1. Field of the Invention
The present invention relates to methods and apparatuses for identifying and affording special treatment for certain transmissions to a subscriber network access facility, and more particularly to tagging and authentication methods of reliably and efficiently marking and identifying transmissions of certain identified content, or transmissions from certain identified transmission nodes from outside or inside a network access facility such as a broadband subscriber network.
2. Description of Related Art
Traditional “circuit-switched” telecommunications networks—such as those typically employed by local and inter-exchange telephone or telegraph carriage—promoted the proper quality of service and preferential treatment for various types of network traffic by dedicating an entire electronic circuit on a full-time basis to each communications session. This enabled telecommunications providers to sell carriage on a reliable basis, but it was substantially inefficient, since for most of the time even while switched, each such circuit laid idle. Today's Internet, and more broadly speaking today's digital telecommunications networks have addressed that inefficiency by widespread use of a technique called “packet switching” using protocols such as the “Internet protocol” or IP amongst others. At the source, an originator of a transmission over a packet switched network divides the message into standard, evenly-sized packets, each of which is labeled as to source and destination in the network. Typically, each such packet bears no other identifiable marker as to the nature of its contents. Each node that receives such a packet during its transmission over the network reads the source and destination label, and switches that packet to next node on the network more proximate to the destination.
The advantages of packet switching techniques are well-known in the art and are manifold. In fact, packet switching is widely credited with offering the explosive proliferation of telecommunications that we are witnessing today not only in Internet, but in mobile telephony, long distance and digital television to name a few.
However, the fact that the packets are anonymous, and the transmission facilities of the network are not informed as to the nature of their contents raises some common difficulties. For example, certain types of content being transmitted require differentiated types of service over a telecommunications network. Voice or video communications require substantially consistent interconnection speeds and low latency, whereas data downloads may be better suited for burst transmission and long latency. Moreover, the proprietors of certain transmission nodes in a publicly accessible network may have a variety of business or functional reasons to treat various types or classes of content transmissions differently. For example, a 911 call over an IP network would require different service than a directory or residential call. Likewise, a medical image file may require different carriage treatment than free downloads of a movie file even though the file extensions and sizes may be equivalent.
This problem until now has been inherent in packet-switch networking. Efforts to date at solving this problem have been of limited reliability or utility. Communicating a meaningful element of content over an IP network has thus far involved the separate transmission of many individual packets. Prior art packet-by-packet analysis devices lack the ability to identify those meaningful groupings, and to transport all of those packets appropriately. The prior art techniques cannot ensure perfect designation of flows of information or detection of content types or classes. Yet broadband subscriber networks increasingly encounter the need to differentiate transport on a subscriber, content or application-specific basis. (Those networks include, for example, multiple service operators (MSOs) offering Internet access to subscribers over television cables, or Digital Subscriber Line (“DSL”) providers such as local telephone companies.)
The advent and widespread popularity of peer-to-peer distribution networks has had a deleterious effect on broadband access providers' ability to provide uniform and high quality Internet access service to their subscribers. To be sure, widespread use of P2P networks has proliferated piracy of copyrighted music and video. Still, P2P networks provide users with important utility. One object of the present invention is to alleviate the negative impact of peer-to-peer networks by deploying inline systems such as preferred transporters that are able to recognize peer-to-peer traffic based on application or content tags and to treat that traffic according to policies that protect desired business or legal interests.
One impracticality of distributing very large files by a content-server to client architecture is that an inordinate amount of storage and connectivity is needed at the content server to enable public users to access common large sized files for download over the Internet. In addition, high-speed public Internet circuits are costly and low-speed Internet circuits may not provide adequate bandwidth and speed for content distribution. In such peer to peer networks, the task of storing and forwarding popular files is distributed to a point where the actual consumer client devices store and forward those files to each other. This reduces and distributes the cost of proliferating those very large files over a wide area network such as the Internet. Yet, in the current state of the art peer to peer distribution schemes, the content originator looses control over the transport and distribution of the original content, since it is served and distributed by multiple nodes within the peer network. It is therefore an object of the present invention to provide a system that enables a content originator to maintain control over the transport and distribution of content, even as the content is offered on peer to peer networks.
At the same time, peer to peer networks increases the demand for transmission capacity, especially upstream transmission capacity, among subscribers to broadband access networks. That demand at times exceeds those networks' ability to provide connectivity, and nearly always exceeds the amount of upstream capacity provisioned at those networks. One known solution for the broadband access providers is to passively identify P2P traffic and rate limit it. Another solution is to subject subscribers to periodic byte caps, especially to limit the amount of data they are permitted to upload. However, there is a need for a system that allows broadband access providers more direct control over the transmission of content on a broadband access network.
In addition, these available peer-to-peer programs, which spread the costs of content distribution by using clients' networked computers as content servers, are wreaking havoc on broadband subscriber networks. Those networks were designed for a substantial amount of downtime at each client, and assuming that clients browsing the web and downloading a page would demand far less uploading bandwidth and payload on the network than downloading bandwidth and payload. Often, those peer-to-peer programs become havens for the distribution of pirated or other illegal material. Increasingly, legislative efforts and law enforcement are focusing on stopping that illegal conduct at the broadband subscriber network level.
Furthermore, applications can use techniques known as port-hopping and port-spoofing to mask the origination point of a transmission. In the IP communications art, destination nodes can recognize and route transmissions sent by certain applications through certain communications ports according to generally recognized port number assignments set by central authorities like the Internet Assigned Numbers Authority (“IANA”). But those ports are either assigned by IANA, or are assigned defacto (an applications start using them—this is known as “well known ports”). IANA designates a reserved set of ports for well-known applications. IANA also establishes a set of unreserved well known ports that are available for new applications to use on a de facto basis.
Whether reserved, assigned, or defacto—there is no known or generally recognized authentication or security scheme in place to ensure that only proper applications gain access to their proper communications ports at IP destination nodes. So whenever an application requests use of a certain port in IP communications, in the current state of the art, there is no way for the destination node to ensure that the communication actually was initiated by that application. In fact, spoofing the generally accepted port selection system is a simple affair, used by unrecognized applications to gain entry or carriage into IP routing systems.
One well-known technique incorporated into certain unfavored Internet client applications is known as “port hopping.” Applications using this technique will distribute their content transmissions or requests on a random, pseudorandom, or programmed pattern among a variety of reserved or well-known communications ports. This allows unfavored applications to escape easy detection, and to usurp ports left open by IP destination nodes for necessary or favored applications.
In networks that are not public packet switched networks, such as cable television or telephone, the business of telecommunications carriage is enabled by bundling content or applications with network access. Contrast the sustained and successful business model of the traditional television industry with the commoditization of the Internet access industry. Broadcast, and even cable, television operations are supported largely by (i) advertisers paying for the privilege of having their content carried on public networks by the operators of that network; and (ii) more importantly by subscribers paying for content by channel bundles, pay per view, or other content transmission specific services. But such a model is not available to Internet access providers, who until now have been unable to monitor or control the content or applications made available to their own subscribers.
There is a need in the art for a method of positively identifying information transmitted to network access points such as broadband subscriber networks. The information could be identified by at least one of client application, content origin, type or class. Such an identification scheme could be known only by certain access points, or standardized for recognition by all nodes and content servers. Various levels of secure authentication could be used, including without limitation a shared secret, one-way encryption tags, or private-public key exchange. Such a method would enable any owned network resource, whether a switch, router, communications port, or even a given subscriber or subscriber group to require authentication. The scheme for identifying content could be extensible and predictable employing for example, hierarchical naming trees.