Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-10-08
2001-10-09
Hua, Ly V. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C713S152000
Reexamination Certificate
active
06301667
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of Invention
The present invention relates to a system and method to allow secure network management of high-speed Internet access by network service providers.
2. Description of Related Art
Today, access to the Internet is primarily provided via plain old telephone service (POTS) modem dial-up with speeds ranging from 19.2 Kb/s to 56 Kb/s or via ISDN modems with speeds up to 128 Kb/s. The typical service arrangement requires users to sign up for service with an Internet service provider (ISP) who provides ubiquitous local points of presence (PoPs) used by subscribers to dial into an ISP's backbone network and request service The dial-up PoPs are dispersed geographically to provide wide coverage; however, the PoPs are networked together as an integrated Internet access platform allowing centralized authentication of service requests. Further, networking the PoPs together provides proper network operations and management.
FIG. 1
illustrates a typical service architecture as described above.
From an end user's perspective, the Internet access platform provides two main functions: new user registration and per call authentication for Internet access. A new customer can purchase an off-the-shelf POTS modem and dial into a designated number to register for service. The registration process guides the customer through the steps necessary to provision the personal computer (PC), including selection of a default POTS PoP, a dial-up script setup, and an account setup with a registration server and an authentication server. The second function of per-call authentication occurs when a user dials into a POTS PoP requesting access service.
Conventionally, the POTS PoP not only assigns a dynamic IP address to the customer PC to use during an access session but also validates a customer account. An invalid customer account will be denied access to the service. Once the customer account is authenticated, a customer is allowed to browse the Internet using the temporarily assigned Internet Protocol (IP) address for the PC as the source address of the IP packets during communication with any web server. Both the upstream traffic, which travels from the PC to the Internet, and the downstream traffic, which travels from a web site to the PC, pass through the POTS modem.
With advancements in Internet access technology, there are a variety of high speed Internet access systems being developed and implemented today. Presently, cable modem and xDSL are the two main emerging technologies available. Both technologies are commonly referred to as broadband access systems.
Broadband Internet access systems require access customer premises equipment (CPE), for example, cable modems, xDSL modems, 56 Kbps POTS analog dial-up modems located at a customer's premises to provide the proper interface for a transport medium, for example, ethernet cable or DSL, used during broadband Internet access.
Broadband access requires a communication channel with a bandwidth in excess of 1.54 Mbps. Access CPE provide a network interface with the Internet during high-speed access to the Internet using broadband Internet access systems. Customer personal computers are located behind the access CPE and utilize the access CPE as a network interface. The access CPE also serves as a network adapter, router, network management agent and may also serve as an encryption device for encrypting outgoing communications from PCs and other devices located at the customer premises. The access CPE is generally provided by the service provider and is considered part of the network.
Various access arrangements are possible in broadband access systems. For example, a two-way cable modem system (handling upstream and downstream traffic) or a one-way cable modem system handling upstream or downstream traffic) may be provided using cable modem technology. A one-way cable modem system typically uses the POTS modem to provide a path for upstream communication traffic and uses the cable distribution network for the path for downstream communication traffic. A two-way cable modem, on the other hand, uses the cable distribution network as a path for both the upstream and downstream communications traffic. xDSL modems are inherently two-way systems.
Despite differences associated with the various access arrangements, broadband Internet access systems require access CPE located at a customer premises to provide a proper interface with a selected transport medium.
FIG. 2
illustrates a typical network arrangement for current broadband, as opposed to POTS, access system.
By introducing the access CPE
400
(e.g., cable modem or xDSL modem) into the broadband Internet access system service architecture, the original POTS modem-based access model is no longer fully applicable for the following reasons.
As shown in
FIG. 2
, the access CPE
400
and a plurality of PCs, or workstations,
500
located at a customer premises each need an assigned IP address in order to connect to the Internet. The assigned IP address may be static or dynamic. Therefore, processes for new customer registration and service provisioning must be redefined. Ideally, new processes should be at a comparable level of simplicity as those of the POTS-modem-based access arrangement illustrated in FIG.
1
.
Further, since the access CPE
400
not only serves as a network adapter providing the proper transport medium interface but also may provide routing and network management functions, the access CPE
400
has capabilities with which the ISPs can extend ISP network management capabilities to customer premises. The benefit of this extension is that the ISP can better monitor the condition of the ISP network extending as far into the customer premises as the high speed transport medium which is owned by the ISP. By extending the network management functions, the ISP can better monitor the condition of, for example, the cable modem or xDSL modem. For conventional POTS modem based access, it is not possible to provide such extensive monitoring.
As shown in
FIG. 2
, at the customer premises, a plurality of PCs or workstations
500
are connected to each other and any external networks via a hub
600
which couples the PCs
500
to the access CPE
400
. The access CPE
400
is coupled to a network to a broad-band point of presence (PoP)
440
via a broadband transport medium to provide broadband communication with the Internet. The access CPE
400
is also coupled to a POTS modem
420
for communication with the Internet. The POTS modem is coupled to a public switched telephone network
430
. The public switched telephone network
430
is coupled to at least one POTS PoP
460
. The broad-band PoP
440
is coupled to an ISP's backbone network
100
using an access router
450
. The backbone network
100
is the major transmission path for network interconnection. The POTS PoP
460
are also connected to the backbone network
100
. The network
100
includes various other access routers
450
to other broadband access PoPs. An access router is also used to couple the network
100
to a firewall/router
200
. The firewall router
200
is also coupled to a network operation center (NOC)
300
. The NOC
300
is a large area network and includes various servers including a registration server, an authorization server and other servers necessary for the maintenance and operation of the ISP. The network
100
also includes network area points (NAP)
410
that provide connections between the network
100
and the Internet to provide communication between the customers utilizing the PCs or workstation
500
and the Internet.
As shown in
FIG. 2
, the access CPE
400
and the network
100
are connected and communicate with each other using two paths, i.e., one path providing broadband access through the broadband transport medium, broadband PoP
440
and access router
450
and the other path through the public switched telephone network
430
and the POTS PoP
460
. This dual-path architecture provides improved Internet access because, for exa
Digiacomo Kenneth G.
Dosapati Satyanarayana
Li Chia-Chang
Tsai John S.
AT&T Corporation
Hua Ly V.
Oliff & Berridg,e PLC
LandOfFree
Method and system for secure network management of... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for secure network management of..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for secure network management of... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2606758