WO2006090284A1 - System and method for managing virtual user domains - Google Patents

System and method for managing virtual user domains Download PDF

Info

Publication number
WO2006090284A1
WO2006090284A1 PCT/IB2006/000686 IB2006000686W WO2006090284A1 WO 2006090284 A1 WO2006090284 A1 WO 2006090284A1 IB 2006000686 W IB2006000686 W IB 2006000686W WO 2006090284 A1 WO2006090284 A1 WO 2006090284A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
domain
services
subscriber
access
Prior art date
Application number
PCT/IB2006/000686
Other languages
French (fr)
Inventor
Ndiata Kalonji
Lance Pham
Original Assignee
France Telecom
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by France Telecom filed Critical France Telecom
Priority to EP06710595A priority Critical patent/EP1861956A1/en
Publication of WO2006090284A1 publication Critical patent/WO2006090284A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • H04L12/2869Operational details of access network equipments
    • H04L12/2898Subscriber equipments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • the present invention is directed to a method and system for managing configurable services provided to a group of users, and in one embodiment to a method and system for managing user-centric services in a virtual user domain.
  • a network e.g., a telephone-, cable- or DSL- based network
  • a carrier or service provider by creating an active session (e.g., a DSL pppoa or pppoe session).
  • the residential connection requires neither a login name nor password.
  • the circuit is simply provisioned at the central office without requiring much set up at the customer premise.
  • the customer premise equipment usually a standalone DSL or cable modem, is either preconfigured or requires minimum configuration and plugs into a provisioned RJ-Il line (WAN interface) or coaxial cable connection going out of the home.
  • a router For multiple nodes (e.g., PCs, laptops, access points, VoIP phones) to connect on the same line, a router is connected to the LAN interface of the modem and provides DHCP and NAT services that enable all nodes on the LAN to connect to the Internet. All these nodes' private IP addresses are translated to a single internet address (i.e., the address of the router), and the router performs port (TCP/UDP port) translation services.
  • the outgoing connections are configured to look like they come from a usually different port number at the router, and incoming connections are converted to ports on the nodes as specified at the router.
  • This dual translation allows multiple nodes to share a single IP address with respect to nodes not on the user's network, while still allowing each of the nodes to make separate connections to the Internet, hi the context of a DSL connection, the DSL subscriber known to the carrier is in fact no more than an ATM circuit id referenced to the billing and service address of the payer. Similarly, for a cable-based connection, the cable subscriber is nothing more than a cable modem MAC address referenced to the billing and service address of the payer. AU traffic is classified as best effort (BE) "up to" some published downstream or upstream data rate.
  • BE best effort
  • the advancement of user sessions and flow management techniques at layer 7 holds promise in delivering high quality IP formatted content to the home. Additionally, the maturity and adoption of new broadband access technology such as VDSL, Ethernet, Wi-Max, and optical fiber are enabling telecommunication carriers and MSOs to deliver a richer product portfolio that includes voice, data, and video with user flexibility and at the service quality worth paying for.
  • new broadband access technology such as VDSL, Ethernet, Wi-Max, and optical fiber are enabling telecommunication carriers and MSOs to deliver a richer product portfolio that includes voice, data, and video with user flexibility and at the service quality worth paying for.
  • the current subscriber access and aggregation architecture there are several subscriber elements missing that cannot allow the paying subscriber to monitor, control, or manage usage of his broadband connection; enable nomadic access with trusted domain, and maintain personalized access profiles.
  • the present invention is directed to increasing the amount of customization of
  • the present invention addresses the previous lack of subscriber identity tracking and management for residential broadband lines.
  • the present invention provides customized access and enhanced IP services for a subscriber's household members (virtual user domain) and his/her circle of extended families, relatives, and friends (multiple virtual user domains).
  • the present invention enables the subscriber to create multiple user profiles per broadband link; tailor activities such as web services to a specific user and group profile; provide restricted access to minors (e.g. allow only age appropriate content to be viewed); and facilitate connection at multiple access points on a carrier's edge network.
  • Each user's identity and access privileges may also change over time, and the present invention allows the user and virtual user domain to be updated, managed, and protected.
  • This enables the root broadband subscriber to create his own virtual domain that include rich user profiles with varying privileges and restrictions that can connect at any point within the carrier's or service provider's edge network.
  • inter-user domain access e.g. is user2.rootl@domainl accessing the network through domain2's connection point
  • Figure 1 is an illustration of an exemplary residential gateway for performing translation and domain services according to the present invention.
  • Figure 2 is an illustration of the internals of the exemplary residential gateway of Figure 1, including the domain specific and user-specific information stored in at least one memory of the residential gateway.
  • FIG. 1 is an illustration of an exemplary residential gateway for performing translation and domain services according to the present invention.
  • the gateway includes an outgoing data link that can be in the form of (1) a physical connection to the outside world (e.g., a coaxial cable, a DSL line or a standard telephone line) or (2) a data communications link (e.g., an Ethernet or USB link) that connects the gateway to a modem that is in turn connected to a physical connection to the outside world (e.g., a coaxial cable, a DSL line or a standard telephone line).
  • the outgoing data link is typically, but not always, a broadband link to the external world.
  • the gateway also includes at least one incoming link that connects the gateway to various nodes internal to the network.
  • incoming links are generally in the form of a wired connection (e.g., such as an Ethernet link) or a wireless connection (e.g., a WiFi-Max connection or an 802. Hx connection, where "x" represents one of the family of standards such as "a", "b", or "g").
  • the residential gateway of Figure 1 includes a processor and memory for providing domain specific and user-specific services as well as conventional services, such as DHCP and network address translation.
  • DHCP domain specific and user-specific services
  • conventional services such as DHCP and network address translation.
  • the residential gateway e.g., using a web browser connected to the gateway from within the residential network or from external to residential gateway
  • services such as shown in Table 1 below can be performed by an authorized user with the help of the gateway, as will be discussed in more detail below.
  • An example of how virtual user domains can be managed by the present invention is provided below. For the purpose of the example, it is assumed that John Smith has a premium ISP and DSL service subscription with a service provider SP. He and his wife, Mrs. Catherine Smith, have two children and one nephew living with them.
  • John Smith Jr, Sarah Smith, and Karen Lee are 17, 8 and 9, respectively.
  • John establishes his virtual domain called JohnSmith@l 14087891452.
  • sp.ext where "ext” represents a network extension such as “com” or “net” or even an international extension such as "co.jp”.
  • Mr. Smith as the contact point for his service provider, is given administrative right to this domain, and creates other user profiles under this domain. Those profiles are identified as followed:
  • Each of these 114087891452. sp.ext subscribers has various levels of access with regard voice, data, and video services that can be provided across the outgoing data link.
  • Mr. Smith configures Catherine as an operator of the domain, while John Jr, Sarah, and Karen are configured as normal users.
  • the profiles are organized at different levels, e.g., (1) domain owner or administrator rights, (2) normal subscriber rights and (3) visitor rights.
  • domain owner or administrator rights those rights enable services such as those listed in Table 1 below, hi the example, Mr. Smith acts as the administrator of the virtual user domain (114087891452. sp.ext) that he has created through his service provider.
  • His administrator rights are associated with his full identify (i.e., JohnSmith@114087891452.sp.ext) within the user domain.
  • Mr. Smith is able to create the other user identities described above (e.g., SarahSmith@114087891452.sp.ext).
  • Mr. Smith may then set restrictions on the newly created account (or update restrictions on previously created accounts) such as restrictions on the video channel viewing of the associated user.
  • restrictions might include restricting viewing to pre-defined, age appropriate channels group, which John can customize by deleting or adding to the group under the pool of broadcast channels John had purchased in his subscriber package.
  • John creates a first group of channels that are considered appropriate for those under 13, a second group of channels that are considered appropriate for those 17 and under, and a third group of channels for adults only. Having created each of these groups, John then associates Sarah and KarenLee with the first group of channels, John Jr. with the second group of channels, and himself and Catherine with the third group of channels.
  • John can use his rights to (1) block Sarah's voice usage from certain phone numbers (e.g. adult entertainment entities) and (2) restrict her broadband activities to evening hours not to exceed 10pm during school days.
  • various filters can be set to act as content controls. Administrators are not the only users that can manage rights under the present invention. Users can, to the extent permitted by the administrator, manage their own user-specific information. For example, Table 2 below shows exemplary services that can be controlled by the user, if so authorized by the administrator.
  • ADSI Microsoft Active Directory Service Interface
  • the User Domain Directory Services can start, stop, search, sort, and perform results and error handling.
  • the Directory Services may replicate data widely to increase availability and reliability, and consequently reduce response time. When directory data is replicated, temporary inconsistencies between the replicas may be acceptable — as long as all the replicas are updated eventually — depending on the particular role of the directory.
  • a directory service There are many methods used to provide a directory service. Different methods allow various types of data to be stored in a directory, require the data to be referenced, queried, updated, protected, and so on. Some directory services are local, providing service to a restricted context. Other services are global, providing service to a much broader context, for example, the entire Internet. Global services are usually distributed, meaning that the data they contain is shared across many computers which cooperate to provide the directory service. Typically, a global service defines a uniform namespace, which gives the same view of the data regardless of where the computer is in relation to the data. In conjunction with LDAP technology, Microsoft Active Directory also presents some useful features for a User Domain implementation. Its global namespace follows DNS structure and uses LDAP to access objects within the directory service data store. It has location transparency to aid in nomadic access. It can find user, group (virtual user domain), networked service or resource (video channels allowed for that particular user), and data without the object address, requiring location specific domain login).
  • the authentication and services information also need not be stored within a single gateway. Instead, the gateway may securely communicate with another device (e.g., a master gateway or authentication system) such that the user may be authenticated remotely and the services available to the user may be provided or authorized from a remote device.
  • a master gateway may be housed at one or more service providers.
  • the master gateway may belong to an Internet Service Provider (ISP) or another service provider such as a voice or video provider.
  • ISP Internet Service Provider
  • the subscriber can reach the ISP or voice/video gateway to request that the ISP or voice/video provider temporarily send the subscriber's service to the friend.
  • the subscriber can get to its Internet/voice/video services anywhere that it can reach the ISP or voice/video provider.
  • Such a service will also allow peer-to- peer authentication between ISPs or voice/video providers in that the ISPs or voice/video providers can contact each other to ensure that the requester has the proper rights to support a request at a new location.
  • ISPs or voice/video providers may provide such a service in order to provide maximum flexibility for their subscribers, despite having to open their networks to competitors. Moreover, such an open network regulation may eventually be required by governmental regulations.
  • a user entry in a user domain directory is an object of a user domain class with a rich set of properties managed by the service provider.
  • Its property may include authentication type; child entry (for administrator), global unique identifier (as returned from the provider), name (under local directory service), parent element (such as service provider), etc.
  • smith domain user profiles remain enforced and adaptable to nomadic access at other user domain under trust relationship established by John. Uncle Smith's domain may have less children's channels, but Sarah will only be able to view those channels while she stays over at her cousin's home for the weekend, hi some other access policies, tighter time limits between trusted domains, takes priority.
  • a subscriber node can be viewed an abstraction of the voice, video, and data elements that constitute a user profile at the broadband customer endpoint.
  • the domain administrator e.g.
  • John Smith has selected from several service provider's templates what a particular user account in his domain includes.
  • users can have their rights obtained from the gateway (e.g., during a login process).
  • a user When visiting another location, a user needs only its normal authentication information (e.g., its user identification and its password). If the user identification does not implicitly or explicitly contain the location of its original information, then the user will have to know where to find that information as well.
  • the system can then handle the domain directory lookup and forward the user configuration of the corresponding sessions.
  • the subscriber application can be an internet data login, a video login (e.g., broadcast, switched, or on-demand viewing), VoIP, or an interactive multimedia session like video conferencing or gaming.
  • a video login e.g., broadcast, switched, or on-demand viewing
  • VoIP Voice over IP
  • an interactive multimedia session like video conferencing or gaming.
  • a user domain directory forwards service information that includes site, viewing, or other restrictions depending on the application being used.
  • a user domain directory forwards service information that includes site, viewing, or other restrictions depending on the application being used.
  • it contains filters pre-defined by the domain administrator for allowed AAA mechanisms, group rights, QoS settings, specific services (e.g. remote site security monitoring/recording; "closed" circuit family video phone session; pay as you go gaming; etc), time schedule limitations, etc.
  • a user is initially configured such that it receives channels 1-4.
  • the administrator of the domain where the user is visiting has established a rule that channel 1 is inappropriate for viewing within the domain.
  • the system performs an logical AND of the available channels such that (1-4 AND Not 1) yields channels 2- 4.
  • the administrator has the final control over what services can be brought into its domain.
  • the administrator may elect to have a logical OR domain in which a logical OR of services (e.g., channels) is possible within the domain.
  • the number of services can be thought of as a Venn diagram of the services available in the individual environments. Whether the Venn diagram is a logical OR diagram or a logical AND diagram depends on the conditions established by the administrator.
  • the authentication may also be performed at locations other than a gateway.
  • the present invention need not utilize a gateway if the video playback (or recording) device provides authentication services and control services itself.
  • a gateway can be notified by a domain administrator whether the administrator wants to utilize an AND or an OR configuration.
  • the television receiver itself may include the intelligence of the gateway such that the television receiver itself can determine what channels should be available to a visitor to the televisions domain.
  • Authentication and service provision may also be shared between a normal gateway of a user and a gateway of a domain which the user is visiting.
  • the authentication of the user may be passed from the visiting domain to the user's home domain in order to establish that the user is who he/she asserts he/she is.
  • Authentication at a local or remote gateway may be in the form of any authentication protocol supported by the network, including, but not limited to user IDs and passwords, smart cards, biometrics, secure tokens (e.g., as are stored on devices such as may be connectable via a USB port or SecurID tokens/devices).
  • a microprocessor and its corresponding memory perform the functions described herein.
  • the microprocessor and its corresponding memory work together to store information on both the user specific domain information (e.g., what channels a particular user is allowed to watch) and the domain specific information (e.g., whether the administrator will allow the logical OR or the logical AND of the services provided natively within the administrator's domain).
  • Such information can be stored in one or more locations in local or remote gateways, or in a combination thereof.
  • the various domain controllers can communicate with one another to perform authentications and to provide user-specific and domain specific information to the other domain controllers.
  • client software interworks with head-end middleware and media gateways to manage subscriber sessions.
  • a subscriber node may include a thin client that runs on any of the the aforementioned devices. It will retrieve a host of information about subscriber preferences, granular permissions & schedules, personal video recording settings, authentication, limitations, QoS, etc.

Abstract

The present invention addresses the previous of lack of subscriber identity tracking and management for residential broadband lines and provides customized access and enhanced IP services for a subscriber's household members (virtual user domain) and his/her circle of extended families, relatives, and friends (multiple virtual user domains). Rather than treating a broadband link as a single connection with a single set of services and quality constraints, the present invention enables the subscriber to create multiple user profiles per broadband link; tailor activities such as web services to a specific user and group profile; provide restricted access to minors (e.g. allow only age appropriate content to be viewed); and facilitate connection at multiple access points on a carrier's edge network.

Description

TITLE OF THE INVENTION
System and Method for Managing Virtual User Domains
BACKGROUND OF THE INVENTION Field of the Invention
The present invention is directed to a method and system for managing configurable services provided to a group of users, and in one embodiment to a method and system for managing user-centric services in a virtual user domain.
Discussion of the Background
Currently, residential users login in to a network (e.g., a telephone-, cable- or DSL- based network) of a carrier or service provider by creating an active session (e.g., a DSL pppoa or pppoe session). Often, because of the underlying technology (e.g., DSL and ATM), the residential connection requires neither a login name nor password. The circuit is simply provisioned at the central office without requiring much set up at the customer premise. The customer premise equipment, usually a standalone DSL or cable modem, is either preconfigured or requires minimum configuration and plugs into a provisioned RJ-Il line (WAN interface) or coaxial cable connection going out of the home.
For multiple nodes (e.g., PCs, laptops, access points, VoIP phones) to connect on the same line, a router is connected to the LAN interface of the modem and provides DHCP and NAT services that enable all nodes on the LAN to connect to the Internet. All these nodes' private IP addresses are translated to a single internet address (i.e., the address of the router), and the router performs port (TCP/UDP port) translation services. The outgoing connections are configured to look like they come from a usually different port number at the router, and incoming connections are converted to ports on the nodes as specified at the router. This dual translation allows multiple nodes to share a single IP address with respect to nodes not on the user's network, while still allowing each of the nodes to make separate connections to the Internet, hi the context of a DSL connection, the DSL subscriber known to the carrier is in fact no more than an ATM circuit id referenced to the billing and service address of the payer. Similarly, for a cable-based connection, the cable subscriber is nothing more than a cable modem MAC address referenced to the billing and service address of the payer. AU traffic is classified as best effort (BE) "up to" some published downstream or upstream data rate.
The advancement of user sessions and flow management techniques at layer 7 holds promise in delivering high quality IP formatted content to the home. Additionally, the maturity and adoption of new broadband access technology such as VDSL, Ethernet, Wi-Max, and optical fiber are enabling telecommunication carriers and MSOs to deliver a richer product portfolio that includes voice, data, and video with user flexibility and at the service quality worth paying for. However, with the current subscriber access and aggregation architecture, there are several subscriber elements missing that cannot allow the paying subscriber to monitor, control, or manage usage of his broadband connection; enable nomadic access with trusted domain, and maintain personalized access profiles.
SUMMARY OF THE INVENTION
The present invention is directed to increasing the amount of customization of
■ services at or within the residence of a residential gateway. As such, the present invention addresses the previous lack of subscriber identity tracking and management for residential broadband lines. The present invention provides customized access and enhanced IP services for a subscriber's household members (virtual user domain) and his/her circle of extended families, relatives, and friends (multiple virtual user domains).
Rather than treating a broadband link as a single connection with a single set of services and quality constraints, the present invention enables the subscriber to create multiple user profiles per broadband link; tailor activities such as web services to a specific user and group profile; provide restricted access to minors (e.g. allow only age appropriate content to be viewed); and facilitate connection at multiple access points on a carrier's edge network. Each user's identity and access privileges may also change over time, and the present invention allows the user and virtual user domain to be updated, managed, and protected. This enables the root broadband subscriber to create his own virtual domain that include rich user profiles with varying privileges and restrictions that can connect at any point within the carrier's or service provider's edge network. Additionally, inter-user domain access (e.g. is user2.rootl@domainl accessing the network through domain2's connection point) is also possible based upon a rich set of profile parameters that can be understood between trusted domains. This is one aspect of enabling nomadic broadband usage.
BRIEF DESCRIPTION OF THE DRAWINGS These and other advantages of the invention will become more apparent and more readily appreciated from the following detailed description of the exemplary embodiments of the invention taken in conjunction with the accompanying drawings, where:
Figure 1 is an illustration of an exemplary residential gateway for performing translation and domain services according to the present invention; and
Figure 2 is an illustration of the internals of the exemplary residential gateway of Figure 1, including the domain specific and user-specific information stored in at least one memory of the residential gateway.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Turning now to a description of exemplary embodiments and features of the present invention, Figure 1 is an illustration of an exemplary residential gateway for performing translation and domain services according to the present invention. The gateway includes an outgoing data link that can be in the form of (1) a physical connection to the outside world (e.g., a coaxial cable, a DSL line or a standard telephone line) or (2) a data communications link (e.g., an Ethernet or USB link) that connects the gateway to a modem that is in turn connected to a physical connection to the outside world (e.g., a coaxial cable, a DSL line or a standard telephone line). The outgoing data link is typically, but not always, a broadband link to the external world.
The gateway also includes at least one incoming link that connects the gateway to various nodes internal to the network. Such incoming links are generally in the form of a wired connection (e.g., such as an Ethernet link) or a wireless connection (e.g., a WiFi-Max connection or an 802. Hx connection, where "x" represents one of the family of standards such as "a", "b", or "g").
As shown in Figure 2, internally the residential gateway of Figure 1 includes a processor and memory for providing domain specific and user-specific services as well as conventional services, such as DHCP and network address translation. By connecting to the residential gateway (e.g., using a web browser connected to the gateway from within the residential network or from external to residential gateway), services such as shown in Table 1 below can be performed by an authorized user with the help of the gateway, as will be discussed in more detail below. An example of how virtual user domains can be managed by the present invention is provided below. For the purpose of the example, it is assumed that John Smith has a premium ISP and DSL service subscription with a service provider SP. He and his wife, Mrs. Catherine Smith, have two children and one niece living with them. John Smith Jr, Sarah Smith, and Karen Lee are 17, 8 and 9, respectively. Using the SP's service, John establishes his virtual domain called JohnSmith@l 14087891452. sp.ext, where "ext" represents a network extension such as "com" or "net" or even an international extension such as "co.jp". Mr. Smith, as the contact point for his service provider, is given administrative right to this domain, and creates other user profiles under this domain. Those profiles are identified as followed:
CatherineSmith@114087891452.sp.ext
JohnSmithJr@l 14087891452.sp.ext SarahSmith@114087891452.sp.ext
KarenLee@114087891452.sp.ext
Each of these 114087891452. sp.ext subscribers has various levels of access with regard voice, data, and video services that can be provided across the outgoing data link. Initially, Mr. Smith configures Catherine as an operator of the domain, while John Jr, Sarah, and Karen are configured as normal users. Thus, in this example, the profiles are organized at different levels, e.g., (1) domain owner or administrator rights, (2) normal subscriber rights and (3) visitor rights. Turning to domain owner or administrator rights first, those rights enable services such as those listed in Table 1 below, hi the example, Mr. Smith acts as the administrator of the virtual user domain (114087891452. sp.ext) that he has created through his service provider. His administrator rights are associated with his full identify (i.e., JohnSmith@114087891452.sp.ext) within the user domain. Using the associated rights, Mr. Smith is able to create the other user identities described above (e.g., SarahSmith@114087891452.sp.ext). In addition, Mr. Smith may then set restrictions on the newly created account (or update restrictions on previously created accounts) such as restrictions on the video channel viewing of the associated user. Such restrictions might include restricting viewing to pre-defined, age appropriate channels group, which John can customize by deleting or adding to the group under the pool of broadcast channels John had purchased in his subscriber package. For example, John creates a first group of channels that are considered appropriate for those under 13, a second group of channels that are considered appropriate for those 17 and under, and a third group of channels for adults only. Having created each of these groups, John then associates Sarah and KarenLee with the first group of channels, John Jr. with the second group of channels, and himself and Catherine with the third group of channels.
Table 1
User Domain Administrator Functionality Manage User Domain Accounts
Check account login against central user Check certificate and authentication
Manage rekey intervals and changes Check group and individual access Modify/add user accounts
Modify/Order access services from service provider
Create User Profile and Access Policies
Select video channels for viewing Create/customize categories and grouping
Set usage limit per time period (e.g., day, week or month) Create VoIP number blocking Create IRC filter
Create time schedule for various types of users Create data access filter list (e.g., for web sites)
Manage Remote Access via Another User Domain Manage login trace options per domain Manage trust relationship per local domain Analyze Usage Statistics
Similarly, John can use his rights to (1) block Sarah's voice usage from certain phone numbers (e.g. adult entertainment entities) and (2) restrict her broadband activities to evening hours not to exceed 10pm during school days. Moreover, with data access, various filters can be set to act as content controls. Administrators are not the only users that can manage rights under the present invention. Users can, to the extent permitted by the administrator, manage their own user-specific information. For example, Table 2 below shows exemplary services that can be controlled by the user, if so authorized by the administrator.
Table 2
User Domain Subscriber Rights
Retrieve user statistics from another domain Manage options on personal account Manage video channel group configured by domain administrator
Set video preferences/options, such as play list View custom grouping and sire services links
Manage VoIP call list (within conditions specified by the administrator) Set VoIP feature options
Navigate the Internet (within conditions specified by the administrator)
Several technologies may be combined and customized to create a broadband virtual user domain in which subscribers in the domain can receive a rich set of value-add access intelligence. An example of an implementation leverages LDAP and
Microsoft Active Directory Service Interface (ADSI). Once a client node attempts to connect to the internet, the user will be directed to logon to the gateway (e.g., that utilizes LDAP-compliant services) to obtain descriptive, attribute-based data. A simple example is shown in Table 3 below.
Table 3
String Attribute type
DC domainComponent FT.com
CN commonName Catherine Smith
OU organizationalUnitName 114087891452
O organizationName 114087891452
STREET streetAddress 7001 Gateway Blvd
L localityNarne South San Francisco ST stateOrProvinceName California
C countryName USA
UID userid Catherine®! 14087891452.sp.ext
The User Domain Directory Services can start, stop, search, sort, and perform results and error handling. The Directory Services may replicate data widely to increase availability and reliability, and consequently reduce response time. When directory data is replicated, temporary inconsistencies between the replicas may be acceptable — as long as all the replicas are updated eventually — depending on the particular role of the directory.
There are many methods used to provide a directory service. Different methods allow various types of data to be stored in a directory, require the data to be referenced, queried, updated, protected, and so on. Some directory services are local, providing service to a restricted context. Other services are global, providing service to a much broader context, for example, the entire Internet. Global services are usually distributed, meaning that the data they contain is shared across many computers which cooperate to provide the directory service. Typically, a global service defines a uniform namespace, which gives the same view of the data regardless of where the computer is in relation to the data. In conjunction with LDAP technology, Microsoft Active Directory also presents some useful features for a User Domain implementation. Its global namespace follows DNS structure and uses LDAP to access objects within the directory service data store. It has location transparency to aid in nomadic access. It can find user, group (virtual user domain), networked service or resource (video channels allowed for that particular user), and data without the object address, requiring location specific domain login).
The authentication and services information also need not be stored within a single gateway. Instead, the gateway may securely communicate with another device (e.g., a master gateway or authentication system) such that the user may be authenticated remotely and the services available to the user may be provided or authorized from a remote device. Such a master gateway may be housed at one or more service providers. For example, the master gateway may belong to an Internet Service Provider (ISP) or another service provider such as a voice or video provider. In this way, when a subscriber moves from its home location to another location (e.g., a friend's house), the subscriber can reach the ISP or voice/video gateway to request that the ISP or voice/video provider temporarily send the subscriber's service to the friend. Thus, the subscriber can get to its Internet/voice/video services anywhere that it can reach the ISP or voice/video provider. Such a service will also allow peer-to- peer authentication between ISPs or voice/video providers in that the ISPs or voice/video providers can contact each other to ensure that the requester has the proper rights to support a request at a new location. ISPs or voice/video providers may provide such a service in order to provide maximum flexibility for their subscribers, despite having to open their networks to competitors. Moreover, such an open network regulation may eventually be required by governmental regulations. A user entry in a user domain directory is an object of a user domain class with a rich set of properties managed by the service provider. Its property may include authentication type; child entry (for administrator), global unique identifier (as returned from the provider), name (under local directory service), parent element (such as service provider), etc. Under the smith domain, user profiles remain enforced and adaptable to nomadic access at other user domain under trust relationship established by John. Uncle Smith's domain may have less children's channels, but Sarah will only be able to view those channels while she stays over at her cousin's home for the weekend, hi some other access policies, tighter time limits between trusted domains, takes priority. Under the present invention, a subscriber node can be viewed an abstraction of the voice, video, and data elements that constitute a user profile at the broadband customer endpoint. The domain administrator (e.g. John Smith), however, has selected from several service provider's templates what a particular user account in his domain includes. As described earlier, users can have their rights obtained from the gateway (e.g., during a login process). When visiting another location, a user needs only its normal authentication information (e.g., its user identification and its password). If the user identification does not implicitly or explicitly contain the location of its original information, then the user will have to know where to find that information as well. The system can then handle the domain directory lookup and forward the user configuration of the corresponding sessions.
The subscriber application can be an internet data login, a video login (e.g., broadcast, switched, or on-demand viewing), VoIP, or an interactive multimedia session like video conferencing or gaming. Based on the login, and a check of the user profile (and if non-local access, a check on the trusted domain) and the underlying protocol (e.g. SIP, RTSP, SDP, RTP, or combinations that identifies an application), a user domain directory forwards service information that includes site, viewing, or other restrictions depending on the application being used. Additionally, it contains filters pre-defined by the domain administrator for allowed AAA mechanisms, group rights, QoS settings, specific services (e.g. remote site security monitoring/recording; "closed" circuit family video phone session; pay as you go gaming; etc), time schedule limitations, etc.
As an example herein, it is assumed that a user is initially configured such that it receives channels 1-4. However, when visiting another location, the administrator of the domain where the user is visiting has established a rule that channel 1 is inappropriate for viewing within the domain. As a result, the system performs an logical AND of the available channels such that (1-4 AND Not 1) yields channels 2- 4. In this way, the administrator has the final control over what services can be brought into its domain. As an alternative, the administrator may elect to have a logical OR domain in which a logical OR of services (e.g., channels) is possible within the domain. In that example, assuming that the domain administrator indicates that the logical OR is acceptable, if a friend that has ordered a pay-per-view fight comes over to watch the fight on a friend's larger screen, then the OR of their services (the hosts movie channels OR'd with the visiting friends pay-per-view) would result in the ability to watch the pay-per-view event at the new location.
As a result, the number of services can be thought of as a Venn diagram of the services available in the individual environments. Whether the Venn diagram is a logical OR diagram or a logical AND diagram depends on the conditions established by the administrator.
According to the present invention, the authentication may also be performed at locations other than a gateway. For example, in the context of video services, the present invention need not utilize a gateway if the video playback (or recording) device provides authentication services and control services itself. As previously described, a gateway can be notified by a domain administrator whether the administrator wants to utilize an AND or an OR configuration. In future versions of television receivers, the television receiver itself may include the intelligence of the gateway such that the television receiver itself can determine what channels should be available to a visitor to the televisions domain. Authentication and service provision may also be shared between a normal gateway of a user and a gateway of a domain which the user is visiting. The authentication of the user may be passed from the visiting domain to the user's home domain in order to establish that the user is who he/she asserts he/she is. Authentication at a local or remote gateway may be in the form of any authentication protocol supported by the network, including, but not limited to user IDs and passwords, smart cards, biometrics, secure tokens (e.g., as are stored on devices such as may be connectable via a USB port or SecurID tokens/devices). According to an embodiment of the present invention, a microprocessor and its corresponding memory perform the functions described herein. The microprocessor and its corresponding memory work together to store information on both the user specific domain information (e.g., what channels a particular user is allowed to watch) and the domain specific information (e.g., whether the administrator will allow the logical OR or the logical AND of the services provided natively within the administrator's domain). Such information, as described above can be stored in one or more locations in local or remote gateways, or in a combination thereof. As would be appreciated by one of ordinary skill in the art, the various domain controllers can communicate with one another to perform authentications and to provide user-specific and domain specific information to the other domain controllers.
In yet another embodiment, client software interworks with head-end middleware and media gateways to manage subscriber sessions. In such an embodiment, a subscriber node may include a thin client that runs on any of the the aforementioned devices. It will retrieve a host of information about subscriber preferences, granular permissions & schedules, personal video recording settings, authentication, limitations, QoS, etc.
Numerous modifications of the above description can be made without departing from the scope of the present invention. As a result, the present invention is only limited by the scope of the appended claims.

Claims

CLAIMS:
1. A method of providing user-centric data services across a single broadband communications link, the method comprising: establishing a virtual user domain for the single broadband communications link that includes usage characteristics from plural users; authenticating a first user of the plural users to a controller of the virtual user domain in order to provide a first user-specific data access control to the first user across the single broadband communications link; and providing a second user-specific data access control to the first user across the single broadband communications link.
2. The method as claimed in claim 1, wherein the single broadband communications link comprises a DSL connection.
3. The method as claimed in claim 1, wherein the single broadband communications link comprises a cable modem connection.
4. The method as claimed in claim 1, wherein the second user-specific data access control comprises a logical OR of the first user-specific data access control and a domain specific data access control.
5. The method as claimed in claim 1, wherein the second user-specific data access control comprises a logical AND of the first user-specific data access control and a domain specific data access control.
6. The method as claimed in claim 1, wherein the step of authenticating comprises providing a user identity and a password.
7. The method as claimed in claim 6, wherein the step of authenticating comprises providing a user identity and a password to a remote device and receiving a response from the remote device.
PCT/IB2006/000686 2005-02-28 2006-02-24 System and method for managing virtual user domains WO2006090284A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP06710595A EP1861956A1 (en) 2005-02-28 2006-02-24 System and method for managing virtual user domains

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/066,437 US7765583B2 (en) 2005-02-28 2005-02-28 System and method for managing virtual user domains
US11/066,437 2005-02-28

Publications (1)

Publication Number Publication Date
WO2006090284A1 true WO2006090284A1 (en) 2006-08-31

Family

ID=36441375

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/000686 WO2006090284A1 (en) 2005-02-28 2006-02-24 System and method for managing virtual user domains

Country Status (3)

Country Link
US (2) US7765583B2 (en)
EP (1) EP1861956A1 (en)
WO (1) WO2006090284A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014066425A1 (en) * 2012-10-25 2014-05-01 Google Inc. Integrating a router based web meter and a software based web meter
EP2755397A1 (en) * 2013-01-10 2014-07-16 Humax Co., Ltd. Control method, device, and system based on user personal account
US8984600B2 (en) 2012-10-25 2015-03-17 Google Inc. Integrating a router based web meter and a software based web meter
US8990389B2 (en) 2012-10-25 2015-03-24 Google Inc. Using a router based web meter in a mixed mode configuration
US9313080B2 (en) 2012-10-25 2016-04-12 Google Inc. User logging of web traffic on non-browser based devices

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060064378A1 (en) * 2004-09-21 2006-03-23 Jeff Clementz Method and apparatus for maintaining linked accounts
US20070101380A1 (en) * 2005-10-28 2007-05-03 Szolyga Thomas H Consolidated content apparatus
WO2007075846A2 (en) 2005-12-19 2007-07-05 Propero Ltd. Method and system for providing virtualized application workspaces
US8935429B2 (en) 2006-12-19 2015-01-13 Vmware, Inc. Automatically determining which remote applications a user or group is entitled to access based on entitlement specifications and providing remote application access to the remote applications
US20070294226A1 (en) * 2006-06-14 2007-12-20 Tropos Networks, Inc. Wireless network that provides location information when queried by a client device
CN100571216C (en) * 2007-03-06 2009-12-16 中兴通讯股份有限公司 Method for network access control and system
US7945512B2 (en) 2007-03-14 2011-05-17 Ebay Inc. Spending and savings secondary linked accounts
US20080228638A1 (en) * 2007-03-14 2008-09-18 Ebay Inc. Method and system of controlling linked accounts
US20090287707A1 (en) * 2008-05-15 2009-11-19 International Business Machines Corporation Method to Manage Inventory Using Degree of Separation Metrics
US8413222B1 (en) * 2008-06-27 2013-04-02 Symantec Corporation Method and apparatus for synchronizing updates of authentication credentials
US20100017889A1 (en) * 2008-07-17 2010-01-21 Symantec Corporation Control of Website Usage Via Online Storage of Restricted Authentication Credentials
US8874693B2 (en) * 2009-02-20 2014-10-28 Microsoft Corporation Service access using a service address
DK2424991T3 (en) 2009-05-02 2018-09-17 Genzyme Corp Gene therapy for neurodegenerative diseases
US8842815B2 (en) 2009-07-29 2014-09-23 Comcast Cable Communications, Llc Identity management and service access for local user group based on network-resident user profiles
US9706257B2 (en) * 2009-09-14 2017-07-11 At&T Intellectual Property I, L.P. Viewing control management across multiple access points
US10068269B2 (en) * 2009-11-12 2018-09-04 At&T Intellectual Property I, L.P. Method for controlling electronic storefronts in a multimedia content distribution network
US9325502B2 (en) 2009-11-13 2016-04-26 At&T Intellectual Property I, L.P. Identity management for transactional content
US8437365B2 (en) * 2009-11-19 2013-05-07 At&T Intellectual Property I, L.P. Method and apparatus for providing mobile and social services via virtual individual servers
US20120042391A1 (en) * 2010-08-11 2012-02-16 Hank Risan Method and system for protecting children from accessing inappropriate media available to a computer-based media access system
US20130110716A1 (en) * 2011-11-01 2013-05-02 Ebay Inc. System and method for utilizing student accounts
US8819090B2 (en) * 2012-04-23 2014-08-26 Citrix Systems, Inc. Trusted file indirection
WO2014071282A1 (en) 2012-11-05 2014-05-08 Genzyme Corporation Compositions and methods for treating proteinopathies
JP6561042B2 (en) 2013-03-13 2019-08-14 ジェンザイム・コーポレーション Fusion proteins comprising PDGF and VEGF binding moieties and methods of use thereof
CA3182572A1 (en) 2013-04-17 2014-10-23 Genzyme Corporation Use of an il17 inhibitor for treating and preventing macular degeneration
KR20200060536A (en) 2013-05-01 2020-05-29 젠자임 코포레이션 Compositions and methods for treating spinal muscular atrophy
FR3009915B1 (en) * 2013-08-22 2015-09-04 Sagemcom Broadband Sas RESIDENTIAL GATEWAY PROVIDING AT LEAST ONE PRIVATE MEMORY SPACE
JP6719381B2 (en) 2014-02-06 2020-07-08 ジェンザイム・コーポレーション Compositions and methods for treating and preventing macular degeneration
PT3628334T (en) 2014-03-21 2023-09-26 Genzyme Corp Gene therapy for retinitis pigmentosa
WO2016044478A1 (en) 2014-09-16 2016-03-24 Genzyme Corporation Adeno-associated viral vectors for treating myocilin (myoc) glaucoma
EP4012035A1 (en) 2014-09-16 2022-06-15 Genzyme Corporation Adeno-associated viral vectors for treating myocilin (myoc) glaucoma
KR20170104594A (en) 2015-01-20 2017-09-15 젠자임 코포레이션 Ultracentrifugation for characterization of recombinant virus particles
US11896651B2 (en) 2015-05-16 2024-02-13 Genzyme Corporation Gene editing of deep intronic mutations
WO2020077250A1 (en) 2018-10-12 2020-04-16 Genzyme Corporation Generation of improved human pah for treatment of severe pku by liver-directed gene replacement therapy
US11374938B2 (en) * 2019-04-23 2022-06-28 Jpmorgan Chase Bank, N.A. Database-agnostic secure structured database connector
JP2023544165A (en) 2020-10-01 2023-10-20 ジェンザイム・コーポレーション Human PAH expression cassette for treating PKU by liver-directed gene replacement therapy
JP2024511409A (en) 2021-03-22 2024-03-13 ジェンザイム・コーポレーション Size exclusion chromatography analysis of empty and complete AAV capsids
CA3227103A1 (en) 2021-07-30 2023-02-02 Matthew P. GEMBERLING Compositions and methods for modulating expression of frataxin (fxn)
WO2023010135A1 (en) 2021-07-30 2023-02-02 Tune Therapeutics, Inc. Compositions and methods for modulating expression of methyl-cpg binding protein 2 (mecp2)
US20230344800A1 (en) * 2022-04-26 2023-10-26 Dell Products L.P. Client Browser to Endpoint Peer to Peer Redirection from Cloud Control Pane
WO2023225481A1 (en) 2022-05-16 2023-11-23 Genzyme Corporation Methods of treating metachromatic leukodystrophy
WO2024015881A2 (en) 2022-07-12 2024-01-18 Tune Therapeutics, Inc. Compositions, systems, and methods for targeted transcriptional activation

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000040027A1 (en) * 1998-12-23 2000-07-06 Ntl Group Limited User group identification system
US20030161333A1 (en) * 2002-02-22 2003-08-28 Schain Mariano R. Broadband modem residential gateway with efficient network traffic processing

Family Cites Families (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5796424A (en) * 1995-05-01 1998-08-18 Bell Communications Research, Inc. System and method for providing videoconferencing services
US6385644B1 (en) * 1997-09-26 2002-05-07 Mci Worldcom, Inc. Multi-threaded web based user inbox for report management
US20020033416A1 (en) * 1997-12-31 2002-03-21 Irwin Gerszberg Network server platform for providing integrated billing for catv, internet, telephony and enhanced bandwidth services
US6526582B1 (en) * 1998-07-15 2003-02-25 Qwest Communications International Inc. Method and system for provisioning a single physical broadband drop to accommodate multiple specific devices
US6467090B1 (en) * 1998-07-15 2002-10-15 Qwest Communications International Inc. Method and system for provisioning a single physical broadband drop to accommodate multiple devices
US6496824B1 (en) * 1999-02-19 2002-12-17 Saar Wilf Session management over a stateless protocol
US20010049620A1 (en) * 2000-02-29 2001-12-06 Blasko John P. Privacy-protected targeting system
US6778646B1 (en) * 1999-11-04 2004-08-17 2Wire, Inc. System and method for coupling multiple home networks
US6690675B1 (en) * 1999-12-30 2004-02-10 At&T Corp. User programmable fail-proof IP hotline/warm-line
US6775267B1 (en) * 1999-12-30 2004-08-10 At&T Corp Method for billing IP broadband subscribers
US6252952B1 (en) * 1999-12-30 2001-06-26 At&T Corp Personal user network (closed user network) PUN/CUN
WO2001080565A2 (en) * 2000-04-17 2001-10-25 Cachestream Corporation Channel dancer, virtual channel scheduler
US20020049806A1 (en) * 2000-05-16 2002-04-25 Scott Gatz Parental control system for use in connection with account-based internet access server
US6795707B2 (en) * 2000-05-23 2004-09-21 Jeffrey W. Martin Methods and systems for correlating telecommunication antenna infrastructure placement information to provide telecommunication quality of service information
US20020049635A1 (en) * 2000-09-06 2002-04-25 Khanh Mai Multiple advertising
US7107605B2 (en) * 2000-09-19 2006-09-12 Simple Devices Digital image frame and method for using the same
US7698723B2 (en) * 2000-12-28 2010-04-13 At&T Intellectual Property I, L.P. System and method for multimedia on demand services
US8601519B1 (en) * 2000-12-28 2013-12-03 At&T Intellectual Property I, L.P. Digital residential entertainment system
US8677423B2 (en) * 2000-12-28 2014-03-18 At&T Intellectual Property I, L. P. Digital residential entertainment system
US20020133578A1 (en) * 2001-01-18 2002-09-19 Wu C. T. Novel method in serving residential broadband subscribers
US6963579B2 (en) * 2001-02-02 2005-11-08 Kyocera Wireless Corp. System and method for broadband roaming connectivity using DSL
US7567578B2 (en) * 2001-03-16 2009-07-28 Kyocera Wireless Corp. System and method for roaming connectivity
US20040250273A1 (en) * 2001-04-02 2004-12-09 Bellsouth Intellectual Property Corporation Digital video broadcast device decoder
ES2215870T3 (en) * 2001-06-14 2004-10-16 Alcatel TERMINAL, ACCESS SERVER SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT THAT ALLOWS AT LEAST A USER CONTACT WITH AT LEAST A SERVICE SYSTEM.
US20030046557A1 (en) * 2001-09-06 2003-03-06 Miller Keith F. Multipurpose networked data communications system and distributed user control interface therefor
JPWO2003052656A1 (en) * 2001-12-14 2005-04-28 松下電器産業株式会社 Home appliance, server device, and home appliance network system
EP1547369A2 (en) * 2002-09-23 2005-06-29 Koninklijke Philips Electronics N.V. Certificate based authorized domains
US7584263B1 (en) * 2002-09-25 2009-09-01 At&T Intellectual Property I, L. P. System and method for providing services access through a family home page
US7496647B2 (en) * 2002-12-11 2009-02-24 Broadcom Corporation Personal inter-home media exchange network
JP2006511997A (en) * 2002-12-19 2006-04-06 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Residential gateway system having a portable controller with a display for displaying video signals
FR2851104A1 (en) * 2003-02-10 2004-08-13 France Telecom METHOD AND SYSTEM FOR AUTHENTICATING A USER AT AN ACCESS NETWORK DURING A CONNECTION OF THE USER TO THE INTERNET NETWORK
US7536460B2 (en) * 2003-05-15 2009-05-19 At&T Intellectual Property I, L.P. Session and application level bandwidth and/or QoS modification
US7430187B2 (en) * 2003-05-15 2008-09-30 At&T Intellectual Property I, Lp Methods, systems, and computer program products for providing different quality of service/bandwidth allocation to different susbscribers for interactive gaming
JP2005056207A (en) * 2003-08-05 2005-03-03 Sanyo Electric Co Ltd Network system, home equipment control server and intermediation server
KR100651729B1 (en) * 2003-11-14 2006-12-06 한국전자통신연구원 System and method for multi-modal context-sensitive applications in home network environment
WO2005060611A2 (en) * 2003-12-10 2005-07-07 Alex Mashinsky Exchange of centralized control data
US20050144297A1 (en) * 2003-12-30 2005-06-30 Kidsnet, Inc. Method and apparatus for providing content access controls to access the internet
US20050283479A1 (en) * 2004-06-16 2005-12-22 Advanced Micro Devices, Inc. System for controlling a multipurpose media access data processing system
US20050283600A1 (en) * 2004-06-16 2005-12-22 Advanced Micro Divces, Inc. System for managing a plurality of multipurpose media access data processing systems
US20050283828A1 (en) * 2004-06-16 2005-12-22 Perley Tim E Multipurpose media access data processing system
US20060173792A1 (en) * 2005-01-13 2006-08-03 Glass Paul H System and method for verifying the age and identity of individuals and limiting their access to appropriate material
US7460588B2 (en) * 2005-03-03 2008-12-02 Adaptive Spectrum And Signal Alignment, Inc. Digital subscriber line (DSL) state and line profile control
US7734584B1 (en) * 2005-03-24 2010-06-08 Google Inc. Method and systems for storing and distributing data
KR100781508B1 (en) * 2005-04-28 2007-12-03 삼성전자주식회사 Method for providing user-adapted service environment and apparatus for the same
US20070107017A1 (en) * 2005-11-04 2007-05-10 Angel Albert J Transaction Process Controller with User History, Selectable Profile Controls, Confirmation and User Control Options for Shopping with Video On Demand Cable Systems
US20080049767A1 (en) * 2006-08-25 2008-02-28 At&T Corp. Method for controlling multiple network services based on a user profile

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000040027A1 (en) * 1998-12-23 2000-07-06 Ntl Group Limited User group identification system
US20030161333A1 (en) * 2002-02-22 2003-08-28 Schain Mariano R. Broadband modem residential gateway with efficient network traffic processing

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HOFRICHTER K ED - INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS: "The residential gateway as service platform", INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS. 2001 DIGEST OF TECHNICAL PAPERS. ICCE. LOS ANGELES, CA, JUNE 19 - 21, 2001, NEW YORK, NY : IEEE, US, 19 June 2001 (2001-06-19), pages 304 - 305, XP010552177, ISBN: 0-7803-6622-0 *
PAN-LUNG TSAI ET AL: "A remote control scheme for ubiquitous personal computing", NETWORKING, SENSING AND CONTROL, 2004 IEEE INTERNATIONAL CONFERENCE ON TAIPEI, TAIWAN MARCH 21-23, 2004, PISCATAWAY, NJ, USA,IEEE, vol. 2, 21 March 2004 (2004-03-21), pages 1020 - 1025, XP010705524, ISBN: 0-7803-8193-9 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014066425A1 (en) * 2012-10-25 2014-05-01 Google Inc. Integrating a router based web meter and a software based web meter
US8984600B2 (en) 2012-10-25 2015-03-17 Google Inc. Integrating a router based web meter and a software based web meter
US8990389B2 (en) 2012-10-25 2015-03-24 Google Inc. Using a router based web meter in a mixed mode configuration
US9313080B2 (en) 2012-10-25 2016-04-12 Google Inc. User logging of web traffic on non-browser based devices
US9876800B2 (en) 2012-10-25 2018-01-23 Google Llc Integrating a router based web meter and a software based web meter
US9876871B2 (en) 2012-10-25 2018-01-23 Google Llc User logging of web traffic on non-browser based devices
EP2755397A1 (en) * 2013-01-10 2014-07-16 Humax Co., Ltd. Control method, device, and system based on user personal account

Also Published As

Publication number Publication date
US20060195888A1 (en) 2006-08-31
US7765583B2 (en) 2010-07-27
EP1861956A1 (en) 2007-12-05
US20100269160A1 (en) 2010-10-21

Similar Documents

Publication Publication Date Title
US7765583B2 (en) System and method for managing virtual user domains
JP5084086B2 (en) System and method for providing dynamic network authorization, authentication and account
US8094663B2 (en) System and method for authentication of SP ethernet aggregation networks
US8160068B2 (en) System and method for facilitating communication between a CMTS and an application server in a cable network
JP5736511B2 (en) Zero sign-on authentication
US7676550B1 (en) Multiple access presence agent
US20100100898A1 (en) Method and apparatus for personalized multi-user centralized control and filtering of iptv content
US20060149845A1 (en) Managed quality of service for users and applications over shared networks
US9036582B2 (en) Method and system for efficient management of a telecommunications network and the connection between the telecommunications network and a customer premises equipment
US20040177247A1 (en) Policy enforcement in dynamic networks
US9332579B2 (en) Method and system for efficient use of a telecommunication network and the connection between the telecommunications network and a customer premises equipment
EP1864455A2 (en) Video communication call authorization
TW201204098A (en) Dynamic service groups based on session attributes
US20120324541A1 (en) Method and system for subscribing to services via extended upnp standard and nass tispan authentication
US9032083B2 (en) Method and system for efficient use of a telecommunications network and the connection between the telecommunications network and a customer premises equipment
KR101276798B1 (en) System and method for offering communication provider selection service in distribution network
Hellberg et al. Broadband network architectures: designing and deploying triple-play services
US20120106399A1 (en) Identity management system
WO2004014045A1 (en) Service class dependant asignment of ip addresses for cotrolling access to an d delivery of e-sevices
Bodzinga et al. Interworking IPTV services with IMS
Mahdi et al. New UPnP service for multimedia remote sharing with IMS framework
CN100474826C (en) Method, broadband access device and system for user terminal obtaining multi service
US20150341328A1 (en) Enhanced Multi-Level Authentication For Network Service Delivery
JP2011517885A (en) Multimedia content sharing via audio-video communication
KR100687837B1 (en) Systems and methods for providing dynamic network authorization, authentication and accounting

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2006710595

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2006710595

Country of ref document: EP