Operation of a subscriber network requires not only facilities to establish communications but resources to manage the network. Individual subscribers represent both a business opportunity and, if abusing the network or their service commitments, a threat to the network. Managing subscribers and their use of the various network resources is therefore a way to maximize the financial return from the subscriber base and to protect the network. Examples of subscriber management activities include managing new activations, isolation and cleansing of virus-spreading subscribers, compelling subscribers to upgrade service-related software, isolating and managing a subscriber who is abusing the network or exceeding the service resources available to that subscriber, and offering a subscriber a new tier of service.
It is not unusual for a network operation to impose bandwidth limits, outbound limits on e-mail, and limits on DNS queries for example. Clearly, a subscriber network operator has an interest in minimizing the effects of viruses on its subscribers and preventing the spread of a virus from infected subscribers. Additionally, operators of subscriber networks are motivated to deny service to subscribers who may be abusing the network or who are not in compliance with the terms of their service agreements.
One approach to dealing with a subscriber who poses a physical or financial risk to the network is to quarantine all devices associated with that subscriber so as to limit the network access of devices to particular network locations where the subscriber may be presented with the reasons for the quarantine and the steps necessary to release the subscriber's network equipment from quarantine. For example, a quarantine may be applied to a cable modem (CM) via its IP and/or MAC addresses. All customer premise equipments (CPEs) behind the CM are placed in an isolated environment where any web-browser queries from the subscriber are directed to a “quarantine web server.” This type of quarantine may be referred to as a “network” quarantine.
Systems and methods for affecting the behavior of a network device in a cable network are described in commonly owned U.S. Pat. No. 7,571,460 and divisional application Ser. No. 12/424,154, both of which are incorporated in their entireties for all purposes. As described therein, a subscriber access control system (SACS) is used to configure a network device connected to cable network and to affect the behavior of that device. The SACS comprises a rules server and a datastore that stores the current state of subscribers known to the SACS and historical request information. When the SACS receives a request to quarantine a device, the SACS obtains the MAC address and IP of the device to be quarantined, determines the quarantine “state” of the subscriber, and then assigns attributes to a subscriber record accessed by a DHCP server to affect the behavior of that device. The actual behavior of the quarantined device is determined by the presence of the attribute and the value of the attribute.
In addition to browser-equipped CPE, a CM may provide Internet access to a variety of devices that provide services that are not Web-based. By way of example, IP service devices (ISDs) may receive content using protocols and clients that are not routed through the Web. By way of illustration and not by way of limitation, an ISD may be an IP-STB, a cellphone, a laptop, or a general purpose computer configured to receive services using the Internet Protocol that are not Web-based. For example, IP-video may be provided to an ISD operating a client that communicates directly with a video content server. Digital voice services are typically provided to an ISD that communicates with a softswitch using the Internet Protocol and voice-specific protocols. Gaming services may also be provided using the Internet Protocol.
Because ISDs do not connect to the Web, the quarantining of a CM through which an ISD connects to the Internet may result in a disruption of service to the ISD without notice to the user of why the quarantine was imposed and how the quarantine may be lifted.
Services to ISDs may also be subject to subscriber agreements that are independent of agreements for other services. Circumstances may arise in which it is desirable to quarantine the ISD services without affecting other web-based services (e.g., e-mail, web browsing, and video downloads).
Circumstances may also arise in which a service provider desires to communicate with a user of an ISD without denying the user services via the ISD (sometimes referred to herein as a “soft quarantine”). For example, a user may be informed that his or her service agreement is about to expire, that a service may be interrupted for maintenance, that the terms of a service agreement have been changed or that the user needs to check with local authorities for an important message regarding public health, safety, or law enforcement.