The present invention relates to a system and a method for accessing and/or introducing different services through routers or switches, such as switches for IP, and a data transferring and billing method relating therein. The invention relates further to a routing segment.
Various computer networks are known. There may also be a number of networks per se separate networks which are connected to each other by suitable interface means such as gateways, switches and/or routers.
In general, if the user is in a company, university or similar organization, the user is usually connected to the local area network of that local organization. He/she has a connection through appropriate routers or switches to a global computer network system called Internet. A home or private user may reserve his/hers own telephone line to be used by the telecommunications services through a company providing the necessary communications. The Internet includes several routers and/or switches for IP. The different services are accessed through so called segments included in the routers or switches.
The Internet services are used by client/server principle. In other words, a client program in the user""s computer establishes a connection to a server program of a service provider existing in the network, whereafter the program is executed. The probably most used service is the electronic mail (e-mail), which can also be used by the private users after buying a personal mail box from the Internet connection provider. In this case the private user may retrieve messages from the server (post office) in the network to his/hers workstation by using POP protocol (Post Office Protocol).
The World Wide Web (WWW) has become as the most important service of the Internet. This is a world wide network of WWW servers which include hypertext documents (HTML documents). The WWW is a hyper media network, ie. it exists only virtually in an electronic form. The hyperdocument is one entity which may include text, pictures, sound, moving picture, programs etc. The document may comprise several pages. Some words or pictures among the text are links which are distinguishable in the screen, the activation whereof by clicking starts the transferring in an anchor of a link invisible to the user to the referenced URL (Uniform Resource Locator) address and brings a new document visible on the screen.
Each WWW server has a defined root which usually has a file which is intented to be viewed on the screen as first. This is generally called as home page. In addition to this, each subdirectory has a file which is the initial document of this file. It is possible to use the WWW by a graphical user interface, such as eg. Mosaic, Netscape and Cello, as well as by text based user interfaces, such as eg. Lynx. When a connection is desired through the Internet to any address, to another computer or to the WWW page, data is transferred via the networks and the routers and/or switches.
The machines using different programs and operation systems communicate with each other eg. by using TCP/IP protocol (Transport Control Protocol/Internet Protocol) which is a common naming for the two most important protocols of the Internet. The data to be transferred is divided into IP packets which are guided by routers operating in the network to the right destinations in accordance with address information included within the packets. The TCP ensures that a reliable communication will be maintained between the sender and the receiver. It collects the arriving IP packets into a correct order and, if needed, requests for a retransmission. In the router the packet is guided in accordance with a routing table to a correct segment and is transmitted forward. The table contains information about the IP address which are to be found behind each of the router segments. Updating occurs between the routers. Other possible protocols are UDP (User datagram Protocol), FTP (File Transfer Protocol), RPC (Remote Procedure call), ICMP (Internet Control Message Protocol), which is an extension of the IP.
The routers and switches for the IP are per se known by the skilled person. The following trade names can be given as an example of the switches for the IP: IP Switch (by IPSILON), Cell Switch Set Router (by Toshiba), Tag Switch (by Cisco), and ARIS (by IBM).
It is possible to add to the router or the switch for the IP an information indicating whether the user, ie. the sending IP address, has a right to sent information through some of the segments or not. In addition, the scope of destination IP address area or space and even a specific port for a certain application (service) in a destination host pointed out by the IP address may be included within the router or switch for the IP so as to define the user rights. If the right exists, the transmission is allowed to go out through the segment, and if not, the transmission is prevented. This is called as fire wall. The fire wall can also be provided such that some certain services are protected by determining the IP addresses and port numbers from which it is allowed to access and use said certain services. The service producer or the manager of the network may also take away the access right to a certain IP address.
The above described are all static ways of limiting the rights. If the user wishes to change the access possibilities, the only possibility for him/her is to make an agreement of it with the network manager or similar by means of a separate request, eg. by calling to the service provider or similar. The pricing of the services behind the router segment can be accomplished only in accordance with the services, such as the WWW pages, e-mail etc., relating to the precise segment.
The method and arrangement according to the present invention solves the problems of the prior art in a new and unambiguous manner.
It is an object of the invention to provide a system and a method for enabling an access to Internet and alike networks or parts thereof from the user""s own computer by requesting rights from the holder of the rights or similar during the terminal session.
Another object of the invention is to provide services which can be selected by the user when needed during the terminal session and which he/she is able to change in accordance with the needs.
Another object of the invention is to provide a solution by which the connections used by the user can be charged, if necessary, in different manners.
A still another object of the invention is to provide a controller for the routers or switches for the IP which is capable of changing the settings of the routers or switches for the IP concerning that the address or service the user in enabled to access through the router or the switch.
Another additional object of the invention is to provide a possibility for charging the connections selected by the user by utilizing a control by an intelligent network.
Another additional object of the invention is to provide a data transfer system and method between users in different networks.
A still another additional object of the invention is to provide a possibility for distributing rights to the users to access through routers or switches for the IP eg. a certain group of services or an Intranet or another similar restricted group of services.
It is a further additional object of the invention to provide each of the users by a suitable default interface so that it is not necessary for the user to pay anything for such what he/she is not using, ie. there is an intention to a billing which operates in accordance with the exact actual use.
It is a further object of the invention to provide a possibility to use a service of a closed network to which the access of the user is prohibited by opening an originating or sending IP address and optionally a sending port number, and in some instances, if necessary, also a specific port to the destination IP address and even to a specific destination IP port.
Another additional object of the invention is also to provide a verification of the creditability or similar acceptability condition of the user before giving the service to be used by the user.
To obtain the above objects, the present invention provides a new and unambiguous system for transferring information. Said system comprises computer networks to which one computer or several computers is/are connected to, routers or switches between the computer networks so as to provide communications between the computer networks, user interfaces connected to the computer networks through a router or a switch of a connection provider, wherein each of the computers connected to the networks has an IP address of it""s own or a similar identification from which it is possible to identify the transmitting and receiving computer, router controller servers having a connection to at least one desired router or switch for IP, the user thereof having an access to various addresses in an address space of the computer network router or switch, the access right thereof being defined in accordance with a table, wherein the user has, during the connection to the router or switch and the router controller server, a right to change at least one or several allowed access right(s) of the address space defining the table.
According to an alternative, a system for transferring information comprises computer networks to which one computer or several computers is/are connected to, routers or switches between the computer networks so as to provide communications between the computer networks, analog subscriber subscriptions of a switched network connected to the computer networks, which are connected to a corresponding router or switch, each of the connected computers having an IP address of it""s own or a similar identification from which it is possible to identify the transmitting and receiving computer, router controllers having a connection to the router or switch which is the closest one to the local network of the service provider through which the user has an access to the services, and by means of which the access rights of the routers or switches to certain address are changed such that as the user contacts the router controller and announces his/hers willingness to a certain address the user""s rights to access addresses in the router or switch are changed accordingly.
The invention provides also a routing table including information about user""s IP addresses, router or switch segments and a column including an information about the user""s current status in accesses to addresses, ie. through which router segment the user is able to establish connections and through which segment the user is not able to establish connections.
A method for transferring information is also disclosed. Said method is used in a system which comprises computer networks to which one computer or several computers is/are connected to, routers or switches between the computer networks so as to provide communications between the computer networks, user interfaces associated with the computer networks which are connected to a corresponding router or switch, wherein each of the computers has an IP address of it""s own or a similar identification from which it is possible to identify the transmitting and receiving computer, router controllers having a connection to the router or switch and by which it is possible to change the access rights of the routers or switches to certain addresses. Said method comprises the steps of contacting the router, contacting the router server, announcing an information about the desired address space through the user connection, changing the access right criteria of the number space defined by a table, and registering the change.
One alternative embodiment of the invention provides a system for changing router access rights in a system comprising computer networks to which one computer or several computers is/are connected to, routers or switches between the computer networks so as to provide communications between the computer networks, user interfaces connected to the computer networks through a router or switch of a connection provider, wherein each of the computers connected to the networks has an IP address of it""s own or a similar identification from which it is possible to identify the transmitting and receiving computer, router controller servers having a connection to at least one desired router or switch, the user of which has an access to various addresses in an address space of the computer network router or switch, the access right thereof being defined in accordance with a table, wherein the user has, during the connection to the router or the switch and the router controller server, a right to change at least one or several allowed access right(s) of the address space defining the table, in which system a client program is retrieved from the router server to the user""s computer, the user computer communicates by means of the program with the server, the server gives the alternatives for number spaces, the user selects a number space, the server updates an IP fire wall information of the router or the switch, the updating information is selectively transmitted to a billing system (from the used IP address space), and the connection to the server is closed after the change or changes.
To change the fire wall information of a router or a switch for IP it is invented that the information, for instance in a router segment or in a switch for IP switching, which prevents the user from being able to send any information or data, is changed eg. by means of a controller of the router or switch segments. When the user wants to have another connections, he/she announces to the controller that he/she needs a right to another segment or similar. The user may be automatically provided with an announcement that he/she has selected an address to which he/she is not entitled to have an access, whereafter the user may be given instructions how to act to activate the access.
The right of the user to the network behind a predefined segment may be verified. This function is useful in cases when the network behind the router or switch is eg. an university network into which the students are the only ones having a right to access. The connection information may be registered, and the maintainer of the network, eg. an operator, may receive an announcement about that to a billing program or a billing data base eg. by means of an intelligent network (IN). By means of this it is possible to obtain an arrangement in which there is no need for the user to take any connections to the maintainer of the network and to make a separate agreement of the connections he/she wants to have. In a normal case it has been necessary for the user to make such an agreement with the maintainer of the network by making a telephone call and requesting a permission to shift himself to be an user of a certain address. In the invention the user may change the profile of the addresses he/she wishes to have a connection during the same connection. There is no need for the user to log out, and the used programs may be in use for the entire length of the session.
As was discussed, it has been possible to add to the router or the switch for the IP an information indicating whether the user, ie. the sending IP address, has a right to sent information through some of the segments or not. However, by means of the invention its also possible to implement an information concerning the scope of destination IP address area or space and even a specific port for a certain application (service) in a destination host pointed out by the IP address within the router or switch for the IP so as to define the user rights. By means of this a more complete dynamic firewall is provided.
It is to be noted that the terms xe2x80x98router controllerxe2x80x99 and xe2x80x98routing control serverxe2x80x99 are intented to mean all such means which are used for controlling the operations of the router or the switch for the IP switching in accordance with the principles of the present invention.
The additional features of the invention and the advantages obtained by it are evident from the description and the drawing. It is to be noted that the invention is not intented to be limited to the following examples, but is intented to cover all such modifications and variations which fall within the spirit and scope of the present invention as defined in the appended claims.