may include an explanation that they are being invited to enjoy the advantages of local service, individual attention, complementary vouchers for airport parking or other inducements.
Users 10 that are not satisfied with spoof response 95 may resubmit original request 94 which will not be intercepted a second time because of user map 46 and/or control 47. Alternately, spoof response 95 may cause resubmission 97 of the original request to destination server 15, as detailed hereinabove, so that genuine response 98 is received automatically, albeit after spoof response 95. According to additional; preferred embodiments of the invention, spoof response 95 may further include related content which would not have been included in genuine response 98 from destination server 15. For example, in the example relating to requests 94 for airline reservations, response 95 might include content relating to related local businesses operating in the defined geographic location (e.g. luggage sales, airport shuttle service or airport parking accommodations) or to related businesses operating in a second defined geographic location at the destination end of the airline reservations (e.g. hotels, restaurants, entertainment venues). Thus, some embodiments of the invention have the capacity to counteract the Internet 14 induced trend towards global trade and divert custom of users 10 to merchants operating in a defined geographic location where they reside. Whatever the content of spoof response 95, it will be appreciated that it arrives significantly before requested response 98 because it originates at a point (e.g. ISP 16) which is much closer to source 9 than destination server 15. It is appreciated that certain features of the invention, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the invention, which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable subcombination. Although the invention has been described in conjunction with specific embodiments thereof, it is evident that many alternatives, modifications and
variations will be apparent to those skilled in the art. Accordingly, it is intended to embrace all such alternatives, modifications and variations that fall within the spirit and broad scope of the appended claims. All publications, patents and patent applications mentioned in this specification are herein incorporated in their entirety by reference into the specification, to the same extent as if each individual publication, patent or patent application was specifically and individually indicated to be incorporated herein by reference. In addition, citation or identification of any reference in this application shall not be construed as an admission that such reference is available as prior art to the present invention.