Note: Descriptions are shown in the official language in which they were submitted.
CA 02520258 2005-09-20
SYSTEM AND METHOD FOR DYNAMICALLY GENERATING A USER-
CENTRIC PORTAL
FIELD OF THE INVENTION
The present invention relates to a system and method for dynamically
generating a user-centric portal in a hieratically layered network of
distributed stake
master servers.
BACKGROUND OF THE INVENTION
The Internet has expanded its horizon and has been making vast amount of
information available to its users. As the result, the Internet becomes a
disorganized
database of various information with a lack of disciplinary and comprehensive
indexes or directory of metadata to differentiate or categorize information.
The
Internet users have been struggling with the massive amount of information due
to the
lack of effective tools to discriminate or segregate "useful" information for
the users
from others.
Development and deployment of portals are one way to address such issues by
grouping information with particular interests or categories. There are a
number of
portal sites that are available and popular among Internet users, such as
YAHOO!,
MSN°, Google~ and a few other major portals. These websites also
provide features
for its users to create and personalize their own portal based on their
personal
preferences or profile information. However, as the numbers of users for these
websites grew drastically over the last few years, Internet traffic
concentrations to
these popular portals have been seriously degrading its services to the users.
The
system structures or models that these portal sites adapted have further
accelerated the
traffic concentration. There have been a number of solutions introduced or
deployed
to address such issues; however, scalability without sacrificing capability to
personalize and customize portals by the users has always been an issue for
the portal
providers. It also makes the system difficult to scale its capacity, and to
provide a
1
CA 02520258 2005-09-20
t'lexibly customizable portal to its users.
Another issue with centralized portal sites or solution is that, for regional
Internet service providers or regional commercial / business operations, there
is no
efficient and effective ways to integrate their commercial interests or stakes
with these
popular portals. Quite often, they would need to spend extra amount of money
to
obtain a global presence in these portals, even though, what they really need
is a
regional presence in these portals, thus quite often, they need to develop
their own
portal to attract the regional users.
These popular portals failed to provide a method to integrate with a user's
home network. As the number of home network deployment increases, there is an
increasing demand on easy accessibility to the home network through the
portal;
however, these portal sites do not provide such flexibility.
The other issue with these popular web portals relates to its security and
protection of its users' personal information, due to the fact that these
portals are open
to the greater general public. The centralized system structures and weak
authentication mechanism even worsen its vulnerability.
Due to various needs and diverse interests of users, each portal has attracted
different users with different interests. Due to this diversity, each user is
required to
access different web sites / portals accordingly. Quite often, accesses to
these portals
are not interoperable or common, thus independent authentication is required
for each
portal site. As the result, the users have to memorize as many passwords and
usernames as the number of web sites or web services that the users need to
access.
It would be desirable to provide a system and method for dynamically
generating a user-centric portal in a hieratically layered and distributed
network,
comprising a gate master, local master and home master servers at each serving
layer
addressing aforementioned problems of existing portals.
SUMMARY OF THE INVENTION
The present invention relates to a system and method for dynamically
generating a user-centric portal in a hieratically layered and distributed
network. The
2
CA 02520258 2005-09-20
layered network structure is physically, virtually, or both physically and
virtually
constructed for grouping or categorizing users within the network and for
providing
high level of privacy and security without sacrificing accessibility,
availability, and
flexibility of the user-centric portal.
According to one aspect of the invention, it provides a system for dynamically
generating a user-centric portal in a hieratically layered and distributed
network,
comprising: a network access server, aggregating a plurality of first stake
master
servers; each of the plurality of the first stake master servers aggregating a
plurality of
second stake master servers establishing first communication links therewith;
each of
the plurality of the second stake master servers aggregating a plurality of
third stake
master servers establishing second communication network links therewith; each
of
the plurality of the third stake master servers aggregating a plurality of
home devices
for forming home networks; wherein the first, the second, and the third stake
master
servers are servers of web services, comprising user management system,
service
integration engine, resource organizer, network management system and
database;
and wherein one of the first, the second and the third stake master servers
first
receives a request for the user-centric portal for a user directly or through
said
network access server from a browser with a user identification and password,
the
request is redirected to a corresponding one of the first, the second and the
third stake
master servers based on profile of the user stored in said database of the
stake master
server first received the request, the user management system of the
corresponding
server authenticating said user based on the profile of the user stored in the
database
of the corresponding stake master server, and the corresponding stake master
server
dynamically generates the user-centric portal by integrating services from
associated
ones of the first, the second and the third stake master servers based on the
profile of
the user and profiles of stakeholders associated with the user.
According to another aspect of the invention, it provides a method for
dynamically generating a user-centric portal in a hieratically layered and
distributed
network, comprising the steps of: (i) receiving a request for the user-centric
portal at
one of first stake master servers, second stake master servers and third stake
master
servers from a user through a browser with user identification and password;
wherein
the first, second and third stake master servers are servers of web services;
wherein
the first stake master servers are aggregated by the network access server;
wherein
3
CA 02520258 2005-09-20
each of the first stake master servers aggregating a plurality of the second
stake
master servers establishing first communication network links therewith;
wherein
each of the plurality of the second stake master servers aggregating a
plurality of the
third stake master servers establishing second communication network links
therewith; and wherein each of the plurality of third stake master servers
aggregating
a plurality of home devices; (ii) redirecting the request to a corresponding
one of the
first stake master servers, second stake master servers and the third stake
master
servers depending on the profile of the user stored in a database at the stake
master
server that received the request;(iii) authenticating the user at the
corresponding stake
master server; (iv) generating the user-centric portal on the corresponding
stake
master server based on the profile of the user integrating services from
associated
ones of the first, the second, and the third stake master servers; and (v)
transmitting
the user-centric portal to the browser in response to the request by the user.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will now be described in more detail with reference to the
accompanying drawings, in which:
Figure 1 illustrates a tree structure of a hierarchically layered network of
distributed stake master servers in a preferred embodiment of the present
invention;
Figure 2 illustrates a stake master monomer of the preferred embodiment of
the present invention;
Figure 3 illustrates a stakeholder-oriented architecture of the preferred
embodiment of the present invention;
Figure 4 illustrates a gate service layer of gate stakeholder of the preferred
embodiment of the present invention;
Figure 5 illustrates a local service layer of local stakeholder of the
preferred
embodiment of the present invention;
Figure 6 illustrates a home service layer of home stakeholder of the preferred
embodiment of the present invention;
4
CA 02520258 2005-09-20
Figure 7 illustrates an overall system component schematic diagram of the
preferred embodiment of the present invention;
Figure 8 illustrates a structure of the database of the preferred embodiment
of
the present invention;
Figure 9 illustrates a block diagram of an access control of the user
management system in the preferred embodiment of the present invention;
Figure 10 illustrates a block diagram of a data sharing mechanism over P2P
file sharings in the preferred embodiment of the present invention;
Figure 11 illustrates a block diagram for a peer-to-peer (or P2P) distribution
of
system mirror image in the preferred embodiment of the present invention;
Figure 12 illustrates a frame structure of a service bus interface for
integrating
resource access of the preferred embodiment of the present invention;
Figure 13 illustrates a conceptual view of generation of customized service
bus interface for each stakeholder in the preferred embodiment of the present
invention;
Figure 14 illustrates an intuitive layout of gate page for smooth data access
and exchange in the preferred embodiment of the present invention;
Figure 15 illustrates a common area of the navigation page for home control
and transaction processing frame in the preferred embodiment of the present
invention;
Figure 16 illustrates a conceptual view of service categories of resources
based
on interest of a targeted home user in the preferred embodiment of the present
invention;
Figure 17 illustrates a block diagram for compilation of service repository
process by data extraction and data transformation in the preferred embodiment
of the
present invention;
Figure 18-a illustrates a block diagram identifying features utilized for
updating of gate service bus interface and local service bus interface through
a staging
server in the gate service layer in the preferred embodiment of the present
invention;
and
5
CA 02520258 2005-09-20
Figure 18-b illustrates a block diagram identifying features utilized for
updating of home service bus interface in the preferred embodiment of the
present
invention.
DETAILED DESCRIPTION OF THE INVENTION
A system and method for dynamically generating a user-centric portal in a
hieratically layered and distributed network is disclosed.
Figure 1 illustrates a tree structure of a hierarchically layered network of
distributed stake master servers in a preferred embodiment of the present
invention.
The stake master server is a server of web services controlled by a
stakeholder,
comprising a user management system, service integration engine, resource
organizer,
network management system and database. The stakeholder is a person or a legal
entity that has interests or stakes in the system 5, such as local or regional
service
providers, e-business providers, local or regional content providers, etc. An
Internet
service provider constructs its system 5 comprising a network access server
(or NAS)
8, aggregating a plurality of first stake master servers, or gate masters 11
for forming
a gate service layer 10.
Under the gate service layer 10, the system 5 comprises a local service Iayer
20. Each of the gate masters 11 aggregates a plurality of second stake master
servers,
or local masters 21 in the local service layer 20. From the user's
perspective, each of
the local masters 21 is segregated from other local masters 21, physically,
logically or
both physically and logically, and establishes a distinct communication
network link
15 with the gate master 11 that this local master 21 belongs to. In the
preferred
embodiment of the present invention, the communication network link 15 between
the
gate master 11 and the local master 21 is established over a virtual private
network.
A plurality of third stake master servers, or home masters 31, are situated or
aggregated under each of the local masters 21, forming a home master layer 30.
In
the similar way, from the user's perspective, each of home masters 31 is
segregated
physically, logically or both physically and logically from other home masters
31 and
establishes a distinct communication link 25 with the local master 21 to which
this
home master 31 belongs. In the preferred embodiment of the present invention,
the
6
CA 02520258 2005-09-20
communication network link 25 between the local master 21 and the home master
31
is established over a virtual local area network.
Each of home masters 31 aggregates a plurality of home devices 32,
segregating the home devices 32 physically, logically or both physically and
logically
from the home devices 32 under the other home masters 31. As the result of
this
layered and physically, virtually, or virtually and physically segregated
network
structure, the system 5 provides a very secure and protected network
environment to
its users for accessing the home network 34 (not shown). In the system 5, the
gate
masters 11 and local masters 21 have fixed IP addresses; whereas the home
masters
31 and home devices 32 may have dynamically assigned IP addresses.
It is to be noted that the communication network link 15 may be dynamically
established as required. In the similar way, the communication network link 25
may
also be dynamically established as required.
It is also to be noted that each layer provides necessary functionality to the
1 S network. The layers do not need to be implemented as distinct physical
entities, but
can be implemented in routers or switches, represented by a physical media, or
combined in a single box. A hybrid hierarchical network may contain redundant
routers and switches to meet policy requirements at each serving layer.
There may be required to have more than three layers, due to some
complexities in business and/or regional service requirements. The present
invention
may allow having additional sub-layers, especially in the local service layer
20 as
required. On the other hand, the present invention may also allow omitting a
particular layer (likely, local service layer 20) if the business or/and
regional service
requirements are simple enough to do so. However, in either case, the network
hierarchy shall be maintained.
Figure 2 illustrates a stake master monomer 40 of the preferred embodiment of
the present invention. The stake master monomer 40 is a fundamental and common
platform pattern, can be configured for a specific role and / or modified to
provide a
specific functions and features, such as gate master 11 (not shown), local
master Z1
(not shown) and home master 31 (not shown). The stake master monomer 40
comprises five fundamental features, namely a user management system 41,
service
integration 42, resource organizer 43, network management 44 and database 45.
The
7
CA 02520258 2005-09-20
user management system 41 includes administering a multiple level user
authentication and authorization, and user profile management. The service
integration 42 is an integration engine for integrating various application
and services
from the same service layer to the user. The resource organizer 43 is a
resource and
content management engine to organize resources and contents available on the
system 5, enabling the system 5 to grow in its size and depth. The resource
organizer
43 also includes a web server feature. The network management 44 is for
managing a
segregated portion of network under the stake master server, including
managing a
virtual private network / virtual local area network, a dynamic host control
protocol
(or DHCP) server, a domain name server (or DNS), a dynamic domain name server
(or DDNS) server, etc. The database 45 manages all the data required for
aforementioned subsystems of stake master monomer 40, including user profiles,
stake holders' profiles, system profiles, stakeholder proprietary information,
etc.
The user management system 41 administers and provides multiple levels of
user authentication mechanism, such as those provided by a RADIUS server or
Shibboleth (an authentication and authorization middleware developed by
Internet 2)
using credentials such as password, encryption, biometric or digital
signature, etc, to
grant access to users to various servicing layers of the network.
Unlike those existing popular portals, in the preferred embodiment of the
present invention, a stakeholder generates a user name and initial password,
and initial
user profile information, including, but not limited to, user credential,
attributes and
electronic certificates, for each of the users for registration. The
registered user
information is stored at the database 45 of stake master monomer 40 of a
corresponding serving layer level. At each stake master server, there is an
administrator who has the privilege to add, delete, and update the user
information in
the database 45. In the preferred embodiment of the present invention, the
stakeholder identifies all users under its user group by legal identity
credentials, such
as passports, identity cards, or driver licenses. The stakeholder must verify
these
credentials. This is a design criteria of the stakeholder-oriented
architecture that
provide trust to service providers who can be assured that users who are
endorsed by
the stakeholders are real and having certain credible customer profile.
Since the stakeholder would have reliable information and identity of its
groups of users, the stakeholder would carry out mass registration of services
to the
8
CA 02520258 2005-09-20
groups of the users through the user management system 41. For the local
service
layer 20 (not shown), the group registration can be done at each local master
21,
where the user account may be created, and the registration information can be
uploaded to the user management system 41 of the gate master 11 for
authentication
and authorization. Registered user profiles can also be uploaded to or
mirrored by the
gate master 11, and can be analyzed and summarized. The stake mater server may
generate the statistical profiles of users by monitoring and capturing
tendencies or
traits of interests and / or behaviors of the users. The registered and
statistical user
profiles of an individual user will be retained with the respective local
master 21 for
privacy protection. The statistical user profiles collected by various stake
master
servers and the registered user profiles can be used to provide targeted and
effective
marketing services to users, such as pull and push marketing of services.
For pull marketing (or user-centric marketing), users will be able to select
services from targeted services provided by different stakeholders and service
providers through a list of master services generated at the gate master 11,
local
master 21 or home master 31. The list of master services is based on the
participating
stakeholders' profiles in the stakeholder proprietary data 69 (not shown) of
the
database 45, which is managed by the corresponding stake master server. The
targeted services are dynamically generated by different stakeholders based on
the
statistical user profiles. For users who consent with push marketing, targeted
(or
relevant to user's traits in interest) promotional materials can be selected
based on the
statistical and registered user profiles (automatically by the gate master 11,
local
master 21 or home master 31). These marketing materials are sent to the users
accordingly via personal information management means such as e-mail, Short
Message Service (or SMS), notices, etc.
Figure 3 illustrates a stakeholder-oriented architecture of the preferred
embodiment of the present invention. The gate master 11 forms a gate network
14 at
the gate service layer 10 with other gate masters 11 in the system 5. The gate
service
layer 10 may be the high-speed backbone of the network, which is crucial to
enable
fast inter-trunk access or communication to other gate masters 11. The
communication among the gate masters 11 may take place over Hyper Text
Transport
Protocol (or HTTP) and/or Hyper Text Transport Protocol over Secure Socket
Layer
(Or HTTPS) for integrating services by the service integration 42 (not shown)
and
9
CA 02520258 2005-09-20
organizing resources by the resource organizer 43 (not shown) at the level of
the gate
service layer 10. Each gate master 11 in the gate service layer 10 provides an
entry
point to the different layers of stake master servers for network support and
management. The gate master 11 also integrates services provided by gateway
service providers through the gate service layer I0.
The local master 21 forms a communication network (or local network 24) at
the local service layer 20 with other local masters 21 in the system 5,
integrating
stakeholder services. The communication among the local masters 21 may take
place
over Simple Object Access Protocol (or SOAP), Extensible Markup Language (or
XML) / Extensible Stylesheet Language Transformation (or XSLT) and/or Web
Service Description Language (or WSDL) as a part of service integration 42 and
resource organizer 43 at the level of local service layer 20. The distinct
communication network link 15 may be established between the gate master 11
and
the local master 21 for vertical service integration, facilitating the gate
master 11 and /
or the local master 21 for integrating services available through the gate
master 11 and
through the local master 21.
The home master 31 establishes a home network 34 with the home devices 32
in the system 5, integrating personal information at home service layer 30.
The
communication between home master 31 and home devices 32 may take place over
IEEE 802.11, Bluetooth, and/or IEEE 1394 as a part of service integration 42
and
resource organizer 43 at the level of home service layer 30. The distinct
network
communication link may be established between the local master 21 and the home
master 31 for vertical service integration, facilitating the local master 21
and the home
master 31 for integrating services available via the local master 21 and
through the
home master 31.
Figure 4 illustrates an example of a gate service layer 10 of gate stakeholder
of
the preferred embodiment of the present invention. In this example, one of
gate
masters 11 is connected through the network from the network access server 8.
The
gate master 11 is also connected through gate network 14 to other gate masters
11.
Those gate masters 11 may additionally provide services, such as a mail
server,
weather forecast service server, hardware supplier, software supplier,
multimedia
content provider, voice over IP gatekeeper, and / or bulletin board server.
The gate
network 14 facilitates the gate masters 11 for horizontal service integration,
enabling
CA 02520258 2005-09-20
each of the gate masters 11 to integrate services available through other gate
masters
11 in the gate network 14.
Figure 5 illustrates an example of a local service layer 20 of local
stakeholder
of the preferred embodiment of the present invention. In this example, a local
master
21 is connected to a local network 24 comprising other local masters 21
providing
various services, such as stakeholder enterprise services including enterprise
resource
management (ERM), client relation management (CRM) and public relation,
services
from local service provider including e-commerce, stakeholder local services
including notices and opinion polls, and accountings. These services are
integrated
and made available through the local master 21. In other word, the local
network 24
facilitates the local masters 21 to integrate services horizontally, enabling
each of the
local masters 21 to integrate services available through other local masters
21 in the
local network 24.
Figure 6 illustrates an example of a home service layer 30 of home stakeholder
of the preferred embodiment of the present invention. In this example, the
home
master 31 is connected to a home service network 34 for personal information
management. The home service network 34 comprises various home devices 32,
including personal computers or computing devices, communal aerial broadcast
distribution (CABD) system, home network appliances and audio visual (A/V)
equipments, and private automatic branch exchanges (PABX). The home master 31
provides means for integrating service (service integration 42 (not shown))
and for
organizing the service resources (resource organizer 43 (not shown)).
Figure 7 illustrates an overall system component schematic diagram of the
preferred embodiment of the present invention. A client browser 1 is accessing
the
system 5 through the gate master 11. A firewall 6 provides a first line of
security over
the system 5. The gate master 11 comprises an access control 102 as the user
management system 41 (not shown), web server 103, peer-to-peer (P2P) file
sharing
104 and service bus interface generation engine 101 as service integration 42
(not
shown) and resource organization 43 (not shown), database I00 as the database
45
(not shown), and, DHCP server 105 and DNS 106 as the network management 44
(not
shown). Gate network 14 is connected through the gate master 11. The service
bus
interface 80 (not shown) is a unified graphical user interface or portal
dynamically
generated by a stake master server, i.e. the gate master 11, local master 21
or home
11
CA 02520258 2005-09-20
master 31. The service bus interface 80 is segregated into multiple service
areas, with
each administered by a stakeholder. Each stakeholder could customize the
contents
on the designated service area to provide access to data that are user-centric
to the
users. The customized contents are stored in each stake master server and can
be
changed or updated by the respective stakeholder.
A local master 21 is connected to the gate master 11 over a communication
network link 15, i.e. virtual private network for segregating it from other
local masters
21. The local master 21 comprises database 200, service bus interface
generation
engine 201, access control 202, web server 203, P2P file sharing 204 and DHCP
server 205. Local network 24 may be accessed through the local master 21. When
the user is accessing services at the local service layer through the browser
1 outside
the system 5, the service request may be redirected from the gate master 11 to
the
local master 21, so that the local master 21 would be hosting the user, and be
generating the service bus interface 210. Note that the local master 2I works
as a
gateway for accessing to the home master 31 below in the system 5.
A home master 31 is connected with the local master 21 over another
communication network link 25, i.e. virtual local area network for segregating
it from
other home masters 31. The home master 31 comprises a network address
translator
(or NAT) 7, database 300, service bus interface generation engine 301, access
control
302, web server 303, P2P file sharing 304, and DHCP server 305. Home network
34
may be accessed through the home master 31, where the home master 31 works as
a
gateway to the home network 24. Optionally, the home master 31 and the home
devices 32 support Universal Plug & Play (or UPnP) feature to ensure end-to-
end
communication from a home device 32 connected there under. It is further
optional
that the home master 31 may support device control protocol for implementing
UPnP.
Each user who wants to gain an access to a hierarchical layer is authenticated
by the stake master server of the layer. For example, assuming if the user is
accessing
the system 5 from outside through the user browser 1, the user browser 1,
first,
establishes a VPN (or SSL) connection via NAS 8 (not shown) with the gate
master
11, The user, then, submits his or her username and password through the gate
page
400 of the service bus interface 110 (not shown) generated by the service bus
generation engine 101 of the gate master 11. Based on the authentication by
the
access control 102 and user attributes 61 in the database 100 at the gate
master 11, the
12
CA 02520258 2005-09-20
gate master 11 identifies a corresponding stake master server to which the
user
belongs. If the user is registered with the gate master 11 and does not
belongs to any
local master 21 or home master 31, the service bus interface generation engine
101 of
the gate master 11 will generate the gate navigation page 4016 (not shown) of
the
service bus interface 110. The gate navigation page 4016 of the service bus
interface
110 would provide access to web contents provided by the gate service layer 10
through the gate master 11. If the user belongs to a local master 21, the
request is
redirected to the corresponding local master 21. The local master 21 would
look up
the corresponding user attributes 61 in the database 200 at the local master
21 to
determine whether the request comes from a registered user at the local master
21,
who does not have a home master 31. If affirmative, and once the access
control 202
of the local master 21 authenticates the user, the service bus interface
generation
engine 201 of the local master 21 would generate the local navigation page
401L (not
shown) of the service bus interface 210 (not shown) of the local master 21. If
the user
has registered with a home master 31, then the request is further redirected
to the
corresponding home server 31. The dynamically assigned IP address of the home
master 31 has to be resolved by the dynamic domain name server 206 of the
local
master 21, since DHCP server 205 of the local mater 21 dynamically assigns IP
addresses to the home masters 31. The access control 302 of the home master 31
would then authenticate the user and its service bus interface generation
engine 301
generates the home navigation page 401H (not shown) of the service bus
interface
310 (not shown).
Alternatively, the user's request may be forwarded with his/her username and
password to an appropriate corresponding stake master server. Then, the user
browser
1 may be redirected to the hosting stake master server accordingly with user
attribute
directory 61 of the corresponding database 100, 200 or 300 at the
corresponding stake
master server, namely the gate master 11, local master 21 or home master 31.
Figure 8 illustrates a structure of the database 45 of the preferred
embodiment
of the present invention. Note that the database 45 is the fundamental design
template
or pattern for all the databases at all the stake master servers. Namely, the
database
100 for the gate master 1I, database 200 for the local master 21 and the
database 300
for the home master 31 are structured and organized in the same way as the
database
45. The database 45 comprises a plurality of fields for storing the
information related
13
CA 02520258 2005-09-20
to user management system 41, service integration 42, resource organizer 43
and
network management 44. The database 45 maintains user credentials 60, user
attributes directory 61 and E-certificate Register 62 for user management
system 41.
User credentials 60 includes, but not limited to, the information for
validating
credential of the user, such as user identification, gender, first name and
last name of
the user, e-mail address, home phone number, mobile phone number, mailing
address,
user name, password, user authorization level, user home master hostname, etc.
These information are validated by the stakeholder based on the user's proof
of
identity, including, but not limited to, passport, identification card,
drivers license, or
likewise. It may also maintain user signature in digital or hand-written
format for
authentication and validation of the user. Optionally, the user credentials 60
may
maintains time of creation for keeping track of when the entry for the user is
created,
and time of modification for keeping track of when the entry for the user is
modified
last.
User attribute directory 61 includes information regarding which group the
user belongs to, what services the user subscribes, which interest group the
user
belongs to, etc, for service providers to decide whether to provide or to
grant access to
particular resources in the system 5. User attribute directory 61 may
optionally be
updated automatically by the user management system 41 by monitoring the
user's
traits or behaviors through the browser 1. Surveyed information may be used
for
refining the marketing strategy for a stakeholder, improving the service by a
service
provider, etc.
E-certificate register 62 maintains and keeps track of E-certificate for each
user of the system 5. This is used for validating and certificating the
identity of the
user upon request for providing another level of security to the user
community in the
system 5. E-certificate may be used as in a Public Key Infrastructure with a
Certificate Authority.
System configuration 63 maintains system preference, configuration
parameters and other data for deciding the role and operational behavior of
the stake
master server.
System mirror image 64 comprises a plurality of partitions or compartments
for storing plurality of system mirror images, including system related data
such as
14
CA 02520258 2005-09-20
system configuration 63 and stakeholder proprietary data 69, for managing and
maintaining various versions of system images.
For the service integration 42, the database 45 maintains application programs
65, resource directory 66, service repository 67, application portlets 68,
stakeholder
proprietary data 69, data warehouse 70 and template 71.
Application programs 65 store a collection of service task-oriented programs
for providing controller functions to collate data and various services
available at the
serving layer of the system 5. The application programs 65 also include a
library of
subprograms, such as a collection of Java servlets. Each server application
program,
if required, would initiate communication with the other masters on the same
layer to
carry out information exchanges and request certain tasks at the other
masters.
Depending on the serving level, data exchange may be carried out through P2P
file
sharing 104, 204 or 304.
Resource directory 66 is a collection of Uniform Resource Identifiers (or
URIs) of service providers that are collected by the gate master 11 or/and the
local
master 21. The resources (such as URI) are grouped under sequential layers by
services, categories, and types. These resources are accessible from the
service bus
interface 80 and can be selected by users to form a customized listing of
portal
resources for access by the users. Each stakeholder can also add or delete
resources
from his/her own service repository. These resources can be generated
dynamically
and integrated by the gate master 11, local master 21 and/or home master 31.
Service repository 67 is a library collection of services that have been
agreed
and provided through the gate master 11 and the local master 21 to the users.
These
services are organized and identified by corresponding metadata, which include
descriptions of the services, vendors, cities where services are available,
language
support, service coverage area, uniform resource identifier, etc. The services
are
accessible by the user. The user may select a set of particular services by
editing or
personalizing his or her service bus interface 80. Each of the services is
identified by
a uniform resource identifier (or URI), which may be linked to a series of
application
portlets for the service bus interface 80. The service repository 67
integrates services
resides at a particular stakeholder service layer.
CA 02520258 2005-09-20
Application portlets 68 is a collection of portlets defining portions or sub-
frames of portal displayable page, or service bus interface that may
dynamically be
generated, and may work in conjunction with application programs 65,
stakeholder
proprietary data 69, data warehouse 70 and template 71. The size of portlet
would
vary depending on the size of the display with the browser 1 by automatically
detecting or by specifying the display size required.
Stakeholder proprietary data 69 includes stakeholder profiles and preferences,
stakeholder marketing data, statistical data, policies, rules and agreements
governing
data transfer among the system 5. The policies may include data sharing
policy,
security policy, user policy, attributes acceptance policy, and attribute
sharing policy
that each stakeholder would use to set rules that would dictate the
methodology and
extent of data exchange within the portal system. In the preferred embodiment
of the
present invention, these policies may be implemented within the operation of
an
authentication and authorization infrastructure in the similar ways as
ShibbolethTM
manages. The stakeholder proprietary data 69 is private to the stakeholder,
especially
stakeholder profiles and preferences, stakeholder marketing data, and
statistical data
that can be used for generating service bus interface 80. It is noted that the
stakeholder proprietary data 69 would not be shared with other stakeholders.
Data warehouse 70 stores multimedia files in various formats, transformed
data to accommodate particular requirements for the browser 1 or home devices
32
(i.e. display size, available throughput or bandwidth, available decoding
scheme, etc),
and/or data extracted by data mining feature via P2P file sharings 104, 204
and 304.
These data are presented to the user through the service bus interface 80, and
may be
tagged and formatted in Extensible Markup Language (or XML) for better
presentation manipulations by a stake master or browser 1.
Templates 71 include shells, containers, forms and templates of displayable
pages for generating service interface bus dynamically. Service Bus Interface
Generation Engine 101, 201 or 301, depending on the serving layer, uses and
renders
templates and frames by integrating it with application programs 65 and / or
application portlets 68 accordingly to the user profile / stakeholder
profiles.
Figure 9 illustrates a block diagram of an access control 50 of the user
management system 41 in the preferred embodiment of the present invention. The
16
CA 02520258 2005-09-20
access control 50 comprises three fundamental features, namely authentication
51,
authorization 52 and registration 53.
Authentication 51 authenticates the user based on supplied user identification
and password for verifying whether the user has a proper level of privilege
for
accessing the requested stake master server and its serving layer based on the
information stored in the user credentials 60 (not shown).
Authorization 52 authorizes the user privilege for accessing a set of server
applications, services, data and other servers in its serving layer based on
the
information in user attribute directory 61 (not shown) of the database 45 (not
shown).
Registration 53 is for an administrator or stakeholder of a serving layer to
register user to the serving layer, user group, and level of privilege or
authorization to
the serving layer. The registered information, including but not limited to
user
credentials, user attributes and electronic certificates provided by the
users, will be
stored in user credentials 60, user attributes directory 61 and E-certificate
register 63
(not shown). The registration information shall be propagated and shared (or
synchronized) with other stake master servers through P2P file sharings 104
(not
shown), 204 (not shown) and 304 (not shown) based on servicing policy mutually
agreed among stakeholders within the system.
Figure 10 illustrates a block diagram of a data sharing mechanism over P2P
file sharings 104, 204 and 304 in the preferred embodiment of the present
invention.
The gate master 11, local master 2I and home master 31 shares data over the
communication network through P2P file sharing 104, 204 and 304. Data mining
and
data extracting feature may be realized in conjunction with P2P file sharing
104, 204
and 304 at the stake master servers, namely gate master 11, local master 21
and home
master 31, respectively, so that any information in databases 100, 200 and 300
can be
shared among the stake master servers. It is noted that, in the preferred
embodiment
of the present invention, with VPN connection (or the communication network
link
15) between the gate master 11 and local master 21, and ULAN connection (or
communication network link 25) between the local master 21 and home master 31,
the
gate master 11, the local master 21 and home master 31 are under one virtually
private
network domain that enables the stake master servers to share data freely. The
service
bus interface generation engine 101, 201 and 301 may use the similar scheme
for
17
CA 02520258 2005-09-20
accessing the local database or remote database over P2P file sharings 104,
204 and
304.
For example, the data sharing mechanism shown in Figure 10 can be used for
propagating the user registration information from one stake master server to
the other
masters. User registration by an administrator at the gate master 11, the
registration
shall be done through the access control 102 (not shown) from the
administrator's
browser 1 (not shown). Once authentication and authorization of the
administrator
are confirmed through access control 102, the administrator enters the user's
registration information through the browser 1, including the user credentials
60 (not
shown), user attributes directory 61 (not shown) and E-certificate register 62
(not
shown). In similar manner, an administrator at the local master 21 does user
registration through the local master 21. Moreover, an administrator at the
home
master 31 does the user registration through the home master 31. Once the user
registration to its own master is completed, the registration information will
be shared
to the other masters. For example, once the registration is completed at the
gate
master 11, the user registration information is propagated through from P2P
file
sharing 104 to P2P file sharing 204 and P2P file sharing 304 of the local
master 21
and the home master 31, respectively. Once the local master 21 and the home
master
31 receive the registration information, it updates corresponding user
credential 60,
user attributes directory 61 and E-certificate 62 of the databases 200 and
300.
Optionally, this propagation or synchronization of user registration
information may
take place to only stake master servers associated with the user, i.e. the
gate master
11, the local master 21 and home master 31 to which the user belongs. The
propagation of user registration information enables each stake master server
to
redirect user's request to appropriate stake master server, when the user
accesses at a
different stake master server.
Figure 11 illustrates a block diagram for a P2P distribution of system mirror
image 64 in the preferred embodiment of the present invention. One of local
masters
21-1 initiates a communication with the gate master 11 for checking whether
new
system mirror image is available. The same can be initiated by a home master
31.
Once the local master 21-1 detects a newer system mirror image at the gate
server 11,
the local master 21-1 initiates to download the latest version of the system
mirror
image and receives the addresses of the other local masters that would share
the latest
18
CA 02520258 2005-09-20
updating file from the gate master 11.
The gate master 11 starts to transfer some parts of the system mirror image to
the local master 21-1 and provides the local master 21-1 with a list of other
local
masters, namely 21-2 and 21-3, that the local master 21-1 would need to
distribute the
system mirror image to. Note that the local master 21 has the database 200
partitioned in a plurality of sections for storing the system mirror images.
The local
master 21 stores the new system mirror image in a different partition than the
one
storing the currently used system mirror image. The local master 21-1 starts
transferring the same parts of the system mirror image that it just received
from gate
master 11 to the other local masters 21-2 and 21-3. Likewise, the local
masters 21-2
and 21-3 store the new system mirror image in the different partition from the
one
storing the currently used system mirror image. Upon completion of the file
sharing,
the local masters 21-1, 21-2 and 21-3 switch to operate the system from the
newly
stored system mirror image.Figure 12 illustrates a frame structure of a
service bus
interface 80 for integrating resource access of the preferred embodiment of
the present
invention. The service bus interface 80 consists of a plurality of segregated
fixed
areas or frames, namely frame 1 81, frame 2 82, frame 3 83, frame 4 84, frame
5 85,
frame 6 86, frame 7 87, frame 8 88, and frame 9 89, predefined for integration
of
applications and various services provided by the stakeholders associated to
the user.
In other words, these applications and services are provided through the
associated
ones of the gate masters 11, the local masters 21 and home masters 31 which
are
associated with the user based on the user profile and stakeholder profile.
Each frame
has a standardized display size to accommodate a frame-page. Each frame area
can
be further subdivided into smaller frame areas as required. In other words,
each frame
may comprise a plurality of sub-frames. Each of the sub-frames bears a
corresponding uniform resource identifier (URI). URI includes user selected
URI
or/and stakeholder selected URI. The user selecting one of sub-frames in one
of
frames would cause the frame that contains selected sub-frame to be refreshed
and to
bear a new set of sub-frames. Each frame has a corresponding portlet from
application portlets 68 (not shown) for dynamically generating content for the
frame,
and may utilize information from data warehouse 70, templates 71 and
application
programs 65. The portlet may exchange specific data within the network for
displaying appropriate information. The service bus interface 80, concerted
with
19
CA 02520258 2005-09-20
these mufti frames, may activate a certain service synchronously or
asynchronously
through icons to accomplish the stakeholder-servicing goal.
The service bus interface 80 provides a coherent mufti-frame navigation to
web services from a list of filtered or selected web sites, and would fit into
the full
screen of a display on a computing device, such as computer monitor through
the
browser 1. Navigational clicks, in general, will not be more than three clicks
away
from functional or application services. In other words, the user will be
navigated to a
particular web service by selecting no more than three URIs (such as hyper
links) or
frames provided through the service bus interface 80.
Each frame of the service bus interface 80 is individually refreshed during
the
navigational process, i.e. only smaller frames may be refreshed to provide an
interactive follow-me type of further navigation. This method would reduce
refreshing time and amount of traffic on the network comparing it with full-
page
refresh, and would provide a stable and faster navigation environment. Since
each
frame of the service bus interface 80 is individually processed, it can handle
multiple
web service requests at the same time. For example, one of the frames may
display a
streaming video while the user is browsing through other URLs on the other
frame.
Figure 13 illustrates a conceptual view of generation of customized service
bus interfaces 110, 210 and 310 for each stakeholder level in the preferred
embodiment of the present invention. Each of the service bus interfaces 110,
210 and
310 comprises a plurality of displayable pages. At the gate level 120, while
the gate
master 11 (not shown) is hosting the user browser 1 (not shown), the service
bus
interface generation engine 101 (not shown) of the gate master 11 (not shown)
generates a service bus interface 110, which comprises a gate page 400, a gate
navigation page 4016 and a framed header and footer page 4026.
At the local level 220, the service bus interface generation engine 201 (not
shown) of the local master 21 (not shown) generates a service bus interface
210,
which comprises the gate page 400 forwarded by the gate master 11, a local
navigation page 401L and a framed header and footer page 402L. The local
navigation page 401L has a frame area that is dynamically generated by the
service
bus interface generation engine 201 of the local master 21 for providing
accesses to
integrated local services. During the integration, resources of the service
repository
CA 02520258 2005-09-20
67 (not shown) stored at the local master 21 provided by the stakeholders at
local
service layer 20 are supplemented by the resources of the service repository
67 (not
shown) stored at the local master 21 of the stakeholders at the gate service
layer 20.
Supplemental data may be transferred through from P2P file sharing 104 to P2P
file
sharing 204. The framed header and footer page 402L comprises a header frame
with
a plurality of icons for returning to the navigation page 401L and a plurality
of icons
to pursue different categories of services as listed in the navigation page
401L. The
framed header and footer page 402L further comprises a footer frame, which
consists
of a plurality of icons of home links 533 and home control categories 534. The
body
of the header and footer page 402L bears the same function as the share
service frame
532 but has a much bigger area for displaying various interactive services
provided by
all stakeholders.
Similarly, at the home level 320, the service bus interface generation engine
301 (not shown) of the home master 31 (not shown) would generate a service bus
interface 310 that comprises the gate page 400 forwarded by the gate master
11, a
home navigation page 401H and a framed header and footer page 402H. The home
navigation page 401H of the service bus interface 310 by home master 31 has a
specific areas, namely home links 533 (not shown) and home control categories
534
(not shown) that are customized by the home stakeholder, and generated by the
service bus interface generation engine 301 of the home master 31. The service
repository 67 (not shown) stored at the home master 31 can be edited and
customized
by the home stakeholder or home users by editing and / or selecting the
services from
the service repository 67 (not shown) at the gate master 11. The resources
selected
from the service repository 67 of the gate master 11 may be listed as home
links 533,
and categorized under one of the local service categories 531 (not shown).
Figure 14 illustrates an intuitive layout of gate page 400 for smooth data
access and exchange in the preferred embodiment of the present invention. The
gate
master 11 (not shown) collects various customizations at each serving layer
level and
stores mirror images of the services at various master levels to generate a
unified
access to interoperable links with other stake master servers for retrieval
and
processing of specific portlet frames from the respective stake master server.
The
gate page 400 is a page for retrieving information for or providing services
available
through the gate masters 11 quickly to the user. The gate page 400 also
provides a
21
CA 02520258 2005-09-20
user login and look-ups of useful information from the system 5. The gate page
400
has a unique interface to reflect services particular to the geographical
location that
the user resides, corresponding to the location frames, such as location 1
500, location
2 501, location 3 502, and local 503. For example, the local master 2I (not
shown)
that the user belongs to may supply information required for the frame, local
503.
The gate page 400 further comprises a single text box 508 for input queries
for
different search engine choices indicated in search 1 509, search 2 510,
search 3 511
and search 4 512, such as, Yahoo! °, Google °, dictionary, and
yellow pages. Access
to quick links, Quick 1 515, Quick 2 516, Quick 3 517, and Quick 4 518 may be
l0 provided appropriately. Access to web mail is also provided on this gate
page 400.
After the user inputting his or her login information by entering his/her
identification
in the user name 513 and the password in the password 514 and being
authenticated,
the user can select the screen size of the display to fit into the screen size
of the
terminal device deployed by the user by selecting size 1 504, size 2 505, size
3 506 or
I S size 4 507. The mufti-frame architecture of the gate page 400 will be
dynamically
reorganized by the gate master 11 to fit into a new sequential flow of mufti-
frame
navigation on the navigation page based on the size of the display of the
terminal
device using a frame tailoring.
The frame tailoring is the process proceeded by the gate master 11. When the
20 user requests for gate page 400 to the gate master 11, the gate master 11
automatically
detects the display resolution of the browser 1 (not shown) of the terminal
device.
Based on the resolution, the gate master 11 then searches and selects
appropriate
portlets and templates in the application portlet 68 (not shown) and template
71 (not
shown). The gate master 11 forwards the selected portlets and template to data
25 warehouse 70 (not shown) for generating the frame pages) to fit with the
detected
resolution of the display. Then, the gate master 11 sends back the frame page
to the
browser 1 for display.
Figure 15 illustrates a common area of the home navigation page 401H for
home control and transaction processing frame in the preferred embodiment of
the
30 present invention. The home navigation page 401H is generated dynamically
by the
service bus interface generation engine 301 of the home master 31 (not shown),
and
comprises a plurality of frames, including a frame for gate service
applications 530
locating at the top of the home navigation page 401H. Below the gate service
22
CA 02520258 2005-09-20
application frame 530, the home navigation page 401H comprises a frame for
local
service category 531, listing up a plurality of local service category
selections for the
user to chose from, and a frame for a share service frame 532, displaying
available
services in the selected local service category through the local service
category 531.
A home links frame 533 and a home control category frame 534 are situated at
the
bottom of the home navigation page 401H. The home links frame 533 comprises a
plurality of URL links associated with personal or home use in general.
Dereferencing or following a URL link in the home links frame 533 will lead to
another dynamically generated frame pages for providing access to other home
services on the share service frame 532 or in the framed header and footer
page 402H
(not shown). Optionally, the service bus interface generation engine 301 of
the home
master 31 may dynamically generate a new pop-up window for providing accesses
to
the aforementioned services.
The home control category frame 534 comprises a number of categories and
listing for home controls or control methods associated with home devices 32
(not
shown). Dereferencing or following one of the home control category within the
home control category frame 534 will cause the service bus interface
generation
engine 301 of the home master 31 to dynamically generate a share service frame
532
with the selected category of services depicted on the share service frame
532. The
share service frame 532 is a common frame to display interactive processing of
web
services provided by all stakeholders. The dynamically generated share service
frame
532 has further navigation links and / or icons for providing interactive
steps to
display further frames on the share service frame 532 until the service has
been
consumed by the user or rendered by the service provider.
Figure 16 illustrates a conceptual view of service categories 550 of resources
based on interest of a targeted home user in the preferred embodiment of the
present
invention. Each stakeholder would set a policy on a type or types of services
to be
provided to its coherent user group, and the information is stored and managed
in the
stakeholder proprietary data 69 (not shown) of the database 45 (not shown).
The
service categories 550 are dynamically generated, in this case by the service
bus
interface generation engine 301 of the home master 31 (not shown), as part of
the
service bus interface 80 (not shown) of the stake master server. The service
categories 550 would work in conjunctions with other stake master servers for
23
CA 02520258 2005-09-20
retrieval and processing of specific portlet frames that belong to other stake
master
servers, This is to be noted that the gate master 11 and the local master 21
also
possess the same capability for generating the service categories 550
dynamically as a
part of the service bus interface 80.
Portal contents are categorized according to contributions by various levels
of
stake master servers. Each stakeholder is able to customize contents
contributed by
its level of stake master server by categories. The contents are communicated
with
the users through the service bus interface 80.
Services 600 are classified into four services, namely gate services 601,
local
services 602, home services 603 and other services 604. Each of services 600
is
broken down to a plurality of categories 610; each of categories 610 are
further
broken down to types 620. Finally, each of the types 620 is divided to
resources 630.
In this example, gate services 601 comprise one of categories 610, weather
611, and
then weather 611 is categorized into local weather 621 and international
weather 622
for types 620. Both local weather 621 and international weather 622 are
further
categorized to current weather 631 and weather forecast 632 at resources 630.
For the
local services 602, it comprises communications 612 for the categories 610;
then the
communications 612 is divided to Voice over IP (or VoIP) 623 and e-mail 624 as
the
types 620. For VoIP 623 types, it is further categorized to local call 633 and
international direct dialing call as the resources 630. For the home services
603, it
comprises a category of entertainment 613. For the other services 604, it
comprises
time and date 614. For entertainment categories 613, it is divided to TV 625
and
DVD 626 for the types 620, and for time and date categories 614, it is divided
to local
date and time 627 and date and time of an international city 628 for the types
620.
Figure 17 illustrates a block diagram for compilation of service repository
process by data extraction and data transformation in the preferred embodiment
of the
present invention. A service provider from a local service layer 20 (not
shown)
transmits service data or information from the local master 21 through the
communication network link 15 to the gate master 11. The service data is
stored in
service repository 67 in the database 200 on the local master 21, and
transmitted from
the web server 203 or P2P file sharing 204, via the communication network link
15, to
the corresponding web server 103 or P2P file sharing 104, respectively, at the
gate
master 11. The service data may be transmitted using SOAP / XML as a data
24
CA 02520258 2005-09-20
exchanging and communication protocol between the web server 103 of the gate
master 11 and the web server 203 of the local master 21 ~ Short Message
Service
(SMS) or e-mail may be used for data exchange between P2P file sharing 104 and
P2P file sharing 204. Once the gate master 11 receives the service data, then,
the gate
master 11 stores the data in the data warehouse 70 in the database 100 on the
gate
master 11. Then, the gate master 11 transforms the data using XML style
language,
or data formatting / styling rules, and combines the transformed data with web
designed forms or/and templates for generating a series of application frame
pages,
which to be stored in the database 100. The gate master 11, then, add metadata
to the
forms or/and templates to form application frame page series as usable URLs,
and
stores the frame pages in the service repository 67 of the database 100 on the
gate
master 11. When the web server 203 of the local master 21 requests frame page
files
to the web server 103 of the gate master 11 for displaying service bus
interface 210,
the gate master 11 forwards the pages to the local master 21 for caching the
page for
display on the user browser 1 (not shown). From this perspective, the web
server 203
may act as a proxy server for the web server 103 of the gate master 11. The
web
server 203 may also directly request portlets from the application portlet
warehouse
68 of the database 100 on the gate server 11.
Figure 18-a illustrates a block diagram identifying features utilized for
updating of gate service bus interface 101 and local service bus interface 201
through
a staging server 700 in the gate service layer 10 (not shown) in the preferred
embodiment of the present invention. An administrator at gate service layer 10
or
local service layer 20 (not shown) accesses the staging server 700, on which a
service
bus interface 110 for the gate master 11 or service bus interface 210 for the
local
master 21 has been tested and verified. The administrator provides his or her
user
identification and password to the access control 702 of the staging server
700. The
administrator may add or delete services through the browser 1 by alternating
contents
in the service repository 67 and/or resource directory 71 of the database 710
on the
staging server 700. The final contents are distributed to the gate master 11,
the local
master 21, and/or the home master 31 through P2P file sharing 704. For
example, the
service bus interface 110 of the gate master 11 would be distributed from the
staging
server 700 through P2P file sharing 704, over the communication network,
through
P2P file sharing 104 of the gate master 11 and P2P file sharing 204 of the
local master
CA 02520258 2005-09-20
21 for updating service repository 67 and resource directory 66 of the
database 100 on
the gate master 11 and service repository 67 and resource directory 66 of the
database
200 on the local master 21, respectively. The service bus interface 210 for
the local
master 21 would be distributed only to the local masters 21, from the service
repository 67 and resource directory 66 of the database 710 on the staging
server 700
through P2P file sharing 704 over the communication network through P2P file
sharing 204 of the local master 21 to the service repository 67 and resource
directory
66 of the database 200 on the local master 21. System mirror image may be
distributed in the similar way as well, i.e. a system mirror image from the
system
mirror image 64 in the database 710 may be distributed through P2P file
sharing 704
over the communication network through P2P file sharing 104 of the gate master
11,
P2P file sharing 204 of the local master 21, and P2P file sharing 304 of the
home
master 31 to the system mirror image 64 of the databases 100, 200 and 300 on
the
gate master 11, local master 21 and home master 31, respectively.
Figure 18-b illustrates a block diagram identifying features utilized for
updating of home service bus interface 301 in the preferred embodiment of the
present invention. An administrator at home service layer 30 accesses the home
master 31 through the browser 1 via the web server 303 for updating the home
master
service bus interface 301. The home master 31 authenticates the administrator
based
on the administrator's identification and password supplied by the
administrator at the
access control 302. Once the administrator is authenticated, the administrator
may
add or delete services by alternating the contents in the resources directory
66 and
service repository 67. Once the services are finalized, the system mirror
image will
be stored in the system mirror image 64 of the database 300 on the home master
31.
It is to be understood that the embodiments and variations shown and
described herein are merely illustrations of the principles of this invention
and that
various modifications may be implemented by those skilled in the art without
departing from the spirit and scope of the invention.
26
