This Application is related to the following Applications:
(1) xe2x80x9cMechanism for Users with Internet Service Provider Smart Cards to Roam Among Geographically Disparate Authorized Network Computer Client Devices Without Mediation of a Central Authority,xe2x80x9d by Frank B. Dancs and James E. Zmuda, now U.S. Pat. No. 6,108,789;
(2) xe2x80x9cMechanism for Facilitating Secure Storage and Retrieval of Information on a Smart Card by an Internet Service Provider Using Various Network Computer Client Devices,xe2x80x9d by Frank B. Dancs and James E. Zmuda, now U.S. Pat. No. 6,141,752,
(3) xe2x80x9cMechanism for Dynamically Binding a Network Computer Client Device to an Approved Internet Service Provider,xe2x80x9d by Frank B. Dancs and James E. Zmuda, U.S. Pat. No. 6,112,305.
Each of these related Applications is incorporated herein by reference.
1. Field of the Invention
The present invention is in the field of network computer client devices (NCs) which rely upon a network connection to supply all necessary program files and data files and which accept individual users"" smart cards containing account information with various internet service providers (ISPs). The present invention operates in an environment in which a relationship server is a central contact point for all NCs. Specifically, the present invention addresses the need for the relationship server to provide NC connection information to an ISP, and to facilitate the registration of the user with the ISP without inordinately occupying the relationship server resources.
2. Discussion of the Related Art
In a network-centric computing environment, the three major computing components are a network computer client device (NC), a server device, and a smart card. The NC does not contain a hard disk, and therefore relies upon a network connection for virtually all program and data. Therefore, the NC needs the server device for booting security, file storage, and system management. The smart card is used to identify and authenticate a particular user and to carry individual information about the user. The user combines his smart card with an NC to access his logical workspace from the NC.
In the network-centric computing environment, there are several business entities. An internet service provider (ISP) is the entity with which the user has an agreement to provide basic server resources. An internet access provider (IAP) is an entity with which the ISP has a relationship for provision of its internet protocol (IP) address to enable users to connect to the internet. An ISP may function as its own IAP. An NC client device manufacturer builds NCs.
When the NC device is first switched on, a mechanism is needed for selecting its ISP (and IAP) and properly registering with these entities to establish a user account.
In a network centric computing environment, users interact with internet service providers (ISPs) through network computer client devices (NCs). However, when an NC is powered up, it lacks the information necessary to immediately and directly connect to any ISP. To enable connection to an ISP, the NC initially connects to a central relationship server. Because the central relationship server is a focal point in the network and could be a system bottleneck, it is important to minimize the connect time and the amount of data traffic to and from the relationship server.
According to the present invention, user and NC registration occurs in two phases: the first phase with the relationship server and the second phase with the ISP. In the first phase, the NC sends the relationship server a unique identifier of the NC manufacturer. In the preferred embodiment, the unique identifier of the NC manufacturer is the manufacturer identification number. Alternatively, the NC device serial number, which includes a field representing the manufacturer identification number, is transmitted to the relationship server. In the preferred embodiment, the NC also transmits an enterprise identification number from the smart card uniquely specifying the ISP to which the user wishes to connect. The relationship server queries a relationship database using the manufacturer and enterprise identification numbers in order to locate the NC connection information for the ISP. In the preferred embodiment, the relationship server determines whether the specified manufacturer has authorized connection to the specified ISP; if no authorized usage certificate for the ISP signed by the manufacturer exists in the relationship server database, then the relationship server disconnects from the NC without providing any NC connection information for the ISP. Otherwise, the relationship server transmits NC connection information for the ISP to the NC. According to the present invention, the NC connection information includes an internet access provider (IAP) matrix that includes an IAP identification number, the IAP telephone number, and a username/password pair. The NC preferably writes the IAP matrix to non-volatile memory within the NC.
According to the present invention, the relationship server also transmits initial registration contents for the ISP to the NC. The NC preferably writes the initial registration contents to the user""s smart card. The initial registration contents include the universal resource locator (URL) used by the ISP for registration of users with the ISP. In the preferred embodiment of the present invention, the initial registration contents is identical for all users of the same ISP and is digitally signed by the ISP. Upon receiving the initial registration contents, the relationship server disconnects from the NC, thus ending the first phase of the user registration.
According to the present invention, the second phase of the user registration is entirely governed by the ISP. The ISP may ask the user for a credit card, for example. Upon authentication of the ISP using the authorized usage certificate for the ISP within the NC, the ISP is free to overwrite the user""s initial registration contents user specific ISP account information that the ISP digitally signs. The ISP is also free to read any information from the smart card which has been digitally signed by the ISP. In the preferred embodiment, although the initial registration contents for the ISP on the user""s smart card is overwritten during the second phase of user registration, the NC connection information remains the same after registration with the ISP.
These and other features and advantages of present invention are more fully described in the Detailed Description of the Invention in conjunction with the Figures.