Patent Application
20100091773
1. Field of the Invention
The present invention relates generally to a system and a method for identifying network-connected users, and more particularly, to a system and method for identifying network user services and accordingly guiding data packets of network users to specific routing paths.
2. Description of Related Art
Network and Internet access is becoming ubiquitous. Users can conduct various activities through networks and the Internet, for example, searching, browsing, shopping or chatting.
Generally, users access the Internet through Internet Service Providers (ISPs), which are companies or organizations offering Internet access and network services to users. These entities buy connection equipment and rent lines and bandwidth to provide service to users. Generally, users access the Internet through routing devices provided by ISPs.
However, as network activity becomes much more diverse, many atypical network connection activities cannot be handled through only the routing devices of ISPs, but must also be handled with assistance of specific service systems.
Referring to
Therefore, it has become highly desirable to find a way to identify users that apply for network access or service and provide a corresponding guiding process so as to distribute and manage the data packets of specific users.
According to the above drawbacks, an objective of the present invention is to provide a system and a method for identifying network-connected user so as to identify users and guide user end devices to specific services.
In order to attain the above and other objectives, the present invention provides a system for identifying a network-connected user, which comprises: a user end device; a routing device for providing a routing path to the user end device; and a service providing device for providing specific services to the user end device, wherein the routing device guides the user end device to the service providing device according to a programmed file of the user end device.
In a preferred embodiment, the system further comprises a provision server for providing the programmed file corresponding to the user end device to the routing device.
According to another embodiment, the service comprises anti-virus, virus scanning, malicious packet blocking, malicious connection blocking and/or web page filtering services.
A method for identifying a network-connected user of the present invention comprises the following steps: (1) connecting a user end device to a routing device; and (2) guiding the user end device to a specific service providing device by the routing device according to a programmed file of the user end device.
According to a preferred embodiment, step (1) further comprises: (1-1) providing the programmed file corresponding to the user end device to the routing device by a provision server; and (1-2) connecting the user end device to the routing device. Compared with the prior art, the present invention identifies specific network users according to programmed files generated when the users applies for provision of services. Once the specific network users are network-connected, the access router guides data packets of the users to appropriate routing paths or service providing devices according to the programmed files, thereby facilitating distribution and management of data packets by ISPs.
The following illustrative embodiments are provided to illustrate the disclosure of the present invention; these and other advantages and effects will be apparent to those skilled in the art after reading the disclosure of this specification.
The user end device 20 is an electronic device capable of accessing data and performing data processing such as a workstation, a desktop computer, a notebook computer, a digital TV device, a personal digital assistant and/or a mobile phone.
The routing device 21 provides a routing path to the user end device 21. The routing device 21 is a device that transmits data between networks, determining a data transmission path. Data over the network is divided into a plurality of data packets, based on the destination of the data packets, wherein the routing device 21 routes the packets over the best route available at the time. Therefore, when the user end device 20 uploads or receives data packets, the routing device 21 can guide the data packets to specific routers or servers.
The service providing device 22 provides various service contents to the user end device 20, such as anti-virus, virus scanning, malicious packet blocking, malicious connection blocking and/or web page filtering services.
In an embodiment of the invention, the user end device 20 is first connected to the routing device 21 and then the routing device 21 generates routing path according to a programmed file of the user end device 20. When the user end device 20 uploads data packets, the routing device 21 guides the data packets to a specific routing path based on a policy-based routing (PBR) technique such that the data packets can be transmitted to the predetermined service providing device 22 for providing various services. Finally, the data packets are transmitted to the network 23 through the routing device 21. The content of the programmed file is based on the PBR technique and is created when the user end applies for network service. It should be noted that the routing device 21 and the programmed file are not limited to the PBR technique. Other communication protocol techniques that can identify a connection request on the user end and guide the request to specific routing can be used.
In a preferred embodiment, the user end device connects to the routing device through a wide area network (WAN) system, a virtual private network (VPN) system, a local area network (LAN) system and/or a wireless network.
In another preferred embodiment of the invention, the system for identifying a network-connected user comprises a provision server for providing the programmed file of the user end device to the routing device.
The user end device 30 is connected to the routing device 31 for transmission of data packets to the Internet 34. When the user end device 30 applies to an Internet service provider for provision of network service, the Internet service provider creates a programmed file corresponding to the user end device 30. In the present embodiment, the Internet service provider stores the programmed file in the provision server 32 that further provides the programmed file to the routing device 31. When data packets are transmitted from the user end device 30 to the routing device 31, the routing device 31 guides the data packets to the service providing device 33 according to the programmed file for providing service content. Thereafter, the data packets are transmitted back to the routing device 31 and further transmitted to the Internet 34. Similarly, data packets from the Internet 34 are guided to the user end device 30 through the same path by the routing device 31. Therefore, the present invention can conveniently distribute and manage data packets of network users and solve the overload problem of service providing devices that exists in the prior art.
In a preferred embodiment, the routing device 31 can provide a plurality of routing paths according to different programmed files so as to efficiently manage the upload and download of data packets.
In another preferred embodiment, the programmed file of the user end device 30 stored in the provision server 32 comprises provision data, wherein such provision data can include the connection method and/or type of application service of the user end device 30.
It should be noted that different programmed files generated according to different application content of network users can be stored in the provision server 32 or the routing device 31, or stored in a storage device such as a hard disk such that, when the routing device 31 receives connection request of a network user, the routing device 31 can guide the connection path of the user to a specific routing path according to the programmed file corresponding to the user.
The service user end device 40a applies to the Internet service provider for Internet access and a specific network service function, while the general user end device 40b only applies for Internet access. Therefore, two programmed files are generated according to the different application contents of the user end devices such that the access router 41 can guide data packets to different routing paths.
In an embodiment, the general user end device 40b connects to the access router 41 through the network connection device 43b. The access router 41 is divided into an A-virtual router 410 and a B-virtual router 411. As the general user end device 40b applies for network access, when data packets enter into the access router 41, the B-virtual router 411 guides the data packets to the Internet 45. Similarly, data packets from the Internet 45 are transmitted to the general user end device 40b through the B-virtual router 411 of the access router 41.
When the service user end device 40a connects to the access router 41 through the network connection device 43a, the A-virtual router 410 guides data packets from the service user end device 40a to the service providing device 44. After being processed by the service providing device 44, the data packets are transmitted to the B-virtual router 411 which further guides the data packets to the Internet 45. Similarly, data packets from the Internet 45 to be transmitted to the service user end device 40a are transmitted through the same routing path. That is, the data packets are first processed by the service providing device 44 and then transmitted to the user end device 40a through the A-virtual router 410.
Therefore, different programmed files are generated according to different application content of network users. According to the programmed files, the access router 41 can determine different packet transmission paths. Data packets from the service user end device 40a are first transmitted to the A-virtual router 410, and then transmitted to the service providing device 44, and subsequently transmitted to the B-virtual router 411 and further transmitted to the Internet 45, thereby making the data packets of the service user end device 40a managed by the service providing device 44. The present invention transmits upload and download data packets of different user end devices through different routing paths, thereby providing more flexible network service combinations.
First, at step S50, a user end device is connected to a routing device, wherein the user end device is connected to the routing device through a wide area network (WAN) system, a virtual private network (VPN) system, a local area network (LAN) system and/or a wireless network. The user end device can be a workstation, a desktop computer, a notebook computer, a personal digital assistant and/or a mobile phone.
In a preferred embodiment, step S50 further comprises: step S501, wherein a provision server provides a programmed file corresponding to the user end device to the routing device; and step S502, wherein the user end device is connected to the routing device.
At step S51, the routing device guides the user end device to a specific service providing device according to the programmed file corresponding to the user end device so as to analyze or manage data packets.
In a preferred embodiment, the routing device provides a plurality of routing paths according to different programmed files.
At step S60, a provision server generates a programmed file corresponding to a user end device according to the application data of the user and provides the programmed file to a routing device. Then, the process goes to step S61.
At step S61, the routing device guides the user end device to a specific virtual router according to the programmed file corresponding to the user end device. Then, the process goes to step S62.
At step S62, the virtual router guides data packets to a specific remote router through the technique of using a Generic Routing Encapsulation (GRE) tunnel for processing, the GRE technique being known in the art. Then, the process goes to step S63.
At step S63, the remote router guides the processed data packets to the original router through the GRE tunnel.
Through such a method, an Internet service provider can rapidly guide data packets of specific user to a remote router through the GRE tunnel for processing and then transmit the processed data packets back to the original access router. Through the GRE tunnel, the Internet service provider does not need to provide additional service equipment for users at different regions or remote regions, thereby saving costs. However, note that the current invention is not limited to use of the GRE tunnel.
According to the present invention, access routers determine routing paths according to programmed files corresponding to the services to be provided to users. The access routers can predetermine a plurality of routing paths directing to different services. Therefore, data packets of each network user are guided to a specific service providing device through the corresponding routing path. As a result, the present invention can manage the transmission packets of specific network users and provide more flexible combinations of service content.
Therefore, the system and method for identifying a network-connected user of the present invention have the following effects:
The above-described descriptions of the detailed embodiments are provided to illustrate the preferred implementation according to the present invention, and are not intended to limit the scope of the present invention. Accordingly, many modifications and variations completed by those with ordinary skill in the art can be made and yet still fall within the scope of present invention as defined by the appended claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 097139308 | Oct 2008 | TW | national |
