1. Field of Invention
The present invention relates to a system and method to allow secure network management of high-speed Internet access by network service providers.
2. Description of Related Art
Today, access to the Internet is primarily provided via plain old telephone service (POTS) modem dial-up with speeds ranging from 19.2 Kb/s to 56 Kb/s or via ISDN modems with speeds up to 128 Kb/s. The typical service arrangement requires users to sign up for service with an Internet service provider (ISP) who provides ubiquitous local points of presence (PoPs) used by subscribers to dial into an ISP's backbone network and request service The dial-up PoPs are dispersed geographically to provide wide coverage; however, the PoPs are networked together as an integrated Internet access platform allowing centralized authentication of service requests. Further, networking the PoPs together provides proper network operations and management. FIG. 1 illustrates a typical service architecture as described above.
From an end user's perspective, the Internet access platform provides two main functions: new user registration and per call authentication for Internet access. A new customer can purchase an off-the-shelf POTS modem and dial into a designated number to register for service. The registration process guides the customer through the steps necessary to provision the personal computer (PC), including selection of a default POTS PoP, a dial-up script setup, and an account setup with a registration server and an authentication server. The second function of per-call authentication occurs when a user dials into a POTS PoP requesting access service.
Conventionally, the POTS PoP not only assigns a dynamic IP address to the customer PC to use during an access session but also validates a customer account. An invalid customer account will be denied access to the service. Once the customer account is authenticated, a customer is allowed to browse the Internet using the temporarily assigned Internet Protocol (IP) address for the PC as the source address of the IP packets during communication with any web server. Both the upstream traffic, which travels from the PC to the Internet, and the downstream traffic, which travels from a web site to the PC, pass through the POTS modem.
With advancements in Internet access technology, there are a variety of high speed Internet access systems being developed and implemented today. Presently, cable modem and xDSL are the two main emerging technologies available. Both technologies are commonly referred to as broadband access systems.
Broadband Internet access systems require access customer premises equipment (CPE), for example, cable modems, xDSL modems, 56 Kbps POTS analog dial-up modems located at a customer's premises to provide the proper interface for a transport medium, for example, ethernet cable or DSL, used during broadband Internet access.
Broadband access requires a communication channel with a bandwidth in excess of 1.54 Mbps. Access CPE provide a network interface with the Internet during high-speed access to the Internet using broadband Internet access systems. Customer personal computers are located behind the access CPE and utilize the access CPE as a network interface. The access CPE also serves as a network adapter, router, network management agent and may also serve as an encryption device for encrypting outgoing communications from PCs and other devices located at the customer premises. The access CPE is generally provided by the service provider and is considered part of the network.
Various access arrangements are possible in broadband access systems. For example, a two-way cable modem system (handling upstream and downstream traffic) or a one-way cable modem system handling upstream or downstream traffic) may be provided using cable modem technology. A one-way cable modem system typically uses the POTS modem to provide a path for upstream communication traffic and uses the cable distribution network for the path for downstream communication traffic. A two-way cable modem, on the other hand, uses the cable distribution network as a path for both the upstream and downstream communications traffic. xDSL modems are inherently two-way systems.
Despite differences associated with the various access arrangements, broadband Internet access systems require access CPE located at a customer premises to provide a proper interface with a selected transport medium. FIG. 2 illustrates a typical network arrangement for current broadband, as opposed to POTS, access system.
By introducing the access CPE 400 (e.g., cable modem or xDSL modem) into the broadband Internet access system service architecture, the original POTS modem-based access model is no longer fully applicable for the following reasons.
As shown in FIG. 2, the access CPE 400 and a plurality of PCs, or workstations, 500 located at a customer premises each need an assigned IP address in order to connect to the Internet. The assigned IP address may be static or dynamic. Therefore, processes for new customer registration and service provisioning must be redefined. Ideally, new processes should be at a comparable level of simplicity as those of the POTS-modem-based access arrangement illustrated in FIG. 1.
Further, since the access CPE 400 not only serves as a network adapter providing the proper transport medium interface but also may provide routing and network management functions, the access CPE 400 has capabilities with which the ISPs can extend ISP network management capabilities to customer premises. The benefit of this extension is that the ISP can better monitor the condition of the ISP network extending as far into the customer premises as the high speed transport medium which is owned by the ISP. By extending the network management functions, the ISP can better monitor the condition of, for example, the cable modem or xDSL modem. For conventional POTS modem based access, it is not possible to provide such extensive monitoring.
As shown in FIG. 2, at the customer premises, a plurality of PCs or workstations 500 are connected to each other and any external networks via a hub 600 which couples the PCs 500 to the access CPE 400. The access CPE 400 is coupled to a network to a broad-band point of presence (PoP) 440 via a broadband transport medium to provide broadband communication with the Internet. The access CPE 400 is also coupled to a POTS modem 420 for communication with the Internet. The POTS modem is coupled to a public switched telephone network 430. The public switched telephone network 430 is coupled to at least one POTS PoP 460. The broad-band PoP 440 is coupled to an ISP's backbone network 100 using an access router 450. The backbone network 100 is the major transmission path for network interconnection. The POTS PoP 460 are also connected to the backbone network 100. The network 100 includes various other access routers 450 to other broadband access PoPs. An access router is also used to couple the network 100 to a firewall/router 200. The firewall router 200 is also coupled to a network operation center (NOC) 300. The NOC 300 is a large area network and includes various servers including a registration server, an authorization server and other servers necessary for the maintenance and operation of the ISP. The network 100 also includes network area points (NAP) 410 that provide connections between the network 100 and the Internet to provide communication between the customers utilizing the PCs or workstation 500 and the Internet.
As shown in FIG. 2, the access CPE 400 and the network 100 are connected and communicate with each other using two paths, i.e., one path providing broadband access through the broadband transport medium, broadband PoP 440 and access router 450 and the other path through the public switched telephone network 430 and the POTS PoP 460. This dual-path architecture provides improved Internet access because, for example, a PC 500 can send information to the Internet, i.e., up-stream, using the POTS PoP 460 and receive information from the Internet, i.e., down-stream, using the broadband PoP 440 path. Therefore, this dual-path architecture allows a PC 500 to send the relatively small amount of information required to access the Internet along the POTS PoP 460 path and receive significantly larger amounts of information, e.g., during down loading of information from the Internet, using the broadband PoP 440 path. Thus, the dual-path architecture may provide higher speed surface by utilizing the broadband technology to increase down loading of information.