I 1111111111111111 11111 1111111111 lllll 111111111111111 11111 111111111111111111
`
`US009465925B2
`
`(IO) Patent No.: US 9,465,925 B2
`
`
`c12) United States Patent
`Burke, II et al.
`(45)Date of Patent:
`*Oct. 11, 2016
`
`(54)SYSTEM FOR REGULATING ACCESS TO
`
`AND DISTRIBUTING CONTENT IN A
`NETWORK
`
`(71)Applicants:Robert M. Burke, II, Los Gatos, CA
`
`
`
`
`
`(US); David Z. Carman, Tulsa, OK
`(US)
`
`G06Q 50/18
`G06Q 50/26
`(52)
`U.S. Cl.
`CPC ........... G06F 21110 (2013.01); G06Q 3010251
`
`
`
`
`
`(2013.01); G06Q 50/184 (2013.01); G06Q
`
`50/26 (2013.01); H04L 63102 (2013.01);
`
`H04L 63/10 (2013.01); H04L 63/1458
`
`
`(2013.01); H04L 63/30 (2013.01); H04L
`
`2463/1 OJ (2013.01)
`(72) Inventors: Robert M. Burke, II, Los Gatos, CA
`
`
`
`(58)
`
`Field of Classification Search
`
`
`
`(US); David Z. Carman, Tulsa, OK
`USPC .. .. ... ... ... ... ... .. ... ... ... ... .. ... ... ... ... ... .. ... ... 709/225
`
`(US)
`
`
`
`See application file for complete search history.
`
`(2012.01)
`(2012.01)
`
`( *) Notice: Subject to any disclaimer, the term ofthis
`
`
`(56)
`
`
`
`patent is extended or adjusted under 35
`
`
`U.S.C. 154(b) by 90 days.
`
`
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`This patent is subject to a terminal dis­
`
`
`
`
`claimer.
`
`(21)Appl. No.: 14/338,240
`
`(22)Filed:
`Jul. 22, 2014
`
`(65)
`
`
`
`Prior Publication Data
`
`
`
`US 2015/0081427 Al Mar. 19, 2015
`
`6,516,416 B2
`
`2/2003 Gregg et al.
`
`
`
`6,694,429 Bl 2/2004 Kalmanek, Jr. et al.
`
`
`
`2001/0051996 Al 12/2001 Cooper et al.
`
`2002/0059440 Al
`
`5/2002 Hudson et al.
`
`2002/0103778 Al
`8/2002 Saxena
`
`
`2002/0120577 Al 8/2002 Hans et al.
`
`2002/0145981 Al
`
`10/2002 Klinker et al.
`
`2002/0169865 Al
`11/2002 Tarnoff
`
`
`
`2003/0204602 Al 10/2003 Hudson et al.
`
`2003/0233281 Al
`
`
`12/2003 Takeuchi et al.
`2005/0033990 Al
`2/2005 Harvey et al.
`
`
`
`
`
`
`Related U.S. Application Data
`
`
`
`
`
`Primary Examiner - Shripal Khajuria
`
`ABSTRACT
`
`Continuation of application No. 13/369,174, filed on
`
`
`
`(63)
`(57)
`
`Feb. 8, 2012, now Pat. No. 8,799,468, which is a
`There is provided a system for regulating access and man­
`
`
`
`
`
`
`continuation of application No. 10/989,023, filed on
`
`
`
`aging distribution of content in a network, such as the
`Nov. 16, 2004, now Pat. No. 8,122,128.
`
`
`
`Internet. The system includes communication gateways,
`Provisional application No. 60/563,064, filed on Apr.
`
`
`
`
`
`
`
`
`
`installed at a subscriber site, internet control points, installed
`(60)
`
`
`16, 2004, provisional application No. 60/538,370,
`
`
`
`
`
`remotely, and various network elements installed throughout
`
`
`filed on Jan. 22, 2004, provisional application No.
`
`
`
`the network. The communication gateways and network
`
`60/523,057, filed on Nov. 18, 2003.
`
`
`
`
`elements operate in conjunction with the internet control
`
`
`
`
`
`points to restrict or allow access to specified Internet sites
`
`
`
`and to manage efficient distribution of content such as
`
`
`
`music, video, games, broadband data, real-time audio and
`
`
`voice applications, and software to subscribers.
`
`(51)
`Int. Cl.
`H04L 15116
`G06F 21110
`H04L 29106
`G06Q 30102
`
`(2006.01)
`(2013.01)
`(2006.01)
`(2012.01)
`
`
`
`
`
`48 Claims, 7 Drawing Sheets
`
`57
`
`62
`
`Internet Service Provider
`
`64
`Portal
`
`Active
`Intervention
`System
`
`50
`
`Terminal
`
`Subscriber
`Terminal
`
`DISH, Exh.1002, p.0001
`
`

`

`57
`
`Active
`
`62 Internet Service Provider
`64
`Intervention
`Portal
`System
`
`Non-SPA
`Content
`Servers
`
`56
`
`52
`
`r-
`
`_ I
`50
`
`SPA
`Content
`Servers
`
`
`
`Internet/ Metro Area Network
`55
`
`54
`
`Internet
`
`Control Point
`
`SPA Network
`Elements
`
`Non-SPA
`Network
`Elements
`
`I
`
`66
`
`Access Node
`
`581
`
`_I
`
`T
`
`58n
`
`Communication Communication
`
`Gateway
`Gateway
`
`Communication
`Gateway
`
`601
`
`602 I
`) '
`Subscriber
`Subscriber
`Terminal
`Terminal
`
`60n
`
`'
`Subscriber
`Terminal
`
`Figure 1
`
`•
`
`•
`
`�
`� �
`�
`�
`
`........
`0 .... O'I
`
`N
`
`('D
`
`rJJ=­('D
`.........
`0 ....
`
`-....J
`
`d
`r.,;_
`
`0--,
`UI
`
`N
`UI
`
`=
`N
`
`DISH, Exh.1002, p.0002
`
`

`

`
`Sheet 2 of 7
`U.S. Patent Oct. 11, 2016
`
`US 9,465,925 B2
`
`
`
`Communication Gateway 58
`
`To Internet 52
`
`
`I
`
`102
`
`104
`
`Memory
`
`Network
`Interface
`
`Content
`108
`Storage
`
`• Instructions
`
`• Initial Operating
`Parameters
`• Other records
`
`106
`
`Processor ◄
`
`100
`
`User Partition
`
`
`
`Network Partition
`
`User Interface
`
`110
`
`'
`Housing
`Disassembly
`Detector
`
`To Subscriber
`Terminal
`60
`
`
`
`Figure 2
`
`DISH, Exh.1002, p.0003
`
`

`

`
`
`U.S. Patent Oct. 11, 2016 Sheet 3 of 7 US 9,465,925 B2
`
`
`
`
`
`Internet Control Point 50
`
`
`
`To Internet 52
`
`Network
`200
`204 Interfaces
`
`Memory
`
`•Instructions
`•Other records
`
`202
`Processors
`
`Figure 3
`
`DISH, Exh.1002, p.0004
`
`

`

`
`
`U.S. Patent Oct. 11, 2016 Sheet 4 of 7 US 9,465,925 B2
`
`SPA Network Element 54
`
`
`
`
`To Internet 52
`
`Network
`300
`Interfaces
`
`304
`
`Memory Switches 306
`
`•Instructions
`•Other records
`
`302
`Processors
`
`Figure 4
`
`DISH, Exh.1002, p.0005
`
`

`

`
`U.S. Patent Oct. 11,
`2016 Sheet 5 of 7
`
`US 9,465,925 B2
`
`400
`
`�
`
`Receive instructions from
`
`
`network
`
`"
`
`402
`
`�
`
`Receive network access
`
`
`request from a user
`
`404
`
`,, �
`
`Selectively transmit
`
`
`
`network access request in
`
`accordance with received
`instructions
`
`•
`
`406
`
`�
`
`Receive content data
`
`
`
`responsive to transmitted
`network access request
`
`Figure 5
`
`DISH, Exh.1002, p.0006
`
`

`

`
`U.S. Patent Oct. 11,
`2016 Sheet 6 of 7
`
`US 9,465,925 B2
`
`500
`
`�
`
`Receive instructions from
`
`
`
`network at subscribing
`
`network units
`
`502
`
`l
`�
`
`Selectively inhibit access to
`
`
`
`
`content servers by a group
`
`of non-subscribing users in
`
`accordance with received
`instructions
`
`Figure 6
`
`DISH, Exh.1002, p.0007
`
`

`

`
`U.S. Patent Oct. 11,
`
`2016 Sheet 7 of 7 US 9,465,925 B2
`
`Receive, at a first network unit,
`
`
`
`
`
`
`content distribution instructions .......r-- 600
`from the network
`
`Store a first portion of content
`
`
`602
`data from the network
`
`Initiate a request over the
`
`
`
`
`network, in accordance with the
`
`
`instructions and in response to .......r-- 604
`
`a user request, for the
`
`remainder of the content data
`
`Receive the remainder of the
`
`
`--...r--- 606
`
`content data from the network
`
`Assemble the first portion of
`
`
`
`
`
`content data with the remainder i---..r--- 608
`
`of the content data
`
`Supply the assembled content
`
`i---..r--- 610
`data to the user
`
`Selectively forward the first
`
`
`
`of content data to a
`portion
`second network unit in
`
`accordance with the instructions
`
`i---..r--- 612
`
`Figure 7
`
`DISH, Exh.1002, p.0008
`
`

`

`
`
`US 9,465,925 B2
`
`SYSTEM FOR REGULATING ACCESS TO
`
`
`
`AND DISTRIBUTING CONTENT IN A
`
`NETWORK
`
`
`
`TECHNICAL FIELD
`
`BACKGROUND
`
`SUMMARY
`
`1
`
`
`2
`otherwise unsecured Internet. The motion picture industry is
`
`
`
`
`
`
`
`
`
`understandably reluctant, having seen the negative impact
`
`
`
`that piracy has already had on the Music Recording Industry.
`
`
`
`Content providers thus demand this feature to stop the illegal
`
`
`downloading and transmission of intellectual property over
`5
`
`
`
`This application is a continuation of U.S. patent applica-
`
`
`the Internet which has cost the music and movie industries
`
`
`tion Ser. No. 13/369,174, filed Feb. 8, 2012 and entitled
`
`
`
`
`
`billions of dollars annually. Techniques that reduce the strain
`
`"SYSTEM FOR REGULATING ACCESS TO AND DIS­
`
`
`
`on a content provider's resources and reduce the high
`
`
`TRIBUTING CONTENT IN A NETWORK," now U.S. Pat.
`
`
`
`volumes of network data traffic are also desirable in order to
`
`
`No. 8,799,468, which is a continuation of U.S. patent
`
`
`
`
`improve the speed and efficiency of accessing content in a
`
`application Ser. No. 10/989,023, filed Nov. 16, 2004 and 10
`
`network.
`
`
`entitled "SYSTEM FOR REGULATING ACCESS TO AND
`Another difficult problem that remains to be solved is
`
`
`
`
`
`
`DISTRIBUTING CONTENT IN A NETWORK," now U.S.
`
`
`
`
`providing a means for law enforcement agencies to execute
`
`
`
`
`Pat. No. 8,122,128, which claims the benefit of U.S. Provi­
`
`
`
`
`warrants to wire-tap Internet communications such as email
`
`
`
`sional Application No. 60/523,057 filed Nov. 18, 2003, U.S.
`
`
`and real-time audio and video communications. A solution
`15
`
`
`Provisional Application No. 60/538,370 filed Jan. 22, 2004,
`
`
`
`
`to this problem is especially desirable considering the
`
`
`
`and U.S. Provisional Application No. 60/563,064 filed Apr.
`
`
`
`
`
`importance of thwarting terrorist attacks. The Patriot Act and
`
`
`
`
`16, 2004, the entire content and disclosures of the preceding
`
`
`
`
`
`other recently passed legislation indicate the desirability and
`
`
`
`enumerated provisional and non-provisional applications are
`
`
`
`importance of providing such capabilities to law enforce-
`
`hereby incorporated in their entirety.
`20 ment bodies.
`It is therefore desirable to provide new access regulation
`
`
`
`
`
`
`
`
`and data traffic control techniques that can be made available
`
`
`
`
`
`This invention is in general related
`
`
`to telephone to regulation of access line carriers, ISPs, enterprises, cable television
`
`
`
`
`to a network and, more particularly,
`
`
`
`companies, to distributing content for their Internet access networks. In addition, it
`
`
`
`25 is desirable to provide a means for law enforcement bodies
`
`efficiently while protecting the digital rights associated with
`
`
`
`
`
`
`
`to combat the prevalent use of Internet communications in
`the content.
`
`
`
`
`
`
`planning illegal operations. In particular, it is desirable to
`
`
`
`meet these needs using the service provider's existing dis­
`
`tribution network.
`
`The network commonly known as the Internet, or any 30
`
`
`
`
`
`
`
`similar private or managed network, provides a convenient
`
`
`
`medium for the delivery of electronic data or content such as
`Consistent with the invention, there is provided a system
`
`
`
`
`
`
`music, video, games, broadband data, real-time audio and
`
`
`
`
`for regulating access to a network. The system comprises a
`
`
`
`voice applications, and software to subscribers. To accom­
`
`
`
`
`controller node coupled to the network, the controller node
`
`
`
`plish these purposes, the Internet is composed of several
`35
`
`
`comprising a first processor for generating controller
`
`
`
`
`
`components including, for example, content providers for
`
`
`
`
`
`instructions and a first network interface for transmitting the
`
`generating content; service providers for delivering content;
`
`
`
`controller instructions over the network. The system also
`
`
`
`
`subscriber terminals for receiving, displaying and playing
`
`
`
`
`
`comprises a plurality of gateway units, the gateway units
`
`
`
`
`
`content; and various additional network elements between
`
`
`
`comprising a user interface receiving user-entered network
`
`
`
`
`service providers and subscribers for aiding in the distribu-
`40
`
`
`
`
`
`access requests, a second network interface coupled to the
`
`
`
`
`tion of the content. Service providers include, for example,
`
`
`
`network and receiving the controller instructions from the
`
`
`
`telephone line carriers, enterprise data centers, and cable
`
`
`network and a second processor, the second processor
`
`
`
`
`television providers. Subscriber terminals are located at
`
`
`
`
`selectively transmitting at least some of the network access
`
`
`
`
`subscriber premises and include, for example, personal
`
`
`
`requests over the network in accordance with the controller
`
`
`
`computers, televisions configured with modems, a combi-
`45
`
`
`
`
`instructions, and transferring content data responsive to the
`
`
`nation of both, or any other combination of consumer
`
`
`
`
`
`transmitted network access requests over the network via the
`
`
`
`
`
`electronics capable of presenting electronic content to a
`
`second network interface.
`subscriber.
`Consistent with another aspect of the present invention,
`
`
`
`
`
`
`
`
`Interest in providing delivery of content via the Internet
`
`
`
`there is also provided a system for regulating access to a
`
`
`has remained high throughout the growth of the Internet.
`50
`
`
`
`
`network that is accessed by a plurality of users. The system
`
`
`
`
`Several problems have yet to be overcome, however, before
`
`
`
`
`
`comprises a controller node coupled to the network, the
`
`
`
`
`the Internet is fully effective at delivering content efficiently
`
`
`
`controller node comprising a first processor for generating
`
`
`
`and rapidly, while also protecting the rights of the owners of
`
`
`
`controller instructions and a first network interface for
`
`
`
`
`content, that is, the owners of intellectual property. Tech­
`
`
`
`transmitting the controller instructions over the network.
`
`
`
`niques for protecting this intellectual property are often 55
`
`
`
`The system also comprises a plurality of network units
`
`
`
`
`referred to as Digital Rights Management (DRM). Recent
`
`
`
`associated with a first group of users, the network units
`
`
`
`music industry lawsuits over the distribution of pirated
`
`
`comprising a second network interface coupled to the net­
`
`
`
`
`music are evidence of the difficulties not yet solved by
`
`
`work and receiving the controller instructions from the
`
`current DRM techniques.
`
`
`network and a second processor, the second processor
`
`
`
`
`Service providers and content providers need the assur-60
`
`
`
`
`inhibiting access for a second group of users to content in the
`
`
`
`
`ance that the intellectual property (music, video, games,
`
`
`network in accordance with the controller instructions.
`
`
`
`
`
`software, etc.) will be secure from illegal downloading and
`
`
`
`
`
`Consistent with yet another aspect of the present inven­
`
`
`
`transmission over the Internet, a major source of lost rev­
`
`
`
`tion, there is also provided a system for distributing content
`
`
`
`enues and the basis for hundreds of lawsuits. Service pro­
`
`
`over a network. The system comprises a controller node
`
`
`
`viders want this feature to halt the legal onslaught launched
`65
`
`
`
`coupled to the network, the controller node comprising a
`
`
`by music companies and to encourage the motion picture
`
`
`
`
`first processor for generating controller instructions and a
`
`
`
`
`industry to license their content for distribution over the
`
`DISH, Exh.1002, p.0009
`
`

`

`
`
`US 9,465,925 B2
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`
`
`4
`3
`first network interface for transmitting the controller instruc­
`
`
`
`
`control the processing of data sent between subscribers ( e.g.,
`
`
`
`
`
`
`tions over the network. The system also comprises a plu­
`
`
`
`
`client PCs or L AN servers) and the ISPs or content servers
`
`
`
`rality of network units, the network units comprising a
`
`
`with which they are exchanging information, using the CGs.
`
`
`
`
`
`second network interface coupled to the network, the second
`
`
`
`The ICPs cooperate with hardware and software of the CGs
`
`
`
`
`5 located at a subscriber's premises to provide the specific
`
`
`
`
`network interface in at least a first one of the network units
`
`
`receiving the controller instructions from the network and
`
`features of the system.
`
`
`
`receiving a portion of a content data file from at least a
`The CGs cannot be tampered with by subscribers. This is
`
`
`
`
`
`second one of the network units and a second processor, the
`
`
`
`accomplished by two aspects of the CGs. First, CGs are
`
`
`
`
`
`second processor in the at least first one of the network units
`
`
`
`specifically designed to permit no subscriber-initiated pro-
`
`
`
`IO gramming and no access to the CG hardware or software.
`
`
`
`
`selectively forwarding the portion of the content data file
`
`
`
`received from the at least second one of the network units to
`
`
`
`
`Instead, the CGs are provided only with compiled code
`
`
`
`at least a third one of the network units in accordance with
`
`loaded from flash memory, a hard drive, or EEPROM.
`the controller instructions.
`
`
`
`
`Updates to this code are obtained from ICPs and encrypted
`
`
`
`It is to be understood that both the foregoing general
`
`
`
`
`locations toundocumented 15 passwords are stored in hidden,
`
`
`
`
`description and the following detailed description are exem­
`
`
`allow authentication of ICP presence prior to CG control
`
`
`plary and explanatory only and are not restrictive of the
`
`
`program update. The passwords are changed frequently
`
`invention, as claimed.
`
`
`
`during an "idle process control" phase and tracked by an
`
`
`
`The accompanying drawings, which are incorporated in
`ICP.
`
`
`and constitute a part of this specification, illustrate one
`
`The second anti-tampering aspect is the provision of a
`
`
`
`
`(several) embodiment(s) of the invention and together with 20
`
`
`
`
`
`
`
`
`housing for the CGs and a detector consisting of a one or
`
`
`the description, serve to explain the principles of the inven­
`
`
`
`
`
`more "deadman" switches that are tripped upon opening the
`tion.
`
`
`
`
`housing or removing a CG's hard drive. The circuit may be
`
`
`either passive or active.
`25 If the detector is passive, it signals an internal controller
`
`
`
`
`
`
`
`FIG. 1 depicts the overall environment in which the
`
`
`
`upon re-start that it has been tripped and causes an event
`
`
`present invention is implemented.
`
`
`notification sent to an ICP upon next power-up. Upon receipt
`
`
`
`
`FIG. 2 depicts a communication gateway consistent with
`
`
`
`of the event notification, either the ICP initiates diagnostics
`
`the present invention.
`
`
`
`
`and disables the CG if a software tamper has occurred, or the
`
`
`
`3° CG disables both its control software and its internal hard
`
`
`
`
`
`FIG. 3 depicts an internet control point consistent with the
`
`present invention.
`
`
`
`drive to prevent the hard drive from operating, until it is
`
`
`
`
`FIG. 4 depicts a network element consistent with the
`
`
`
`
`returned to the ISP for repair. Subscriber agreements may be
`
`present invention.
`
`
`
`used to supply a contract provision specifying that tamper-
`FIG. 5 is a flow chart of a method for selectively trans­
`
`
`
`ing voids the warranty and that the subscriber deeds a
`35
`
`
`
`
`mitting network access requests consistent with the present
`
`
`
`portion of the CG to the ISP and agrees to return tampered
`invention.
`
`products to the ISP.
`
`
`FIG. 6 is a flow chart of a method for inhibiting access to
`If the detector is active, the "deadman switch" is kept
`
`
`
`
`
`content servers on a network consistent with the present
`
`
`
`
`
`
`
`
`powered by, for example, battery or capacitor. The trip is
`invention.
`
`
`
`software in the 40 used to immediately disable the controller
`
`
`FIG. 7 is a flow chart of a method for distributing content
`
`
`
`
`processor and the internal hard drive of the CG. Both may
`
`
`
`in a network consistent with the present invention.
`
`
`
`be reset only by the ICP, either automatically or by human
`DETAILED DESCRIPTION
`
`
`
`
`intervention. These measures prevent subscribers from writ­
`
`
`
`
`ing, compiling, executing. modifying, or otherwise tamper-
`
`
`
`45 ing with the operating software of the CG. Second, the active
`System Architecture
`
`
`
`
`Consistent with principles of the present invention, there
`
`
`
`
`mode prevents users from getting access to the content on
`
`
`
`
`is provided a system including a Service Preference Archi­
`the hard drive.
`
`
`
`tecture (SPA). The SPA is a collection of hardware compo­
`In addition to these tamper-proof provisions, all ICP-CG
`
`
`
`
`
`nents and software routines executed by the components.
`
`
`
`communications take place within the ISP side of the
`
`
`
`Components installed at a subscriber's site may be referred
`
`
`
`50 network and ICP-CG communications are secured with
`
`
`
`
`encryption and hashing. Furthermore, all CGs must be
`
`
`
`to as gateway units, or more specifically, Communication
`
`registered with the ISP. An ICP will not enable any service
`Gateways (CGs). The subscribers may include residential
`
`
`
`
`
`to an un-registered CG and an un-registered CG will not
`and business subscribers. The CGs may include a data
`
`
`
`
`
`
`operate in an experimental environment at all. At the onset
`storage device such as a hard drive, and are operable
`
`
`
`
`
`of power-up or transition from an inactive to an active state,
`between active and inactive states. CGs operate in conjunc- 55
`
`
`
`
`
`
`
`the CG signals the ICP and the ICP returns an "OK" message
`
`tion with SPA-based Internet Service Providers (ISPs) under
`
`
`
`
`
`
`
`
`prior to proceeding further. This transaction requires an
`
`the control of "controller nodes," hereinafter referred to as
`
`
`
`
`
`
`
`encrypted password exchange to authorize the CG to enter
`
`
`Internet Control Points (ICPs). The ICPs are installed in an
`
`
`
`
`
`
`an "active" state where it can play back, download or be
`ISP's network. ICPs may be network-based routers or com­
`
`
`
`
`
`
`
`60 used for anything delivering services to users. These mea­
`
`
`
`puters that control the operation of CGs.
`
`
`The software routines located
`
`
`
`
`sures ensure secure in CGs and ICPs provide a control of the data flow between both the
`
`suite of features for the system.
`
`ICP and the CG. This secure ISPs, such as telecommu­ flow of data then enables ISPs
`
`
`
`
`
`
`
`to effectively and efficiently control the services provided to
`
`
`
`nication carriers, electronic data centers, and cable TV
`
`companies, may be equipped to deliver subscribers. the suite of features
`
`
`
`65 Reference will now be made in detail to the present
`
`
`
`
`by using a network service based system.
`
`
`
`
`
`
`
`
`In general, the SPA uses ICPs to control subscriber access embodiments (exemplary embodiments) of the invention,
`
`
`
`
`
`to web sites and to deliver data to subscribers. The ICPs examples of which are illustrated in the accompanying
`
`DISH, Exh.1002, p.0010
`
`

`

`
`
`US 9,465,925 B2
`
`6
`5
`
`
`drawings. Wherever possible, the same reference numbers ability to access services that are offered by ISP portal 62.
`
`
`
`
`
`
`
`
`
`
`
`
`services, various will be used throughout the drawings to refer to the same or ICP 50 also controls CGs 58 to deliver
`like parts.
`
`
`
`including, for example, advertisements, the home page for
`
`
`ISP Portal 62 or SPA-controlled content server 56 web
`
`
`FIG. 1 illustrates an environment in which the invention
`
`
`
`5 servers, or software downloads to subscriber terminals
`
`may operate. A Service Preference Architecture (SPA) may
`
`
`
`60
`
`
`
`content for their use of ISP 62 or SPA-controlled server 56
`include at least one Internet Control Point ("ICP") 50
`
`
`
`connected to a network 52. Network 52 may be, for
`
`
`services.
`
`
`
`
`example, the Internet, a metro area network, or a local area
`network ele­ICP 50 also interacts with SPA-controlled
`
`
`
`
`
`network, and may include a plurality of SPA-controlled
`
`
`
`ments 54 used by ISP portal services. 62 to deliver ICP 50
`
`
`network ele- 10 network elements 54 and non-SPA-controlled
`
`
`
`
`controls subscribers' ability to access services that are
`
`
`ments 55. Network elements
`
`
`
`of the offered by the for ISP portal 54, 55 may include, 62 and controls the operation
`
`
`
`services themselves by controlling the flow of data through
`
`example, network switches and routers. SPA-controlled net­
`
`
`
`
`
`
`
`
`SPA-controlled network elements 54 used by ISP portal 62.
`
`
`access and distributing work elements 54 aid in regulating
`
`
`
`by ICP 50 may be progranimed either by human input or
`
`
`content through network 52.
`
`
`15 operator-controlled web crawler software. Updates to a
`
`
`
`servers includ­Also connected to network 52 are content
`
`
`by an active interven­database in ICP 50 may be provided
`
`
`
`ing at least one SPA-controlled content server 56 and a
`
`
`
`
`entries tion system changes 64 whereby to ICP 50 database
`
`
`
`
`plurality of communication gateways ("CGs") 58, including
`
`
`
`are discovered and implemented. The updates to ICP 50
`
`CGs 581, 582, ... 58n. A subscriber terminal 601, 602, ...
`
`
`
`database may be made in a manner analogous to the regular
`
`CG 58, or in an 60n may be connected to each respective
`
`
`
`
`20 updating of virus definitions for computer virus and worm
`
`
`
`alternative embodiment not shown, may be combined with
`protection.
`
`
`each respective CG 58 to form "converged" CGs 58.
`The web crawlers, human intervention, and ICP 50 and
`
`
`
`
`An SPA-controlled content server 56 may be, for
`
`
`
`
`by active inter­CG 58 database updates may be controlled
`
`
`example, a computing terminal used to deliver content
`
`
`vention system 64. Active intervention system 64 may
`
`
`
`
`services. A content service may include, for example, deliv­
`
`
`
`
`25 include, for example, a set of centrally maintained computer
`
`
`
`
`ery of any media file (such as movies, music, pictures, and
`
`
`
`systems. Active intervention the system 64 may control
`
`
`graphics), software file (such as a complete application,
`
`
`
`
`operation of various geographically deployed ICPs 50.
`
`
`
`operating parameters, data files, or partial application/up­
`
`
`
`The process begins with active intervention system 64.
`
`
`
`
`dates) or a real time application (such as interactive data
`
`
`Active intervention system 64 is used by human operators to
`
`
`processing, voice communications or visual communica­
`
`
`
`30 discover new URLs or IP addresses to "pirate" sites to
`
`
`
`tions to an end user). In an alternative embodiment, the
`
`
`
`conditionally deny access to these URLs or IP addresses by
`
`
`
`functions of SPA-controlled content server 56 and ICP 50
`
`
`
`to implement Digital CGs 58, discover changes needed
`
`
`may be combined in a single component.
`
`
`
`Rights Management (DRM) techniques, discover and record
`
`
`
`subscriber ICP 50 is typically located remotely from
`
`
`
`
`new packet characteristics, install wiretaps as ordered, pro-
`
`
`
`
`access to network both subscriber terminals 60 and regulates
`
`
`
`35 cess new copyright registry entries, change encryption tech­
`
`
`
`52 and distribution of content in network 52. The content
`
`
`
`niques, and perform other management services. ICPs 50
`
`
`
`may originate from SPA-controlled content server 56, for
`
`
`
`
`then deliver active and real time executed network manage­
`
`
`
`example, or from other content servers 57 in network 52.
`
`
`
`
`ment, distribute new database entries and software changes
`
`ICP 50 works in conjunction with CGs 58 and SPA-con­
`
`
`
`net-to CGs 58 and track operation of the SPA-controlled
`
`
`trolled network elements instructions 54 by generating
`
`
`
`
`
`there one ICP 40 work elements 54. Although 50 is illustrated
`
`which are transmitted over network 52 to CGs 58 and
`
`
`may be more. Thus, multiple ICPs 50 may be networked
`
`
`
`SPA-controlled network elements 54, where the instructions
`
`
`
`together to enable them to manage large numbers of SPA­
`are executed.
`
`
`
`controlled network elements redundant, 54 and provide
`
`
`ICP 50 may constitute the source of internet service
`
`
`
`highly reliable operation. Furthermore, ICPs 50 may all use
`
`
`
`
`control and conditional denial of subscriber access to ISP­
`
`
`
`45 identical databases to enable uninterrupted network man-
`
`
`
`selected URLs or IP addresses. ICP 50 may control CGs 58
`agement.
`
`
`to determine what web site data is allowed to pass through
`
`
`
`to subscribers using, for example, web browser programs
`As illustrated in FIG. 2, a CG a user 58 may include
`
`
`
`
`
`
`executing in subscriber terminals 60. ICP 50 may also
`
`
`
`
`
`by entered subscriber requests, interface 100 that receives
`
`
`control packet inspection processing in CGs 58 to determine
`
`
`
`
`subscribers at an associated subscriber terminal 60, to access
`
`
`which data can be allowed to flow through CGs 58 to and 50
`
`
`
`
`
`interface include a network network 52. CG 58 may also 102
`
`
`
`when e-mail or from subscriber terminals 60, specifically
`
`
`
`instructions to exchange data with network 52 and to receive
`
`
`
`
`what activi­file transfers are initiated. controls ICP 50 also
`
`
`
`database for from ICP 50; a memory device 104 including a
`
`ties are engaged in by idle CGs 58 when corresponding
`
`
`
`
`
`storing ICP-generated instructions, initial operating param­
`
`
`
`subscriber terminals 60 are inactive. Idle CGs 58 may
`
`
`
`
`the eters, and other records; a processor 106 to implement
`
`
`
`
`data, and 55 receive software downloads from ICP 50, collect
`
`
`
`instructions; a content storage device 108 having a user
`
`
`
`
`
`initiate communications activities that are disruptive to
`
`
`
`
`
`partition and a network partition for storing content; and a
`
`
`
`certain non-SPA content servers unauthorized 57 that offer
`
`
`
`
`tampering, as housing disassembly detector 110 to prevent
`
`
`copyrighted materials for illegal download by subscribers.
`
`
`for example, described above. Memory device 104 may be,
`
`
`
`in an geographically Multiple ICPs 50 may be deployed
`
`
`a bank of one or more semiconductor memories, a bank of
`
`
`
`
`ISP's network to support the CG management capacity of 60
`
`
`
`one or more hard disk drives, a combination of semicon­
`
`
`
`ICP 50 and the number of subscribers in its service area.
`
`
`ductor memories and hard disk drives or any other device
`
`An ISP may provide
`
`
`that holds data. Processor sub­an ISP portal 62 to facilitate 106 may be, for example, a
`
`
`
`scriber access to network
`
`an 4 processor, such as a Pentium general purpose processor ( 52. ISP portal 62 may be, for
`
`
`
`
`example, an enterprise data center.
`
`
`
`that of integrated circuits) integrated circuit, or collection Access node 66 is
`
`
`
`
`
`
`
`associated
`can execute with the ISP providing ISP portal program instructions 62. ICP 50 65 and is design ed to allow
`
`
`interacts with ISP portal 62, ISP associated
`
`
`and in purely software control of CG access node 66, 58 to be implemented
`
`
`
`
`
`and SPA-controlled content
`
`general purpose may also be used for non-CG related server 56 to control subscribers'
`
`
`
`DISH, Exh.1002, p.0011
`
`

`

`
`
`US 9,465,925 B2
`
`8
`
`7
`computing applications, or processor 106 may be a special
`
`
`
`a series of re-tries until finally a timeout or maximum
`
`
`
`
`
`purpose processor (integrated circuit or collection of inte­
`
`
`
`number of re-tries occurs. When this occurs, a diagnostic
`
`
`
`
`grated circuits) that can execute program instructions and is
`
`
`
`subscriber program may be executed in CG 58 to advise the
`
`designed with only the power, bus, memory, logic and
`
`
`
`what to do next, based on the deduced source of the failure.
`
`
`
`hardware accelerators needed to control CG 58. Content 5
`
`
`
`
`delivery of content and control Active CGs 58 may process
`
`
`bank of one or more storage 108 may be, for example, a
`
`
`
`and services from SPA-controlled content server 56 or ISP
`
`
`
`semiconductor memories, a bank of one or more hard disk
`
`
`
`
`and control either portal 62. Inactive CGs 58 may process
`
`
`
`
`drives, a combination of semiconductor memories and hard
`
`
`
`CG maintenance or may carry out activity delegated to
`
`disk drives or any other device that holds data. CGs may be
`
`inactive CGs by design.
`
`
`
`provided in various forms, such as, for example, a gateway 10
`
`Conditional Denial
`
`
`
`
`module that combines TV, video, internet and voice access,
`for with the invention FIG. 5 shows a method, consistent
`
`
`
`
`
`
`
`a dial-up remote access server, an ADSL modem/router, a
`
`
`regulating user access to a network. In step 400, a gateway
`
`
`satellite TV gateway, a cable TV modem, a converged set
`
`
`
`unit associated with a user receives controller instructions
`
`
`
`
`top-plus-internet gateway, a wireless modem, or other fixed
`
`
`
`from the network. Next, at step 402, the gateway unit
`
`
`
`
`
`or mobile computing, playback, recording, display or com- 15
`
`
`
`receives a network access request from a user, via a sub­
`
`
`
`munications device including radio, TV, stereo, wireless
`
`
`
`unit selectively scriber terminal. At step 404, the gateway
`
`
`phone, phone, DVD, VCR, WLAN access point, wireless
`
`
`
`
`transmits the network access requests over the network in
`
`
`
`
`broadband or narrowband modem, or similar device.
`
`
`
`
`accordance with the controller instructions. Finally, at step
`
`As illustrated in FIG. 3, an ICP 50 may include one or
`
`
`
`data responsive to the 406, the gateway unit receives content
`
`
`
`
`processors more network interfaces 200, one or more 202, a 20
`
`
`
`
`
`
`transmitted network access request from the network. Con­
`
`
`
`records, memory device 204 including a database for storing
`
`
`
`
`sistent with the present invention, this section, and others
`
`
`
`and a non-internet communications link for traffic between
`
`
`
`that follow, describe in more detail the implementation of
`
`
`
`processors and shared storage and memory. The records
`this method.
`
`
`
`
`preferably include instructions that may be updated by
`CGs 58, under ICP 50 control, may provide a network­
`
`
`
`active intervention system 64 and distributed to CGs 58 and 25
`
`
`based Digital Rights Management (DRM) service. The
`
`
`
`SPA-controlled network elements 54 for execution.
`
`
`
`
`DRM service denies subscribers the capability to send or to
`
`
`
`As illustrated in FIG. 4, SPA-controlled network elements
`
`receive data from or to "pirate" URLs or IP addresses that
`
`
`
`
`interfaces 54 may include one or more network 300, one or
`
`
`
`
`are known to contain unlicensed copyrighted material. In
`
`
`more processors 302, a memory device 304 including a
`
`
`
`
`URL or implementing this denial, the "pirate" CG 58 deletes
`
`
`database, and one or more switch modules 306 for providing 30
`
`
`IP address an