1. Field of the Invention
This invention pertains in general to high-speed data networks and in particular to a system and method for authenticating and authorizing users seeking access to resources on a network.
2. Background of the Invention
Cable television service is usually sold as a subscription to one or more xe2x80x9ctiersxe2x80x9d of channels. Typically, a basic cable subscription allows access to a small tier of channels and is sold for a relatively low subscription fee. The subscriber can purchase additional tiers of cable channels for additional fees.
In most cable systems, the subscriber uses a xe2x80x9cset-top boxxe2x80x9d (STB) to access the cable channels. The STB contains a microprocessor and other hardware for tuning and descrambling channels in the tiers to which the subscriber has access. The STB may also enable other services, such as pay-per-view or digital music reception in return for additional fees.
In recent years, the STB has incorporated a cable modem that enables access to Internet- and World Wide Web- (xe2x80x9cthe webxe2x80x9d) based resources via the cable infrastructure. A cable modem typically has at least one assigned Internet Protocol (IP) address and is managed by an Internet Service Provider (ISP). The ISP inserts and extracts Internet traffic to and from the cable infrastructure and distributes it to the cable modem having the given IP address or the Internet, as appropriate.
In the standard Internet model, any computer on the network can communicate with any other computer. As a result, any cable modem serviced by the ISP can access any server providing a service available on the Internet. This Internet access model is different than the traditional cable television model since there is no easy way to restrict subscribers to only certain servers or resources on the network.
This Internet access model may be acceptable under current usage habits. However, as web-based electronic commerce becomes more commonplace and televisions and the Internet become more tightly coupled, there is an increasing desire to sell network-based services to subscribers. ISP""s prefer to sell network-based services using subscriptions analogous to cable television channel subscriptions. Given current technology, however, it is difficult for the ISP to sell tiers of network-based services in the same way that the cable television provider sells tiers of channels.
In addition, there is no easy client-side way to restrict access to network-based services by individual users of a STB. As far as the ISP and servers on the network are concerned, every transaction to or from the IP address of the STB has the same rights and privileges. Server-side authentication, such as requiring a password before allowing access to a web site, is well known but inconvenient to both the web site operator and the STB user. The web site must manage a list of users and passwords and the user must supply the user name and password at each web site.
Accordingly, there is a need for a way to provide tiers of network-based services to cable modem users. Ideally, the solution to this need will also allow access to be restricted at the level of the individual user.
The above needs are met by a method and system that authenticates users and authorizes the users to access a walled garden of network services. A user has a client, which is preferably a set top box (STB) coupled to a television set or computer system. The client preferably contains a central processing unit, memory, a television tuner, and a cable modem. The client also preferably contains a video subsystem for generating images on the display and an input for accepting commands from a user.
The client preferably executes software supporting standard web browsing functionality. In one embodiment, the client executes the Windows CE operating system. Programs executing on the operating system include a hypertext markup language (HTML) rendering engine, a JAVA virtual machine for executing JAVA programs, and other controls supporting web browsing functionality. A shell program also preferably executes on the operating system and generates a user interface on the television or computer display coupled to the client.
The cable modem is preferably coupled to a coaxial cable and supports bi-directional broadband communications with a private network using the Internet protocol (IP). The coaxial cable is typically aggregated with other cables into a fiber-optic cable. The fiber-optic cable, in turn, is coupled to a cable modem termination server (CMTS) at a headend. The CMTS contains hardware for terminating the IP data channel, including IP switches, routers, and high-availability servers. The client can also use other broadband communications media, such as digital subscriber line (DSL) and wireless modems to communicate with the private network.
The private network contains a walled garden proxy server (WGPS), a gateway server (GS), and an Internet proxy server. The WGPS controls access to a walled garden providing network-based services. The services available on the walled garden may include, for example, access to electronic content, access to electronic commerce services, and any other functionality that can be provided electronically via a network. These services are provided by one or more walled garden servers coupled to a walled garden network. The walled garden servers may include servers directly coupled to the walled garden network, servers having direct connections to remote application databases, servers coupled to the walled garden network via a virtual private network, and servers having only a frontend on the walled garden network. Each walled garden server is identified by a plot number.
The GS acts as a gateway to a policy server (PS). The PS is coupled to a database of information describing the walled garden access rights of the users. A keymaster provides encryption and decryption keys to the various servers.
When a user wishes to access a service in the walled garden, the client sends a hypertext transport protocol (HTTP) request to the WGPS identifying the plot number of the requested service. If the client has a ticket granting access to the walled garden, the client includes the ticket in an authorization header. If the client does not provide a ticket or the ticket is invalid, the WGPS denies the HTTP request.
In response to a denial, the client sends a message to the GS requesting a ticket. The user authenticates himself or herself to the client by providing authentication information and the client provides this information to the GS. Assuming the user is authenticated, the GS uses the PS to look up the user in the database and determine the services in the walled garden to which the user has access. Then, the GS constructs a ticket including a bit field indicating the user""s access rights, an expiration date, and other information. The PS preferably encrypts the ticket with the encryption key received from the keymaster and transmits the encrypted ticket to the client. The client cannot decrypt or alter the ticket because the client does not know the key.
Then, the client sends the WGPS a new request to access a service in the walled garden and includes the ticket. The WGPS decrypts the ticket using the key and verifies that the ticket is valid. Preferably, the WGPS uses the plot number supplied by the client as an index into the bit field in the ticket. The corresponding bit specifies whether the user has authorization to access the requested walled garden service. If the ticket authorizes the user to access the service, then the WGPS grants the client""s HTTP request.
Accordingly, tiers of services can be maintained by placing the services in the walled garden and giving the user access to only those services in the tier to which the user subscribes. The user, in turn, must authenticate itself only once.