Internet provider subscriber communications system

Abstract

A method for communicating in real-time to users of a provider of Internet access service, without requiring any installation or set-up by the user, that utilizes the unique identification information automatically provided by the user during communications for identifying the user to provide a fixed identifier which is then communicated to a redirecting device. Messages may then be selectively transmitted to the user. The system is normally transparent to the user, with no modification of its content along the path. Content then may be modified or replaced along the path to the user. For the purposes of establishing a reliable delivery of bulletin messages from providers to their users, the system forces the delivery of specially-composed World Wide Web browser pages to the user, although it is not limited to that type of data.

Claims

1. A method, comprising: providing, by a redirecting device, an identifier to a consolidating and management device, the identifier based on accessed user upstream traffic from a destination site; creating, by the redirecting device, an entry in the redirecting device, the entry having a time expiration period during which the redirecting device will not query the consolidating and management device; and redirecting a message, based on the accessed user upstream traffic, to a display on a message vehicle occurring from the redirecting device without involvement from the destination site.

2. The method of claim 1, wherein the message vehicle is at least one of: a pop-up window on the user computer; and a prompt provided on the user computer.

3. The method of claim 1, further including a step of transmitting to the user the message vehicle for displaying and communicating the message from the consolidating and management device to the user.

4. The method of claim 1, wherein the consolidating and management device utilizes at least one of: a web cache control protocol; and switching mechanisms in an existing ISP router or switch.

5. The method of claim 1, wherein the identifier is a modem address unique identifier of the user.

6. The method of claim 1, wherein the message is transmitted in response to an event determined by the redirecting device.

7. The method of claim 1, wherein the user is identified to belong to a defined group of users and wherein the message is selectively sent to a pre-selected user group.

8. The method of claim 1, wherein the redirecting device performs at least one of: works through Web browsers irrespective of the World Wide Web destination sought by the user identifier; returns the user to the Original World Wide Web destination after the message has been transmitted; operates with multiple types of content; comprises a hardware device that is connected at various points, in plurality, in a provider infrastructure; comprises a software system installed on a computer system connected at various points, singly or in plurality, in a provider infrastructure; identifies each of the plurality of users by performing at least one of: temporarily redirecting each active user to a visible or non-visible, null-Web page that sets a cookie with the required information to identify an action and user in the future and capturing an identity and previous activity flagged by the set cookie; sends a selected message to a selected one of the identified users; includes an ability to acquire knowledge of policy information, received from the consolidating and management device, when a Web or other request is detected with only an identifying IP address; minimizes the overhead of acquiring user parameters through caching of the user parameters for a determined portion of time; operates in connection with a consolidating system management device for permitting a group of system devices to be viewed by a provider as a single system; and provides optional fail-safe operation of each device so failure does not disrupt other normal browsing and Internet activity of the user but results only in an interruption of bulletin delivery.

9. The method of claim 8, further including a step of providing optional fail-safe operation of each device such that failure does not disrupt other normal browsing and Internet activity of the user but results only in an interruption of bulletin delivery.

10. The method of claim 1, further including a step of defining a policy for at least one of: controlling the selective transmission of messages to the user; a Web page or other page information; timing and frequency of delivery; and activating the redirecting device to deliver a message in response to other user activity, wherein the activating comprises defining at least one of: a defined destination; an amount of activity by the user; and requests carrying a signature of virus contamination.

11. The method of claim 1, further including a step of generating a plurality of independently designated policies to be delivered correctly to the user even if some policy events invoke in simultaneity.

12. The method of claim 1, further comprising identifying the user by using data available from the user and provider infrastructure to provide the identifier based on the user upstream traffic by using an enforced delivery of a Web page to be used in distribution and subscription of new users without prior knowledge of serial numbers associated with the new user's interface equipment and without requiring the new users to utilize special software.

13. The method of claim 12, further comprising at least one of: using the enforced delivery of a Web page to reduce the volume of telephone support requests by an enforced pre-announcement of known, future system outages due to scheduled maintenance; using the identifier for detection of “signature” forms of Internet packets indicating a presence of undesirable content; wherein the undesirable content is a virus; transmitting a message identifying the undesirable content to at least one of: a provider and the user; logging the undesirable content identifying message; enforcing the delivery of other user-beneficial information currently displayed on the manually accessed provider information Web page.

14. The method of claim 1, further including at least one of: detecting and logging a number of simultaneously requested Web connections; and flagging users that are utilizing more than one simultaneous device per subscription.

15. The method of claim 1, further including a step of transmitting explanations to be issued, in an enforced manner, to subscribers, after a service interruption, in such a manner as to alleviate customer dissatisfaction by illuminating and explaining a problem and efforts taken in a future time to eliminate the problem.

16. The method of claim 1, further including a step of logging at least one of: successful implementation of policies to each user; and interactive responses that have been requested within the policy.

17. The method of claim 1, further including a step of inserting at least one of: a redirecting device in the path of web traffic from the user through an ISP; a redirecting device in the path of web traffic from the user through an aggregation router; and a redirecting device in the path of web traffic from the user through a CMTS.

18. The method of claim 1, further including at least one of: inserting a redirecting device in the path of web traffic between a Network Address Translator (NAT) and an ISP; wherein the NAT is connected to a Wi-Fi network; wherein the Wi-Fi accommodates a plurality of users; and wherein the redirecting device is further configured to identify each of the plurality of users on the Wi-Fi network.

19. A non-transitory computer readable medium comprising instructions that, when read by at least one processor, cause the at least one processor to perform: providing, by a redirecting device, an identifier to a consolidating and management device, the identifier based on accessed user upstream traffic from a destination site; creating, by the redirecting device, an entry in the redirecting device, the entry having a time expiration period during which the redirecting device will not query the consolidating and management device; and redirecting a message, based on the accessed user upstream traffic, to a display on a message vehicle occurring from the redirecting device without involvement from the destination site.

20. A system, comprising: a redirecting device; and a consolidating and management device; wherein the redirecting device: provides an identifier to the consolidating and management device, the identifier based on accessed user upstream traffic from a destination site; creates an entry in the redirecting device, wherein the entry has a time expiration period when the redirecting device will not query the consolidating and management device; and redirects a message, based on the accessed user upstream traffic, to a display on a message vehicle that occurs from the redirecting device without involvement from the destination site.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) FIG. 1 shows the two components of the invention: the redirecting device and the consolidating and management device.

(2) FIG. 2 shows the redirecting device at the network edge with the cable access concentrator/router and other various network components.

(3) FIG. 3 provides a summary of how the redirecting device navigates through the four critical modules.

(4) FIG. 4 shows alternate locations on a network incorporating the redirecting device of the subject invention.

(5) FIG. 5 shows the redirecting device as utilized on a Wi-Fi system.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

(6) The architecture of the preferred invention is designed especially to adapt to a cable operator's IP network. Comparable components and protocols exist in other broadband systems such as DSL and wireless, as well as other Internet service provider transports, such as analog and digital dial-up and private line environments, for which the scope of the invention is intended to include.

(7) Internet service and transport providers provide their users with a pipeline to the Internet, but are not directly involved in the content obtained by those users. Typically, this pipeline is transparent to the user, with no modification of its content along the path. In some cases, web caching or other performance enhancement technology may be provided, but this still strives to maintain the original content. The invention provides a method and apparatus whereby this content may be modified or replaced along the path to the user. For the purposes of establishing a reliable delivery of bulletin messages from providers to their users, the invention specifically forces the delivery of specially-composed World Wide Web browser pages to the user, although it is not limited to that type of data. These may be displayed permanently, temporarily, or in separate pop-up browser windows, according to policies set by the provider irrespective of the user's intended browsing destination. The result of this system is the ability of the provider to make use of communications to users without the requirement of a special client software component to be present on the user's personal computer or other browsing device. Another benefit of the invention is its implementation as a hardware or software device that incorporates simplified, fail-safe integration into the provider's infrastructure. In addition, due to the use of the standards of World Wide Web browsers, all the Web features, such as interactivity in the same or separate pop-up windows, become available to the provider. The policies set by the provider can be for specific users or groups of users with identified characteristics or activity.

(8) Over 90% of cable television system operators in the United States provide high speed (broadband) Internet access through their system with an early adoption rate of 8% in the U.S. and 5% globally.

(9) Cable systems, upgraded to serve digital channels, can support data-over-cable Internet access through the industry standard, DOCSIS, which sends the Internet data inside a compatible packet in the same form as digital TV's MPEG2. In addition to supporting MPEG2 digital television, the Internet access infrastructure is required to support upstream data in the 5 to 45 MHz spectrum for the 2-way Internet activity.

(10) A variety of early adopters experimented with several schemes to transport two-way data over existing cable infrastructure, however, DOCSIS emerged as the standard. The DOCSIS 1.0, 1.1, and 2.0 Radio Frequency Interface (RFI) Specification SP-RFI-105-991105 is what the majority of US vendors and cable operators have agreed to implement. In addition, the industry supports an interoperability laboratory that tests and enforces compatibility complete with certification labels.

(11) The spectrum on the cable plant allows for downstream, or forward, path signals that occupy the 54- to 860-MHz band, with channels spaced at the standard 6 MHz originally designed to handle the over-the-air: NTSC video signals. In fact, the entire cable infrastructure retains this channelized imprint from the over-the-air spectrum.

(12) The upstream, or return path DOCSIS signals generally occupy from 5 to 42 MHz (a spectrum not used by over-the-air television and, in fact, is the spectrum used by “short wave” broadcast when propagated over the air). The upstream spectra can, therefore, have variable channel spacing, depending on the signal's type and format. Because of the noisy and legacy design implications, upstream signals with DOCSIS are limited in bandwidth and, as with the Cisco CMTS (Cable Modem Termination System), broken up into six upstream segments each individually allocated to a small neighborhood of approximately 200-300 houses.

(13) The choice of employing compatibility with the legacy 6 MHz channelization permits compatibility with other parts of the system allowing a minimal amount of disruption to the existing infrastructure when it DOCSIS-compatible Internet data access is added. In addition, much of the upgrades in plant and equipment required for the provisioning of broadband Internet access are in common with the upgrades needed to expand service to digital television services and pay-TV which can fit from 4 to 12, typically 6, digital channels into each of the same 6 MHz channels of the spectrum.

(14) The digital channels have digital data encoded in MPEG2 frames that include the DOCSIS data. The DOCSIS data can utilize an entire 6 MHz channel or be interleaved with other services but that is not known to be a feature that is utilized. Each frame includes a program identifier, PID, of which the DOCSIS data is allocated one: HEX 1FFE. The cable modem searches for the channel with the DOCSIS PID when it is powered up. The channel can be any of the system channels but is typically in the digital channel range above 350 MHz.

(15) Once the DOCSIS modem finds its downstream data, the dialog begins negotiations with the head end to determine various parameters of operation such as the upstream channel, the power of the modem's transmitter, modulation technique, symbol rate, and finally the negotiation into an encrypted communications session using X509 certificates based upon a combination of data permanently installed in the cable modem:

(16) A serial number

(17) A cryptographic public key

(18) An Ethernet MAC address

(19) The manufacturer's identification

(20) Further system authentication integrates the registration of the modem and customer's account within the billing system. The ability to communicate directly with customers or groups of customers sharing a common problem directly relieves a substantial portion of the support burden from both transport and ISP vendors. It will also improve support quality and customer satisfaction.

(21) For the preferred embodiment, the simplest environment, that of a broadband cable system, is used as an example. In such a cable system over which broadband Internet data is offered, there are two basic types of devices in the invention as shown by FIG. 1.

(22) Redirecting device—a device residing in the neighborhood along with the cable access concentrator. This product is intentionally located at the edge of the network, providing intelligence at the last scalable point in the cable operators' IP network (in closest proximity to the user). The number of redirecting devices will replicate the number of access concentrators within the network, and the device will inter-connect to one of the access concentrator's Ethernet ports, or in a manner as to have access to user upstream traffic. This device could be located anywhere in the infrastructure where access to user upstream traffic is available, but the closer it is located to the user, the greater the possibility for delivering messages due to upstream service outages. In one embodiment, the insertion of the redirecting device includes web cache control protocol, switching or redirecting mechanisms in an existing ISP router may be utilized. In another example, the redirecting device is inserted in the path of web traffic from the user through an ISP.

(23) Consolidating and managing device—a device located in the cable operator's NOC (Network Operations Center) providing data services and management control to the deployed redirecting devices. This product will be interconnected to the NOC network, which interconnects all of the NOC servers as well as the Internet portal.

(24) Bulletin Services and the Benefits: The location of the bulletin services equipment can be made optimal for solving the very set of problems described above. When located at each uBR/CMTS (Universal Broadband Router, Cisco's name for its Cable Modem Termination System product line), it can survey the state of the upstream and downstream network and automatically provide high visibility of the status to the customer. It can deliver individual content to specified users or groups with individually tailored policies (frequency, circumstances, pop-up, banner, front, back, etc.). It can target customers issuing packets with signatures of virus-generated communication. And, it can determine upstream problems and assign the trouble to either the transport vendor or the Internet service provider for further action, if required, or simply eliminate the call because of the visibility of the problem and the subsequent reinstitution of operation.

(25) The bulletin services clearly can eliminate service calls. Many “problems” are not problems and can be eliminated, such as providing the customer a pre-announcement of a scheduled maintenance downtime or a clear description of an existing, general Internet problem out of the control of the local system. Problems that are quite deterministic as to which vendor owns the responsibility can often be automatically determined. Unless the entire system is totally “dead,” the trouble call can be deflected to the responsible vendor with some helpful information. Customers under the influence of a “virus” can cause the system a lot of trouble without the customer having visible symptoms. Real-time communications with the customer can, often automatically, enlighten that customer to the contamination and possibly issue a required repair procedure which, if ignored, might result in the subscription being temporarily disabled.

(26) Direct communication with the Internet access customer has been used effectively for several years through pop-ups and banners, but these have only been issued from the destination site that was sought by the browsing customer. They have been used for extending the advertising viewing space and time as well as for special information bulletins issued from that destination site.

(27) Direct communication with the customer from the transport vendor or ISP vendor, independent of the destination sought by the customer and without blocking the customer's access to that destination has not been previously developed and, therefore, available. However, the services that directly target real-time bulletins can provide a mechanism that forges a general-purpose facility and provide this capability.

(28) Virtually all calls due to downtime that had been previously scheduled and announced. That could easily be a sizable portion of the installed base.

(29) Virtually all calls that can be automatically diagnosed as non-local, upstream Internet congestion whether assigned to a particular provider or general Internet malfunctions. Progress on the problem can be presented in a bulletin.

(30) Virtually all calls that are due to local infrastructure outages that are upstream of the uBR/CMTS. These problems can be diagnosed and announced automatically or manually to the customer. Progress in repair can be highly visible to the customer who will get better information by viewing the real-time bulletin of the progress than holding on a telephone line.

(31) Virus preventative cut-offs.

(32) Problems in the first category are clearly stated to the customer as being supported by the carried provider. Calls to will be immediately re-directed to the provider. Trouble in the second category is often associated with a general cable outage and usually results in a call to the cable television repair service first. In such cases, both are re-instituted simultaneously and the appearance of a working TV is the signal for the recovery of the cable modem. Troubles in the third category will result in an “informational” call of short duration.

(33) This brief analysis indicates that bulletin services can eliminate most calls, the longest and most complicated calls, and clearly increase customer satisfaction. The reduction in calls affects both Level-1 call-center personnel as well as Level-3 “last resort”, highly trained personnel.

(34) The Bulletin Services can reduce other network personnel overhead:

(35) The location of the bulletin services device at the uBR/CMTS permits it to check every connection for the signature of a virus-generated “storm” that causes system-wide degradation. It is also in the position to be directed, manually, by network personnel, to inform the customer that a virus infection is causing difficulties on his PC and that remedial action is required. A written bulletin can include step-by-step procedures to remedy the problem saving a rather lengthy telephone dialog.

(36) This capability can be extended to react to a variety of signals of misuse activity of the system by customers either automatically or by simple, manual issuance of an appropriate bulletin.

(37) The network support personnel are the most highly paid and notoriously overworked. Reductions in these areas are clearly highly valuable.

(38) Redirecting Device Environment: FIG. 2 shows the redirecting device at the network edge with the cable access concentrator/router and other various network components:

(39) Platform Specification

(40) Hardware chassis (e.g., NEBS-compliant or standard rack mount, or stand-alone), with processor, RAM, non-volatile storage. This may be offered as an integral hardware solution running a standard or an embedded operating system, or as a software solution running on a standard PC/UNIX/Mac workstation or other computer system.

(41) Optional facilities for configuration, troubleshooting, and out-of-band management.

(42) Interface to the provider infrastructure, e.g., Ethernet, SONET, and the like.

(43) Redirecting Device Software Block Diagram: FIG. 3 provides a summary of how the redirecting device navigates through the four critical modules. The HTTP engine accepts connections for pages that may need to be replaced, parses URL, determines replacement strategy, provides replacement pages from the policy database, and proxies to a “real” server on an as-needed basis. The management engine receives and stores policy from the system, provides replacement policy as requested by the HTTP engine, notifies the GRE and IP layers (Generic Routing Encapsulation, as defined by RFC 2784) of address policy (i.e., intercept or not, lifetime and the like), and implements management protocol between redirecting and management devices. The address manager is notified by the GRE and/or IP when a new address is detected, and requests address information between redirecting and management/consolidating devices and will asynchronously send to the policy engine. When GRE is used, such as when WCCP is used to insert the redirecting device into the network, the GRE is implemented for high performance, and examines incoming packets from the Ethernet driver. If there is not any fragmentation and the source address is known and does not require interception, the packet can immediately be transmitted back to the router. This ensures good performance for the most likely cases. If fragmentation does exist, the packet is given to the IP layer for further processing and the completed packet is then given by the IP layer back to the GRE for processing. If the IP address includes a policy that requires further processing, the GRE header is removed and sent back to the IP stack for further processing by the HTTP engine. Alternatively, functions such as IP defragmentation and delivery of replacement pages can be implemented below the IP stack with improved efficiency.

(44) With specific reference to FIG. 3, the following should be noted:

(45) Software Application Specification—WCCP v1 and v2, unicast and multicast, GRE support, L2 support as it becomes available from Cisco.

(46) Cisco-like command line interface.

(47) SNMP (Simple Network Management Protocol) support as required.

(48) Protection from access by consumers, e.g., filters and/or SSH (Secure Shell).

(49) Keeps policy list by IP address, as provided by Bulletin Manager

(50) For non-intercepting IP addresses, packet is vectored back to router at wire speed

(51) For intercepting, box must proxy to real server in order to have access to reverse traffic, or a connection to the real server can be allowed and then later intercepted to avoid having to proxy.

(52) Traffic modification replaces page, which can provide new content, a redirection to a different page (possibly on another server), or provide a pop-up with the main page fetching the originally-requested content

(53) Traffic modification based on schedule policy:

(54) One-shot

(55) Interval

(56) Frequency-changing interval

(57) Acknowledgement from user can modify policy

(58) Policy loaded by Bulletin Manager

(59) Additional Specifications: The consolidating and management device is located in the NOC and licensed based on number of deployed devices within the operating network:

(60) Platform Specification

(61) Same specifications as redirecting device except:

(62) Faster CPU with additional RAM

(63) Larger storage facility

(64) Additional Interfaces similar to other NOC oriented hardware

(65) Software Application Specification

(66) Protocol between devices should be open and publishable

(67) Front-end management console allows:

(68) Defining redirecting devices

(69) Obtaining status/configuration of redirecting devices

(70) Defining policy

(71) Loading web pages to be distributed

(72) Back-end management:

(73) Monitoring/upgrading redirecting devices

(74) Integrates with customer systems, including billing

(75) Integrates with DHCP or other address management system to cross-reference customer ID with current IP address.

(76) Implementation Approach: Whenever a redirecting device receives a TCP SYN packet, it looks in its table to find the IP address of the source. If the address is not in the table, or is expired, it sends a request to the address management device, along with a unique identifier for any policy that it has cached for that IP address (in the case of an expired entry). Depending on configuration, it could then forward the original packet back to the router, or discard or delay the packet. If the address is unknown, it also creates an entry for the IP address with a short expiration, so that it will not query the consolidating and management device again for a little while.

(77) The address management device then queries the address management database (e.g., DHCP) to obtain the Cable Modem address associated with that IP address, and may also obtain the DHCP lease expiration time. Once the consolidating and management device determines the user associated with the IP address, if a message for that user is desired, then it can send new policy information to the directing device along with a unique identifier for that policy. If the unique policy identifier sent by the redirecting device indicates that the redirecting device already has the correct policy information available, then the consolidating and management device does not need to re-send it; it can just re-activate it. In addition, the DHCP lease expiration time is sent, even if no message is desired. The redirecting device updates its table so that it will not query the consolidating and management device again concerning that IP address until the DHCP lease expires, or more likely, some fraction of that time, perhaps with a limit.

(78) Systems that utilize alternative address management databases to reconcile subscriber account identification with currently issued IP addresses can be used identically to the DHCP query for Cable Modem address within the consolidating and management device by substituting the alternate account identification for the Cable Modem address and subsequently relaying the respective policy information for that subscriber to the redirecting device upon discovery of the associated IP address.

(79) The loading of the policy from the consolidating and management device to the redirecting device is asynchronous from the above processing, i.e., the redirecting device will simply continue to reflect packets for the IP address until the policy information changes. Likewise, if there is a failure in the communications between the redirecting device and consolidating and management device, including the consolidating and management device itself, then the redirecting device will simply reflect packets back to the router.

(80) In some cases, the consolidating and management device will send policy information to the redirecting device before being queried by the redirecting device. When a redirecting device initializes, it will send a packet to the consolidating and management device indicating that it is starting fresh. If the consolidating and management device knows of policy information that should exist in that redirecting device, it can send it ahead of any requests by users.

(81) In addition, a consolidating and management device must maintain a list of addresses located at each redirecting device, so that if consolidating and management device is loaded with new policy information, it can send that policy immediately, rather than waiting for the address lease to expire.

(82) When a consolidating and management device sends a policy to a redirecting device, it should include the IP address, and, for neighborhood-wide messages, a mask, and the message or modification to be performed for that address. When a redirecting device expires the IP address from its cache, it should also deactivate the policy, but keep the policy available. A single policy may be applied to multiple IP addresses.

(83) When a redirecting device receives a connection for which it wants to send a message, it accepts the connection as if it is the server, so that the HTTP GET message is seen. Then, the URL and HTTP header can be examined as required. If it is then desired to send a replacement message, a redirecting device creates a socket that will appear to be the server and send the replacement page back to the user, as if it is the server. If the page is not to be replaced, the redirecting device will connect to the real server and proxy the data back to the user.

(84) Alternatively, the redirecting device reflects packets back to the router while maintaining state information about the browsing session. Once an HTTP GET message is seen and the URL and HTTL header are examined, if it is desired to send a replacement message, the redirecting device replies directly to the user, as if it is the server, and the redirecting device sends a message to the server, as if it is the client, that terminates the session. If the page is not to be replaced, the redirecting device can simply continue to reflect packets back to the router.

(85) Care must be exercised when sending a replacement or modified page to do so at an appropriate point in the data stream. For example, if a GET is requesting a JPEG image, then it is not possible to substitute an HTML document. Only a GET that is requesting an initial page should be allowed. This can generally be determined by examining the HTTP header.

(86) “Neighborhood” or Localized Implementation: An alternative configuration is shown in FIG. 4. In this configuration, the redirecting device may be at the aggregation router level or at the CMTS or neighborhood level. In fact, there is not any limitation to the number of redirecting devices in the network and each level provider, at the ISP level, the router level or the neighborhood level, can include an independent redirecting device.

(87) In a Wi-Fi type system, as shown in FIG. 5, the redirecting device is installed between the provider and a router, either using direct routing or as a NAT (Network Address Translator) gateway. This permits the Wi-Fi provider to communicate with each of the users 1-N on the system at any point in time, while still permitting single subscriber connectivity with the ISP. In this configuration, the specific user can be identified behind the NAT by sending a “null” message from the redirecting device to each user on line via the Wi-Fi, as they actively browse, and setting a cookie and examining the existence of such cookies. The examination then identifies each individual user. The Wi-Fi provider can then direct specific to each user on an individual or a group basis.

(88) In the Wi-Fi application, the NAT is connected to a Wi-Fi network typically adapted for accommodating a plurality of users. In its preferred form the redirecting device is configured to identify each of the plurality of users on the Wi-Fi network. This may be accomplished by directing the redirecting device to send a message to all of the users on the Wi-Fi network with a request for an automatic response. The redirecting device then identifies each of the users from the automatic response. This will then support the ability to send a selected one of the identified users.