The digital home is now becoming more complex with the myriad of new and emerging digital devices intended to address many user and consumer needs such as communication, entertainment, privacy and security, etc. However, given the complexity of the emerging digital home and digital environments generally, users who are technologically challenged may find it a daunting and intimidating task to manage their home networks and interconnected digital devices. Moreover, new paradigms are emerging oriented to delivering media content to and the consuming of media content at the home. Many of these paradigms rely on communication of application specific data to and/or from the Internet, as opposed to conventional telephone or broadcast video type applications, The protection of received Internet-sourced media content in addition to user-generated media content is additionally an important aspect that may be inadequately addressed by the technologically challenged user. Furthermore, with respect to Internet based data, most of the content delivery solutions are provided to the digital home networks through availability of the “two-foot” interface (i.e. the PC). It is relatively cumbersome to bring this content to the “ten-foot” interface (e.g. the television).
Thus, a need exists for a technique or devices to simplify the overall management of services and applications available to the digital home or even the small enterprise. Such a technique or devices would reduce the complexity of the maintenance, upgrading, and operation of even the more basic needs addressed by emerging digital endpoint devices and networks. Approaches that suggest greater functionality in home-based appliances fail to reduce or address the complexity of managing and provisioning those appliances. For example, while the home gateway server appliance described in U.S. Pat. No. 6,930,598 enables networked electronic devices to communicate with each other without the direct interaction with external networks, and provides a mechanism whereby a member of the household may be informed of certain network related events without having to use their home computer or other client devices, it does not provide a convenient or simplified way of managing the services and applications executed by, or associated with, that device. Thus, an unmet need exists for a device associated with a user premises that has robust functionality but does not require sophisticated or inordinate attention from the user to manage, provision and utilize them.
In practice, a customer typically subscribes to basic transport services from a network “Service Provider” (e.g. ISP—Internet Service Provider, cable provider, fixed wireless providers, ILEC—Incumbent Local Exchange Carrier, or CLEC—Competitive Local Exchange Carrier). For example, a customer may have broadband Internet access, via cable modem, digital subscriber line service or the like. Digital video service may be provided separately. The network service provider manages these basic services, at the logical network layer, typically at layers 1, 2 or 3 of the OSI model. While network services and associated devices may operate minimally at those levels, they operate at those levels only to support operations at OSI layers 1, 2 or 3. Many applications, however, involve higher level service logic for applications that view the network transport as a transparent pipe. The current internet applications delivery and management architecture, and many devices or management systems based on it, require a server with robust processing and storage capability to be located at the network operations center, not in the home. For voice over internet protocol (VoIP) type telephone service, for example, the VoIP service provider operates a session initiation protocol (SIP) server or the like, and each user has only client functionality. The network transport layers are transparent to the IP packets containing the voice and related signaling. The SIP server, however, controls the call set-up, tear-down, billing and the like for the voice call services. With such an architecture, the major capabilities and functionalities connected with providing application services from the server throughout the network reside on the server and supporting elements, all of which are located in the network operations center.
It might be helpful to walk through examples of the configuration for application services delivery to a client of an application within a user premises under the typical, current network configuration. FIG. 10 depicts one possible configuration for a client application to access a particular service that is being hosted or served outside of the user premises based on the typical, and currently employed, network application service configuration. We identify two regimes in the overall architecture, the Service Provider Network regime (WAN side), and the User Premises Network regime (LAN side). The association between the Service Provider Network and the User Premises Network is broken down into three layers; Network Interconnect Layer (NI). Network Function Layer (NF), and the Application Services Layer (AS). These layers do not represent physical communication pathways, but are a logical representation of pathways and elements employed in a network-based communication.
The separation between the managed Service Provider Network (WAN side) and the User Premises Network (LAN side) is depicted as the Network Service Provider Demarcation. The Network Service Provider Demarcation at the Network Interconnect Layer represents the logical and physical separation between the user premises and the broad-band network. In the present representation of the three functional layers, the Network Service Provider Demarcation is extended into the Services and Application Layer to emphasize the functional barrier at that layer between the Service Provider Network and the User Premises Network, in currently configured networks.
The NI Layer depicts how the connectivity between a User Premises Network and the Public/Service Provider Network is established. On the Service Provider Network side, the Wide Area Network services are terminated onto a WAN termination device with the appropriate interface (e.g. a Broadband internet service such as ADSL would terminate on to a managed ADSL Terminal Adapter). The WAN termination layer adapts the WAN interface into a compatible LAN interface (e.g. Ethernet or WiFi). On the User Premises Network side the LAN Termination interfaces are used to connect to the Local Area Network via a variety of interfaces, such as Ethernet, WiFi, MOCA, etc.
The LAN Termination interfaces and the WAN Termination interface could reside on two separate physical devices or they could reside on one physical device. In either case, on the User Premises Network side, packets or data must flow through the NF Layer between the WAN Termination Interface and the LAN Termination Interface. One or both of these interfaces may reside on a “gateway” device. Gateway and like router devices are currently available for various premises that allow several computers to communicate with one another and to share a broadband Internet connection. These devices function as routers by matching local network addresses and the hostnames of the local computers with the actual networking hardware detected. As gateways, these devices translate local network addresses to those used by the Internet for outgoing communications, and do the opposite translation for incoming packets.
The User Premises NF Layer allows for switching of packets between LAN devices and routing or bridging of packets between the LAN and WAN interfaces. It could physically reside on the same device(s) with the LAN Termination or it could exist at an independent device that could interconnect to the LAN Termination interface via a variety of physical interfaces (e.g. Ethernet, MOCA, etc.). The Service Provider NF Layer provides the Wide Area Network access between the WAN Termination device and the AS Layer where all the applications servers are being hosted. The Internet could be used for this connectivity as could a private packet/cell network (e.g. Cellular packet network, or a private ATM or packet backbone).
The AS Layer represents the functional layer that provides access to applications services by application clients. On the User Premises side, the AS Layer provides a Firewall to protect the application client from application level attacks from the open Internet. On the Service Provider side, the AS Layer encompasses application services such as Parental Control, Backup, and Call Processing. These application services exist on a managed Application Service Delivery Platform (ASD) on a secure network server that can be hosted at a facility that has private and or public data connection paths. The ASD may include three functional modules, namely the Application Service Enforcement (ASE) module, the Application Service Logic (ASL) module, and the Application Service Management (ASM) module.
The ASE module is responsible for enforcing the relevant Application Client privileges to the application services. It gets the policies and permissions of each application client from the ASM module (such as provisioning data and subscription data) and enforces those policies against the requested actions by the client application.
The ASL module executes the application services that the Application Clients request. Such services could be Call Processing, Parental Control, Peered Networking, Backup, etc. The ASL module must interact with the ASM module for monitoring purposes and status information such as Call Data Recording and Billing. It must also interact with the ASE module to provide access to the client applications that have passed the policy enforcement procedures.
The ASM module, as described above, provides the necessary data to the ASE and ASL modules for them to carry out their respective functions. It also oversees the overall integration and communication among all the modules and the services that are managed by the ASM. The ASM also manages the overall security and integrity of the ASD.
All ASD modules are in constant communication with each other, preferably through secure connections. The inter-module communication may be managed by the ASM, or may be independent of a central management function. Note that the ASE, ASL and ASM modules are only examples of functions that may be logically bundled; other bundles, and other means of bundling these functions, are possible.
FIG. 11 depicts a logical flow of how a specific Application Client residing at a user premises could interact with an Application Service that is being managed in the typical network configuration. Traditionally, as depicted in this example, an Application Client (e.g. Telephony) that needs to connect to an Application Service (e.g. call processing) must first connect to the Local Are Network termination interface (1). Depending on the specific deployment, a switching function, routing function or bridging function is used to establish the connection path between the application client (2) and the Firewall service (3). The Firewall Service works in conjunction with the router function (4) to permit access to the Wide Area Network interface (5) and maintain a level of security to the Application Client. The firewall service in this example is not aware of either the type of application client or the specific application service that is being targeted. There is no feedback mechanism between the Application Service Delivery Platform and the Firewall function. Once connectivity to the WAN termination interface is established, routing mechanisms are used to establish a connection through the Service Provider Network Function Layer (6) to the Application Service Layer (7). At the Application Service Layer, the client application goes through application validation procedures and privilege and permission checks by the ASE prior to allowing the application client to connect to the desired application service.
In the logical hierarchy, such as shown in FIGS. 10 and 11, a home gateway device may implement the NI layer functions and the user premises side NF layer functions. The firewall functionality may reside in the gateway or in one or more other elements on the premises network. For example, many PCs internally implement firewalls, e.g. in close association with the client programming of the endpoint device. As can be seen by the illustrations in FIG. 11, however, even with a home gateway deployment for a premises network, the application services functionality still requires the support and service logic to reside on a server in the network. That is, for service provisioning, service management and upgrades, remote diagnostics, for a digital endpoint device such as a PC or SIP phone, the home premises still must rely on the application service logic executed by the service providers in their server networks, typically according to proprietary platforms. Moreover, many other core services, e.g. file storage, media content access and delivery, are offloaded to other 3rd-party service providers that provide service logic and support applications at their network server devices.
With the paradigm discussed above relative to FIGS. 10 and 11, it is currently the case that many of the application service providers also find it difficult to provide and support new emerging technologies at the home. That is, service providers are challenged to select a platform that can evolve with their applications. With existing service architectures, the launch of new services compounds complexity to the core network, adding to both capital and operating expenditures.
Thus, as new services come to the fold, often with the requirement of new equipment, e.g. integrated access devices (IADs) for VoIP and set-top boxes for streaming video, the management of the customer premises equipment (both hardware and software) complicates customer support requirements. Managing the home network environment can be an inhibitor to the adoption of new services, both from the user perspective and from the perspective of management by the service providers.
A need exists for a new paradigm, with improved convenience for the user and easier management for the application service provider. In that regard, it would be desirable to provide a multi-services application gateway device that provides not only a variety of IP-based communication services, but also offers a centralized management capability for application services.