WO2008039481A1 - System, method and computer program product for identifying, configuring and accessing a device on a network - Google Patents

System, method and computer program product for identifying, configuring and accessing a device on a network Download PDF

Info

Publication number
WO2008039481A1
WO2008039481A1 PCT/US2007/020750 US2007020750W WO2008039481A1 WO 2008039481 A1 WO2008039481 A1 WO 2008039481A1 US 2007020750 W US2007020750 W US 2007020750W WO 2008039481 A1 WO2008039481 A1 WO 2008039481A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
service
network
universal
locator
Prior art date
Application number
PCT/US2007/020750
Other languages
French (fr)
Inventor
Michael W. Johnson
Ryo Koyama
Original Assignee
Yoics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yoics filed Critical Yoics
Priority claimed from US11/860,876 external-priority patent/US8447843B2/en
Publication of WO2008039481A1 publication Critical patent/WO2008039481A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0253Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using browsers or web-pages for accessing management information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0879Manual configuration through operator

Definitions

  • the present invention relates to networked devices, and more particularly to automatic configuration, identification and access of devices on a network.
  • a system, method, and computer program product are provided for identifying, configuring, and accessing a device connected to a network.
  • a device connected to a network is automatically identified. Additionally, the device is automatically configured. Strictly as an option, the device may be accessed on the network.
  • Figure 1 illustrates a network architecture, in accordance with one embodiment.
  • Figure 2 illustrates an exemplary computer system, in accordance with one embodiment.
  • Figure 3 shows a method for automatically configuring a device connected to a network, in accordance with one embodiment.
  • Figure 4 shows a method or identifying a device on a network, in accordance with one embodiment.
  • Figure 5 shows a system for accessing a device on a network and/or automatically configuring a device connected to the network, in accordance with another embodiment.
  • Figure 6 illustrates an automatic identification method, in accordance with another embodiment.
  • Figure 7 illustrates an automatic identification method, in accordance with another embodiment.
  • Figure 8 illustrates an abstracted device configuration, in accordance with another embodiment.
  • Figure 9 illustrates a system for establishing a peer-to-peer connection between devices on a network, in accordance with another embodiment.
  • Figure 10 illustrates a method for registering a device with a service server, in accordance with another embodiment.
  • Figure 11 illustrates a method for allowing a connection between devices utilizing a service server, in accordance with another embodiment.
  • Figure 12 illustrates a method for generating a session between peer devices, in accordance with another embodiment.
  • Figure 13 illustrates a session containing different types of tunnels, in accordance with another embodiment.
  • Figure 14 illustrates a service webpage for remotely accessing a device over a network, in accordance with another embodiment.
  • Figure 15 illustrates a user-created web space for remotely accessing a device over a network, in accordance with another embodiment.
  • Figure 16 illustrates a web space for remotely accessing a device over a network, in accordance with another embodiment.
  • FIG. 1 illustrates a network architecture 100, in accordance with one embodiment.
  • the network 102 may take any form including, but not limited to a telecommunications network, a local area network (LAN), a wireless network, a wide area network (WAN) such as the Internet, peer-to-peer network, cable network, etc. While only one network is shown, it should be understood that two or more similar or different networks 102 may be provided.
  • LAN local area network
  • WAN wide area network
  • Internet peer-to-peer network
  • cable network etc. While only one network is shown, it should be understood that two or more similar or different networks 102 may be provided.
  • Coupled to the network 102 is a plurality of devices.
  • a server computer 104 and an end user computer 106 may be coupled to the network 102 for communication purposes.
  • Such end user computer 106 may include a desktop computer, lap-top computer, and/or any other type of logic.
  • each of these computers can host independent virtual computers or services, which may operate as independent capabilities, each uniquely connected to the network.
  • various other devices may be coupled to the network 102 including a personal digital assistant (PDA) device 108, a mobile phone device 110, a television 112, a networked camera 113, an irrigation controller 114, a network router 115, a media server, 116, etc.
  • PDA personal digital assistant
  • devices may be coupled to the network via a separate network. These separate networks could feature the same protocols as the main network, 102, or be managed under an entirely different set of parameters where some intermediary device serves to translate the protocols between the two networks.
  • FIG. 2 illustrates an exemplary computer system 200, in accordance with one embodiment.
  • the computer system 200 may be implemented in the context of any of the devices of the network architecture 100 of Figure 1.
  • the computer system 200 may be implemented in any desired environment.
  • a computer system 200 is provided including at least one central processor 201 which is connected to a communication bus 202.
  • the computer system 200 also includes main memory 204 [e.g. random access memory (RAM), etc.].
  • the computer system 200 also may include a graphics processor 206 and/or a display 208.
  • the single shared communication bus depicted is simply for illustrative purposes, and the various elements could communicate with the central processor or with other elements across dedicated buses.
  • the computer system 200 may also include a secondary storage 210.
  • the secondary storage 210 includes, for example, a hard disk drive and/or a removable storage drive, representing a floppy disk drive, a magnetic tape drive, a compact disk drive, memory cards, devices with storage (e.g. MP3 players, digital cameras) etc.
  • the removable storage drive reads from and/or writes to a removable storage unit in a well-known manner.
  • Computer programs, or computer control logic algorithms may be stored in the main memory 204 and/or the secondary storage 210. Such computer programs, when executed, enable the computer system 200 to perform various functions. Memory 204, storage 210 and/or any other storage are possible examples of computer-readable media.
  • Figure 3 shows a method 300 for automatically configuring a device connected to a network, in accordance with one embodiment.
  • the method 300 may be implemented in the context of the architecture and environment of Figures 1 and/or 2. Of course, however, the method 300 may be carried out in any desired environment.
  • a device connected to a network is automatically identified. See operation 302. Additionally, the device is automatically configured. See operation 304.
  • a device refers to any device capable of being connected to a network.
  • the device may include, but is not limited to, a PDA, a mobile phone, a television, a camera, an irrigation controller, a network router, a media server, a computer, and/or any other device that meets the above definition.
  • the configuration of the device may involve any type of configuration.
  • the configuration may include setting configurable parameters.
  • the configuration may include updating and/or installing software on the device.
  • Figure 4 shows a method 400 for identifying a device on a network, in accordance with one embodiment.
  • the method 400 may be implemented in the context of the architecture and environment of Figures 1-3. Of course, however, the method 400 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • a device connected to a network is identified utilizing a unique identifier associated with the device. See operation 402.
  • a unique identifier refers to any identifier that is unique to the device.
  • the unique identifier may include, but is not limited to, a Media Access Control (MAC) address, a Universal Product Code (UPC), and/or any other identifier that meets the above definition.
  • MAC Media Access Control
  • UPC Universal Product Code
  • the device may be associated with a Universal Device Locator (UDL).
  • UDL Universal Device Locator
  • the UDL may include any term (e.g. familiar term, etc.) capable of being used for identification purposes.
  • such UDL may be associated with a service on the network.
  • a UNIQUE ID of a device may be associated with a particular UDL, such that the UDL and derivatives of the UDL may be used by the service to access (e.g. locate, etc.) the device on the network.
  • the association of the device to the UDL may be utilized to establish a direct peer-to-peer network between the device and a remote device associated with the UDL.
  • the device may be configured once the device is identified. See operation 404.
  • the device may be automatically configured. In another embodiment, the device may be manually configured.
  • Figure 5 shows a system 500 for accessing a device on a network and/or automatically configuring a device connected to the network, in accordance with another embodiment.
  • the system 500 may be implemented in the context of the architecture and environment of Figures 1-4. Of course, however, the system 500 may be implemented in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description. 20750
  • a device 502 may be identified utilizing a unique identifier 504 (e.g. UNIQUE ID, etc.) associated therewith.
  • the device 502 may include any of the devices described above with respect to Figures 1 and/or 2, and/or any other device capable of utilizing a network.
  • the device 502 may include a camera connected to a network 506.
  • the UNIQUE ID 504 may include, for example, a MAC address (and/or may be derived from a MAC address), a universal product code (UPC) number, and/or other type of unique identifier capable of guaranteeing the uniqueness of the ID across a plurality of different vendors (e.g. service providers, product providers, etc.).
  • the device 502 may also be associated with a service having a particular Universal Device Locator (UDL) 512.
  • the UDL 512 may represent an individual, an entity (e.g. a company, vendor, etc.), etc. Accordingly, the service may be provided by such individual, entity, etc.
  • the device 502 may be associated with multiple UDLs 512, where each of the UDLs 512 represents various individuals or entities (e.g. user, manufacturer, software provider, reseller, etc.).
  • the device 502 may be associated with the UDL 512 by associating the UNIQUE ID 504 of the device 502 with the UDL 512.
  • the UNIQUE ID 504 and the UDL 512 may be associated at a UDL server 514 (e.g. the association may be stored at the UDL server 514, etc.).
  • a master UDL may optionally be identified (e.g. predetermined, etc.) which designates particular permissions for each of the UDLs 512 with respect to the device 502.
  • each UDL 512 may be designated as having authority over particular capabilities (e.g. functionality, etc.) of the device 502.
  • a user e.g. owner, etc.
  • the UDL 512 may access the device 502 over the network 506 (e.g. from a location remote from the device, etc.) utilizing the service providing the UDL 512.
  • the network 506 may include the Internet, but of course the network 506 may also include any of the networks described above with respect to Figure 1.
  • a user may access the device 502 from a remote personal computer (PC) 508 utilizing the association of the UDL 512 and the UNIQUE ID 504, as shown.
  • the user may login to the service (e.g. the service providing the UDL 512, etc.) for authenticating the user and for identifying any devices associated therewith.
  • the user may login utilizing a UDL 512.
  • devices associated with the user's address e.g. internet protocol (IP) address, etc.
  • IP internet protocol
  • a user may purchase a router 516 and configure the router for his/her home Internet connection.
  • the user may also associate the MAC address of the router with an Internet service UDL 512.
  • the router 516 may be manufactured by Company A.
  • the user may grant the manufacturer (Company A) permission to provide any updates to the firmware of the router utilizing the UDL 512 associated with the router 516.
  • the user may login anywhere he/she has access to an Internet connection and may establish a direct connection with the router 516 utilizing the associated UDL 512.
  • Company A may determine that it needs to provide a firmware update to the router 516.
  • the user may grant the manufacture permission to access the router 516 on a case-by-case basis, such that Company A may send an alert to the router 516 for communicating with the user (e.g. the next time that the device owner logged into the service, etc.).
  • the user may then determine whether or not to update the firmware of the router 516 based on the received alert.
  • the user may be traveling internationally and may receive a call from home that there is a problem with the home Internet connection, hi a situation where no one at home is knowledgeable enough to check the home router 516, the user may login to the Internet service capable of providing direct connection to the home router 516 and may select his/her home router 516. A browser application may then be launched and a user interface for the home router 516 may be made available to the user for remotely configuring the home router 516 as if he/she were accessing the router via the local network. For example, the user may reset the home router 516 and re-establish the Internet connection such that the home Internet connection is repaired.
  • the owner of a network connected video camera 502 may select to make a UDL 512 associated with the camera 502 and any information associated therewith visible and searchable to anyone using the Internet service.
  • the device owner may be going on vacation and may ask another person (e.g. a neighbor, etc.) to monitor his/her camera 502 while he/she is away.
  • the device owner may provide the other person with the UDL 512 associated with the device 502.
  • the neighbor may then login to the Internet service and conduct a search for devices associated with the UDL 512. Any devices associated with the UDL 512 may be presented and the neighbor may request and receive permission (e.g. temporary permission, permanent permission, etc.) from the device owner to view the network camera 502 over the network 506.
  • permission e.g. temporary permission, permanent permission, etc.
  • the association of the UNIQUE ID 504, which in the present embodiment includes the MAC address of the device, with the UDL 512 may therefore allow for searching for and accessing remote devices via UDLs 512, such that a user attempting to access a remote device need not know or remember the UNIQUE ID 504 of the device 502 which may be a complex set of numbers that may not be easily remembered.
  • a browser plug in may be available for the Internet service, such that a user may use the "devicename@userID" as a UDL 512 to locate the device 502.
  • the protocol type may be entered along with the UDL 512, similar to how Internet addresses may be entered.
  • Table 1 illustrates an exemplary UDL 512 associated with a sample Internet Service that may be utilized for accessing the device 502. It should be noted that the UDL illustrated in Table 1 is for illustrative purposes only, and therefore should not be construed as limiting in any manner.
  • the association of the UDL 512 and the UNIQUE ID 504 of the device 502 may be utilized for tracking product ownership.
  • devices may automatically register when connected to a network and identify their location (e.g. IP address, etc.) to the Internet service.
  • a purchaser of used goods may request that payment be automatically released upon transfer of the device to the new UDL associated with the purchaser.
  • a transfer of an association between a device's UNIQUE ID 504 and/or UDL 512 and a user may be utilized for triggering a commerce/commercial transaction.
  • the association of the UDL 512 and the UNIQUE ID 504 of the device 502 may also 007/020750
  • the UDL 512 may remain associated with the current owner.
  • the association between the UDL 512 and the UNIQUE ID 504 of the device 502 may also be used by a system integrator, reseller or manufacturer for configuring the device 502 for a customer.
  • the reseller may take ownership of the device 502 by associating a UDL 512 of the reseller with the device 502 and may further fully configure the device 502 for the customer. The reseller may then transfer ownership to a UDL 512 of the customer upon completing the configuration.
  • This method of pre-configuration could also be used as a mechanism for product registration.
  • the customer may optionally have the ability to temporarily grant access permission in order to temporarily provide direct access to the device 502, thus facilitating on-going sessions of technical support.
  • the device 502 connected to the network 506 may be automatically identified and, in turn, automatically configured.
  • the automatic identification of un-configured devices may allow for the configuration of such devices on the network 506.
  • such configuration may be performed without knowledge of a local IP address associated with the device 502 which may be acquired over the network 506 via DHCP (Dynamic Host Configuration Protocol). Accordingly, a user may locate and configure the device 502 by simply connecting the device 502 to the network 506 and/or by connecting to a service provided by a service provider with any other device.
  • DHCP Dynamic Host Configuration Protocol
  • any un-configured device on the network 506 may be automatically detected, configured and linked to an account associated with the service. Once configured, a user may be able to reconfigure and update the device by connecting to the service and selecting the device to reconfigure or update. In 007/020750
  • the service may also allow a connection to the configured device without the knowledge of an Internet Protocol (IP) address associated with the device.
  • IP Internet Protocol
  • a device class interface (e.g. user interface, etc.) may be configured or changed, thus allowing additional devices to connect and/or existing devices to be re-configured.
  • configurable information e.g. attributes, etc.
  • a user may be able to configure the device 502 at the homepage of the service provider, and the device 502 may then be updated (e.g. based on user selections, etc.).
  • the communication between the service and device 502 may consist of a protocol that can update configuration and memories of the device 502 at the request of a user or the associated service provider.
  • a system that provides video cameras for monitoring purposes may allow a server associated with a service provider to automatically identify un-configured (e.g. unregistered, etc.) devices.
  • a source IP address us * ed to connect to the server may be detected.
  • a registered user e.g. of the service
  • a source IP address associated with such user may be logged.
  • This source IP address could be either a static or dynamic, and does not have to remain constant with a user ID. Rather, the IP address for the user and the un-configured device would be associated on a login-session basis.
  • an un-configured device is detected from the same source IP address as the logged source IP address, then it may be determined that the un-configured device belongs to the registered user. Specifically, such determination may be made on the basis that the un-configured device corresponds to the same source IP address. In a situation where a router utilizes Network Address Translation (NAT) to source all connections associated with a network, the device can enter the Auto 20750
  • NAT Network Address Translation
  • Automatic identification may therefore allow a user to find and configure the device 502 plugged into the network 506 without having to read complex instructions, change a configuring computer's network settings or install any software on a user computer 510.
  • the user may simply plug in the device 502 and go to a service homepage, where the device 502 may automatically be displayed such that the user may configure the device 502.
  • the device 502 Once initialized to the user (e.g. registered to the user, etc.), the device 502 may be easily configured, updated or controlled from any source by the user through the service.
  • the user could also grant to other users of the service various levels of permission on either a permanent or temporary basis. Such permissions could include monitoring, configuring, reconfiguring or even transfer.
  • Figure 6 illustrates an automatic identification method 600, in accordance with another embodiment.
  • the method 600 may be implemented in the context of the architecture and environment of Figures 1-5. Of course, however, the method 600 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • an un-configured device may power on and attempt to use an automated network service to acquire a configuration resource from a network server (e.g. a DHCP server, etc.). See operation 602. Once the resource is acquired, the device may attempt to connect to a service. See operation 604. If the connection is successful the device may enter a service chat mode (e.g. passive chat mode). See operation 606. Moreover, the device may await a command from the service provider.
  • a network server e.g. a DHCP server, etc.
  • the device may signify to the user via an indicator that the device has failed to acquire a resource. The device may then continue to acquire the network resource unless directed otherwise by the user. If the device is unable to connect to the service, the device may signify to the user via an indicator that the device has failed to connect to the service. The device may then continue attempting to connect to the service unless directed otherwise by the user. See operation 608.
  • the device may signify to the user via an indicator that it has connected to the service. The device may then await further commands from the service. See operation 610. Upon receiving instructions from the service, the device may update its internal database with identifying information.
  • the device may update information associated with its configuration. See operation 612. Additionally, a local registration database may be updated. See operation 614. In addition, the device may await further commands from the service.
  • Figure 7 illustrates an automatic identification method 700, in accordance with another embodiment.
  • the method 700 may be implemented in the context of the architecture and environment of Figures 1-6. Of course, however, the method 700 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • a user may log into a service with an associated identifier (e.g. ID, username, etc.) and password. See operation 702.
  • the service may provide access to the user based on the associated identifier.
  • the service may then check for any un-configured devices from the users IP address that have contacted the service. See operation 704. If any un-configured device exists, such device may be displayed to the user. See operation 706.
  • the service e.g. YOICS service
  • the service e.g. YOICS service
  • a mechanism could be in place to allow device ownership transfer or simply to provide sharable access.
  • the user may optionally select to configure the device. If the user selects to configure the device, then the device may be configured as being associated with the user. In this way, the user may be allowed to configure and control the device.
  • the user is presented with devices owned by the user and options for configuration and control. See operation 708. It should be noted that once a device is configured and associated with a service ID, the device may be removed from a network associated with the user and plugged into another network where the associated service ID may still be able to control it. This may therefore allow users to configure devices and retain ownership and control of such devices once deployed.
  • Figure 8 illustrates an abstracted device configuration 800, in accordance with another embodiment.
  • the abstracted device configuration 800 may be implemented in the context of the architecture and environment of Figures 1- 7.
  • the abstracted device configuration 800 may be implemented in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • a device 802 may be configured through a service.
  • Each class of devices may be associated with a first set of configurable options.
  • the first set of configurable options may be stored in a local device database 806 associated with each device 802. US2007/020750
  • each class of devices may be associated with a second set of options.
  • the second set of options may be stored in a service database.
  • the device 802 may not be configurable. In this way, a need for a device user interface and its associated network infrastructure may be alleviated, thus possibly lowering the complexity and cost of the device 802.
  • the service may be able to control and configure the device 802 through a simple device protocol that runs in conjunction with a chat protocol 814 associated with the service.
  • a user interface for the device configuration may be implemented through the service and may be scriptable to allow the addition of many classes of devices. Such classes of devices may be created and supported by the service and/or created and supported by a partner of the service.
  • a user may select a device 802 to configure (e.g. utilizing a web browser 812).
  • the device 802 may be looked up in the device database 806.
  • the chat engine 814 may query the device 802 for the current configuration.
  • a corresponding web configuration interface template 808 for the selected device 802 may be populated with the current device configuration and may then be displayed to the user.
  • Such web configuration interface template 808 for the selected device 802 may be populated using a device configuration control table 810, for example.
  • the user may customize the device configuration and the chat engine 814 may make the desired customization to the device 802.
  • the configuration may then be re-read, and displayed once again to the user to verify that the changes are correct.
  • device classes may have different web interface "skins" depending on which service ED or device properties are configured. US2007/020750
  • Figure 9 illustrates a system 900 for establishing a peer-to-peer connection between devices on a network, in accordance with another embodiment.
  • the system 900 may be implemented in the context of the architecture and environment of Figures 1-8. Of course, however, the system 900 may be implemented out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • associated devices and User IDs may be utilized to establish a direct peer-to-peer network connection between a remote device and another device, where the other device is utilized by a user for logging in to a service allowing access to the remote device.
  • the direct connection between the two devices may ensure efficient topology, particularly where both devices are located within the same local area network (LAN).
  • LAN local area network
  • the service may be used to facilitate the remote devices and/or users connecting based on their associated User IDs, UDLs and/or UNIQUE IDs, along with the associated permissions and/or delegations configured on the service and/or device or specified by the users.
  • the service may track the location of the devices, the users and their associated User IDs, UDLs and/or UNIQUE IDs (i.e. the users' internet IP and port addresses used by the user/device from the device/user perspective and the perspective of the internet service).
  • This information may allow the remote devices to be informed, for example, when the service attempts to create a session between such remote devices (and/or between one or more other remote devices) using the information passed to the devices from the service.
  • the information may include addressing information, encryption keys, access rights, and/or any other information capable of being utilized in the creation and operation of the connection between the remote devices and/or users of the service.
  • any part of the communications e.g. between the devices and/or between the devices and the service
  • a camera 901 and/or user may communicate with a service server 903 via standard Internet Protocols (e.g. TCP, UDP, and/or other internet protocol) and may transmit to the service server 903 (i.e. UDL server) its local address and port from the local network 904, its associated UNIQUE ID 5 authentication information and/or any other information associated therewith.
  • the service server 903 may store the received information along with a perceived Internet address and communication port for the device/user (e.g. as determined by the service server 903). With this information, the service server 903 may determine if it will acknowledge the device (e.g. the camera 901) of its enrolment (e.g. registered status, etc.) and/or give the device further instructions. In this way, the camera 901 and/or user may register with the service server 903.
  • connections created between such devices may be facilitated by the service server 903.
  • a remote user via a PC 910 may request access to the camera 901, and the service server 903 may determine if the remote user has access rights to connect to the camera 901. If the remote user has such access rights, the service server 903 may send a connect message to both the camera 901 and the requesting user.
  • the connect message may contain various information related to internet addresses and ports, encryption and authentication keys, access rights and/or other session information used to create a connection between the two peer devices (i.e. the camera 901 and the user's PC 910). Using this information, packets may be sent to the requested addresses specified in the connect message in an attempt to create a direct connection between the devices using internet protocols (e.g. user datagram protocol (UDP), transmission control protocol (TCP) and/or any other internet protocol, etc.). If a direct connection is unable be established, an indirect connection via the service server 903 (or possibly any other well connected internet device or server) may optionally be established. Once a peer connection has been established between various devices, a session may be generated and any type of data may be sent over the connection.
  • internet protocols e.g. user datagram protocol (UDP), transmission control protocol (TCP) and/or any other internet protocol, etc.
  • tunnels may be established between the devices utilizing the session.
  • These tunnels may directly map other Internet protocols [e.g. UDP, TCP, internet control message protocol (ICMP), etc.], or may also map custom information and protocols.
  • UDP User Datagram Protocol
  • TCP Transmission Control Protocol
  • ICMP internet control message protocol
  • Such protocols may be defined in a tunnel connection negotiation message, and/or in any other manner that may optionally be dependent on the session set-up or the device type.
  • Each session may contain a single tunnel, but of course may also utilize any number of different types of tunnels.
  • Figure 10 illustrates a method 1000 for registering a device with a service server, in accordance with another embodiment.
  • the method 1000 may be implemented in the context of the architecture and environment of Figures 1-9. Of course, however, the method 1000 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • an idle user/device is attached to a service. See operation 1002.
  • a request authorization is sent to a server. See operation 1004. If a server authentication response is received, authentication and identification information is sent. See operation 1006.
  • a new server is stored to use. See operation 1008. Another request authentication may be sent to this new server. Once authentication and identification information is sent, it is determined whether the authentication/identification passes or fails. If the authentication/identification passes, the user/device is registered. See operation 1010. If the authentication/identification fails, new credentials are requested from the user. See operation 1012. As shown, if a retry count or a number of attempts threshold is reached, the user/device is set back to idle.
  • Figure 11 illustrates a method 1100 for allowing a connection between devices utilizing a service server, in accordance with another embodiment.
  • the method 1100 may be implemented in the context of the architecture and environment of Figures 1-10. Of course, however, the method 1100 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • a request is received to connect to a session while in an idle mode. See operation 1102.
  • rights are checked and a search for a target peer is initiated. See operation 1104. If a target peer is found and the rights are validated, an initiate connect message is constructed and initiated to both peers. See operation 1106. If a target peer is not found and/or the rights are not validated, an error message is constructed. See operation 1108.
  • Figure 12 illustrates a method 1200 for generating a session between peer devices, in accordance with another embodiment.
  • the method 1200 may be implemented in the context of the architecture and environment of Figures 1- 11. Of course, however, the method 1200 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • an idle system receives an initiate connection message from a server. See operation 1202. Peer "hello packets" are then sent. See operation 1204. If the "hello packet” is received, a peer acknowledgement (ACK) packet is sent. See operation 1206 and operation 1208. Once the ACK packet is sent, and the "hello packet" is received, a connection is made. See operation 1210.
  • ACK peer acknowledgement
  • Figure 13 illustrates a session 1300 containing different types of tunnels, in accordance with another embodiment.
  • the session 1300 may be viewed in the context of the architecture and environment of Figures 1-12. Of course, however, the session 1300 may be viewed in the context of any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • tunnels may be established between the devices utilizing the session.
  • These tunnels 1306 may directly map other Internet protocols [e.g. UDP, TCP, internet control message protocol (ICMP), etc.], or may also map custom information and protocols.
  • Such protocols may be defined in a tunnel connection negotiation message, and/or in any other manner that may optionally be dependent on the session set-up or the device type.
  • Each session may contain a single tunnel, but of course may also utilize any number of different types of tunnels as show in Figure 13.
  • Figure 14 illustrates a service webpage 1400 for remotely accessing a device over a network, in accordance with another embodiment.
  • the service webpage 1400 may be implemented in the context of the architecture and environment of Figures 1-13. Of course, however, the service webpage 1400 may be implemented in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • service access software utilized for remotely accessing a device over a network may be distributed via web-embeddable software code 1401 using Java, Active-X, Flash, and/or any other browser embeddable code.
  • machine installable software programs, machine embedded software and/or any other types of software configurations may be utilized for distributing the service access software via the web-embeddable software code 1401.
  • the embeddable software code 1401 may be inserted with other web-base object code, such as static HTML content 1402, dynamic HTML content 1403, Java script 1404 and/or any other type of web-servable content in any order or form.
  • a user of the service may be allowed to access an associated account and devices via the web-embedded code, thus preventing the need to download and install software for obtaining such access. This may be useful for accessing service enabled devices and users from remote places such as Internet cafes and other public locations where downloading and installing applications is not possible.
  • Figure 15 illustrates a user-created web space 1500 for remotely accessing a device over a network, in accordance with another embodiment.
  • the service webpage 1500 may be implemented in the context of the architecture and environment of Figures 1-14. Of course, however, the service webpage 1500 may be implemented in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • embeddable code may allow public or private access to user devices from user-created web space 1500.
  • the user created web-space 1500 may include web content hosted on web servers, online personal spaces (e.g. myspace.com®, Facebook, etc.), any user created web content 1502, embeddable web object (e.g. embeddable web objects 1503 and 1504), etc.
  • the web embeddable code may be sourced from the user's website, the services website and/or a third party website.
  • direct access to devices such as web- cameras 1503 may be allowed and/or access or status information associated with devices (e.g.
  • answering machines 1504 may be received without the need for static IP addresses, dynamic IP resolving services, redirection servers, firewall port forwarding, and/or any other consumer configuration that may otherwise prevent such access. It should be noted that the user content and the embeddable code may be formatted in any desired manner, and is therefore not limited to user-created web space 1500 shown.
  • Figure 16 illustrates a web space 1600 for remotely accessing a device over a network, in accordance with another embodiment.
  • the web space 1600 may be implemented in the context of the architecture and environment of Figures 1-15. Of course, however, the web space 1600 may be implemented in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
  • the web space 1600 may provide access to a network printer, a configuration screen for a router, or any dedicated network device or a TCP/IP service running on a system. Additionally, such devices and services may be transformed into a remote accessible and shareable internet resource without having to modify a firewall of the system.
  • a mouse corresponding with the system will display a window 1604 which may allow a user to access devices on a network.
  • the window 1604 may allow the user to connect to a device, disconnect from a device, restart the web space 1600 and refresh the plurality of network devices and services 1602, change access to a device, configure parameters on a device, and/or various other functions.

Abstract

A system, method, and computer program product are provided for identifying, configuring, and accessing a device connected to a network. In operation, a device connected to a network is automatically identified. Additionally, the device is automatically configured. Strictly as an option, the device may be accessed on the network.

Description

SYSTEM, METHOD AND COMPUTER PROGRAM
PRODUCT FOR IDENTIFYING, CONFIGURING AND
ACCESSING A DEVICE ON A NETWORK
BACKGROUND AND FIELD OF THE INVENTION
[0001] The present invention relates to networked devices, and more particularly to automatic configuration, identification and access of devices on a network.
SUMMARY
[0002] A system, method, and computer program product are provided for identifying, configuring, and accessing a device connected to a network. In operation, a device connected to a network is automatically identified. Additionally, the device is automatically configured. Strictly as an option, the device may be accessed on the network.
Brief Description Of The Drawings
[0003] Figure 1 illustrates a network architecture, in accordance with one embodiment.
[0004] Figure 2 illustrates an exemplary computer system, in accordance with one embodiment.
[0005] Figure 3 shows a method for automatically configuring a device connected to a network, in accordance with one embodiment.
[0006] Figure 4 shows a method or identifying a device on a network, in accordance with one embodiment.
[0007] Figure 5 shows a system for accessing a device on a network and/or automatically configuring a device connected to the network, in accordance with another embodiment.
[0008] Figure 6 illustrates an automatic identification method, in accordance with another embodiment.
[0009] Figure 7 illustrates an automatic identification method, in accordance with another embodiment.
[0010] Figure 8 illustrates an abstracted device configuration, in accordance with another embodiment.
[0011] Figure 9 illustrates a system for establishing a peer-to-peer connection between devices on a network, in accordance with another embodiment. [0012] Figure 10 illustrates a method for registering a device with a service server, in accordance with another embodiment.
[0013] Figure 11 illustrates a method for allowing a connection between devices utilizing a service server, in accordance with another embodiment.
[0014] Figure 12 illustrates a method for generating a session between peer devices, in accordance with another embodiment.
[0015] Figure 13 illustrates a session containing different types of tunnels, in accordance with another embodiment.
[0016] Figure 14 illustrates a service webpage for remotely accessing a device over a network, in accordance with another embodiment.
[0017] Figure 15 illustrates a user-created web space for remotely accessing a device over a network, in accordance with another embodiment.
[0018] Figure 16 illustrates a web space for remotely accessing a device over a network, in accordance with another embodiment.
DETAILED DESCRIPTION
[0019] Figure 1 illustrates a network architecture 100, in accordance with one embodiment. As shown, at least one network 102 is provided. In the context of the present network architecture 100, the network 102 may take any form including, but not limited to a telecommunications network, a local area network (LAN), a wireless network, a wide area network (WAN) such as the Internet, peer-to-peer network, cable network, etc. While only one network is shown, it should be understood that two or more similar or different networks 102 may be provided.
[0020] Coupled to the network 102 is a plurality of devices. For example, a server computer 104 and an end user computer 106 may be coupled to the network 102 for communication purposes. Such end user computer 106 may include a desktop computer, lap-top computer, and/or any other type of logic. Further, each of these computers can host independent virtual computers or services, which may operate as independent capabilities, each uniquely connected to the network. Still yet, various other devices may be coupled to the network 102 including a personal digital assistant (PDA) device 108, a mobile phone device 110, a television 112, a networked camera 113, an irrigation controller 114, a network router 115, a media server, 116, etc. Additionally, devices may be coupled to the network via a separate network. These separate networks could feature the same protocols as the main network, 102, or be managed under an entirely different set of parameters where some intermediary device serves to translate the protocols between the two networks.
[0021] Figure 2 illustrates an exemplary computer system 200, in accordance with one embodiment. As an option, the computer system 200 may be implemented in the context of any of the devices of the network architecture 100 of Figure 1. Of course, the computer system 200 may be implemented in any desired environment. [0022] As shown, a computer system 200 is provided including at least one central processor 201 which is connected to a communication bus 202. The computer system 200 also includes main memory 204 [e.g. random access memory (RAM), etc.]. The computer system 200 also may include a graphics processor 206 and/or a display 208. It should be noted that the single shared communication bus depicted is simply for illustrative purposes, and the various elements could communicate with the central processor or with other elements across dedicated buses.
[0023] The computer system 200 may also include a secondary storage 210. The secondary storage 210 includes, for example, a hard disk drive and/or a removable storage drive, representing a floppy disk drive, a magnetic tape drive, a compact disk drive, memory cards, devices with storage (e.g. MP3 players, digital cameras) etc. The removable storage drive reads from and/or writes to a removable storage unit in a well-known manner.
[0024] Computer programs, or computer control logic algorithms, may be stored in the main memory 204 and/or the secondary storage 210. Such computer programs, when executed, enable the computer system 200 to perform various functions. Memory 204, storage 210 and/or any other storage are possible examples of computer-readable media.
[0025] Figure 3 shows a method 300 for automatically configuring a device connected to a network, in accordance with one embodiment. As an option, the method 300 may be implemented in the context of the architecture and environment of Figures 1 and/or 2. Of course, however, the method 300 may be carried out in any desired environment. [0026] As shown, a device connected to a network is automatically identified. See operation 302. Additionally, the device is automatically configured. See operation 304.
[0027] In the context of the present description, a device refers to any device capable of being connected to a network. For example, in various embodiments, the device may include, but is not limited to, a PDA, a mobile phone, a television, a camera, an irrigation controller, a network router, a media server, a computer, and/or any other device that meets the above definition.
[0028] Furthermore, the configuration of the device may involve any type of configuration. For example, in one embodiment the configuration may include setting configurable parameters. In another embodiment, the configuration may include updating and/or installing software on the device.
[0029] Figure 4 shows a method 400 for identifying a device on a network, in accordance with one embodiment. As an option, the method 400 may be implemented in the context of the architecture and environment of Figures 1-3. Of course, however, the method 400 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0030] As shown, a device connected to a network is identified utilizing a unique identifier associated with the device. See operation 402. In the context of the present description, a unique identifier (e.g. a UNIQUE ID, etc.) refers to any identifier that is unique to the device. For example, in various embodiments, the unique identifier may include, but is not limited to, a Media Access Control (MAC) address, a Universal Product Code (UPC), and/or any other identifier that meets the above definition. [0031] Strictly as an option, the device may be associated with a Universal Device Locator (UDL). In this case, the UDL may include any term (e.g. familiar term, etc.) capable of being used for identification purposes. In one embodiment, such UDL may be associated with a service on the network.
[0032] For example, a UNIQUE ID of a device may be associated with a particular UDL, such that the UDL and derivatives of the UDL may be used by the service to access (e.g. locate, etc.) the device on the network. In yet another embodiment, the association of the device to the UDL may be utilized to establish a direct peer-to-peer network between the device and a remote device associated with the UDL.
[0033] Strictly as an option, the device may be configured once the device is identified. See operation 404. In one embodiment, the device may be automatically configured. In another embodiment, the device may be manually configured.
[0034] More illustrative information will now be set forth regarding various optional architectures and features with which the foregoing technique may or may not be implemented, per the desires of the user. It should be strongly noted that the following information is set forth for illustrative purposes and should not be construed as limiting in any manner. Any of the following features may be optionally incorporated with or without the exclusion of other features described.
[0035] Figure 5 shows a system 500 for accessing a device on a network and/or automatically configuring a device connected to the network, in accordance with another embodiment. As an option, the system 500 may be implemented in the context of the architecture and environment of Figures 1-4. Of course, however, the system 500 may be implemented in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description. 20750
- 9 -
[0036] As shown, a device 502 may be identified utilizing a unique identifier 504 (e.g. UNIQUE ID, etc.) associated therewith. The device 502 may include any of the devices described above with respect to Figures 1 and/or 2, and/or any other device capable of utilizing a network. As shown by way of example, the device 502 may include a camera connected to a network 506.
[0037] The UNIQUE ID 504 may include, for example, a MAC address (and/or may be derived from a MAC address), a universal product code (UPC) number, and/or other type of unique identifier capable of guaranteeing the uniqueness of the ID across a plurality of different vendors (e.g. service providers, product providers, etc.). The device 502 may also be associated with a service having a particular Universal Device Locator (UDL) 512. In various embodiments, the UDL 512 may represent an individual, an entity (e.g. a company, vendor, etc.), etc. Accordingly, the service may be provided by such individual, entity, etc.
[0038] As an option, the device 502 may be associated with multiple UDLs 512, where each of the UDLs 512 represents various individuals or entities (e.g. user, manufacturer, software provider, reseller, etc.). In one embodiment, the device 502 may be associated with the UDL 512 by associating the UNIQUE ID 504 of the device 502 with the UDL 512. As shown, the UNIQUE ID 504 and the UDL 512 may be associated at a UDL server 514 (e.g. the association may be stored at the UDL server 514, etc.).
[0039] Further, if multiple UDLs 512 are associated with the device 502, a master UDL may optionally be identified (e.g. predetermined, etc.) which designates particular permissions for each of the UDLs 512 with respect to the device 502. In another embodiment, each UDL 512 may be designated as having authority over particular capabilities (e.g. functionality, etc.) of the device 502. By associating the device 502 with at least one UDL 512, a user (e.g. owner, etc.) associated with the UDL 512 may access the device 502 over the network 506 (e.g. from a location remote from the device, etc.) utilizing the service providing the UDL 512. Accordingly, remote access to the capabilities of the device 502 may be disabled or severely limited if such association is broken (e.g. the UDL 512 is no longer associated with the device 502, etc.). As shown, the network 506 may include the Internet, but of course the network 506 may also include any of the networks described above with respect to Figure 1.
[0040] In one embodiment, a user may access the device 502 from a remote personal computer (PC) 508 utilizing the association of the UDL 512 and the UNIQUE ID 504, as shown. For example, the user may login to the service (e.g. the service providing the UDL 512, etc.) for authenticating the user and for identifying any devices associated therewith. Optionally, the user may login utilizing a UDL 512. In addition, devices associated with the user's address (e.g. internet protocol (IP) address, etc.) may become accessible, hi this way, a direct connection to the device 502 may be made remotely utilizing the association between the UDL 512 and UNIQUE ID 504.
[0041] As a specific example, a user may purchase a router 516 and configure the router for his/her home Internet connection. The user may also associate the MAC address of the router with an Internet service UDL 512. For illustrative purposes, the router 516 may be manufactured by Company A. As the master UDL holder, the user may grant the manufacturer (Company A) permission to provide any updates to the firmware of the router utilizing the UDL 512 associated with the router 516. hi addition, the user may login anywhere he/she has access to an Internet connection and may establish a direct connection with the router 516 utilizing the associated UDL 512.
[0042] Going further with the example, Company A may determine that it needs to provide a firmware update to the router 516. By logging into the Internet service providing the UDL 512, all devices that have been associated with such UDL 512 may become available and accordingly an automatic update to such devices may be allowed. Optionally, the user may grant the manufacture permission to access the router 516 on a case-by-case basis, such that Company A may send an alert to the router 516 for communicating with the user (e.g. the next time that the device owner logged into the service, etc.). The user may then determine whether or not to update the firmware of the router 516 based on the received alert.
[0043] In another exemplary embodiment, the user may be traveling internationally and may receive a call from home that there is a problem with the home Internet connection, hi a situation where no one at home is knowledgeable enough to check the home router 516, the user may login to the Internet service capable of providing direct connection to the home router 516 and may select his/her home router 516. A browser application may then be launched and a user interface for the home router 516 may be made available to the user for remotely configuring the home router 516 as if he/she were accessing the router via the local network. For example, the user may reset the home router 516 and re-establish the Internet connection such that the home Internet connection is repaired.
[0044] In another exemplary embodiment, the owner of a network connected video camera 502 may select to make a UDL 512 associated with the camera 502 and any information associated therewith visible and searchable to anyone using the Internet service. For example, the device owner may be going on vacation and may ask another person (e.g. a neighbor, etc.) to monitor his/her camera 502 while he/she is away. The device owner may provide the other person with the UDL 512 associated with the device 502.
[0045] The neighbor may then login to the Internet service and conduct a search for devices associated with the UDL 512. Any devices associated with the UDL 512 may be presented and the neighbor may request and receive permission (e.g. temporary permission, permanent permission, etc.) from the device owner to view the network camera 502 over the network 506. The association of the UNIQUE ID 504, which in the present embodiment includes the MAC address of the device, with the UDL 512 may therefore allow for searching for and accessing remote devices via UDLs 512, such that a user attempting to access a remote device need not know or remember the UNIQUE ID 504 of the device 502 which may be a complex set of numbers that may not be easily remembered.
[0046] Furthermore, a browser plug in may be available for the Internet service, such that a user may use the "devicename@userID" as a UDL 512 to locate the device 502. In this scenario, the protocol type may be entered along with the UDL 512, similar to how Internet addresses may be entered. Table 1 illustrates an exemplary UDL 512 associated with a sample Internet Service that may be utilized for accessing the device 502. It should be noted that the UDL illustrated in Table 1 is for illustrative purposes only, and therefore should not be construed as limiting in any manner.
Table 1
Example: Service via Yoics Current: http ://www.voics. com Device: yoics://camera@jane_doe
[0047] In a further embodiment, the association of the UDL 512 and the UNIQUE ID 504 of the device 502 may be utilized for tracking product ownership. For example, devices may automatically register when connected to a network and identify their location (e.g. IP address, etc.) to the Internet service. Thus, a purchaser of used goods may request that payment be automatically released upon transfer of the device to the new UDL associated with the purchaser. Thus, a transfer of an association between a device's UNIQUE ID 504 and/or UDL 512 and a user may be utilized for triggering a commerce/commercial transaction. In addition, the association of the UDL 512 and the UNIQUE ID 504 of the device 502 may also 007/020750
- 13 -
provide security for the device 502, such that unless the UDL 512 is fundamentally modified, the UDL 512 may remain associated with the current owner.
[0048] In still yet a further embodiment, the association between the UDL 512 and the UNIQUE ID 504 of the device 502 may also be used by a system integrator, reseller or manufacturer for configuring the device 502 for a customer. For example, the reseller may take ownership of the device 502 by associating a UDL 512 of the reseller with the device 502 and may further fully configure the device 502 for the customer. The reseller may then transfer ownership to a UDL 512 of the customer upon completing the configuration. This method of pre-configuration, could also be used as a mechanism for product registration. In addition, the customer may optionally have the ability to temporarily grant access permission in order to temporarily provide direct access to the device 502, thus facilitating on-going sessions of technical support.
[0049] In one embodiment, the device 502 connected to the network 506 may be automatically identified and, in turn, automatically configured. The automatic identification of un-configured devices may allow for the configuration of such devices on the network 506. Moreover, such configuration may be performed without knowledge of a local IP address associated with the device 502 which may be acquired over the network 506 via DHCP (Dynamic Host Configuration Protocol). Accordingly, a user may locate and configure the device 502 by simply connecting the device 502 to the network 506 and/or by connecting to a service provided by a service provider with any other device.
[0050] As an option, any un-configured device on the network 506 may be automatically detected, configured and linked to an account associated with the service. Once configured, a user may be able to reconfigure and update the device by connecting to the service and selecting the device to reconfigure or update. In 007/020750
- 14 -
addition, the service may also allow a connection to the configured device without the knowledge of an Internet Protocol (IP) address associated with the device.
[0051] Furthermore, a device class interface (e.g. user interface, etc.) may be configured or changed, thus allowing additional devices to connect and/or existing devices to be re-configured. For example, configurable information (e.g. attributes, etc.) of the device 502 may be abstracted into an interface associated with the service, or the interface associated with the service may be populated with configurable attributes of the device 502. A user may be able to configure the device 502 at the homepage of the service provider, and the device 502 may then be updated (e.g. based on user selections, etc.). The communication between the service and device 502 may consist of a protocol that can update configuration and memories of the device 502 at the request of a user or the associated service provider.
[0052] In one exemplary embodiment, a system that provides video cameras for monitoring purposes may allow a server associated with a service provider to automatically identify un-configured (e.g. unregistered, etc.) devices. A source IP address us*ed to connect to the server may be detected. When a registered user (e.g. of the service) logs onto the server, a source IP address associated with such user may be logged. This source IP address could be either a static or dynamic, and does not have to remain constant with a user ID. Rather, the IP address for the user and the un-configured device would be associated on a login-session basis.
[0053] If an un-configured device is detected from the same source IP address as the logged source IP address, then it may be determined that the un-configured device belongs to the registered user. Specifically, such determination may be made on the basis that the un-configured device corresponds to the same source IP address. In a situation where a router utilizes Network Address Translation (NAT) to source all connections associated with a network, the device can enter the Auto 20750
- 15 -
Identification mode by pressing a button on the device or automatically when the unconfigured device powers up, etc.
[0054] Automatic identification may therefore allow a user to find and configure the device 502 plugged into the network 506 without having to read complex instructions, change a configuring computer's network settings or install any software on a user computer 510. The user may simply plug in the device 502 and go to a service homepage, where the device 502 may automatically be displayed such that the user may configure the device 502. Once initialized to the user (e.g. registered to the user, etc.), the device 502 may be easily configured, updated or controlled from any source by the user through the service. The user could also grant to other users of the service various levels of permission on either a permanent or temporary basis. Such permissions could include monitoring, configuring, reconfiguring or even transfer.
[0055] Figure 6 illustrates an automatic identification method 600, in accordance with another embodiment. As an option, the method 600 may be implemented in the context of the architecture and environment of Figures 1-5. Of course, however, the method 600 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0056] As shown, an un-configured device may power on and attempt to use an automated network service to acquire a configuration resource from a network server (e.g. a DHCP server, etc.). See operation 602. Once the resource is acquired, the device may attempt to connect to a service. See operation 604. If the connection is successful the device may enter a service chat mode (e.g. passive chat mode). See operation 606. Moreover, the device may await a command from the service provider. T/US2007/020750
- 16 -
[0057] If the device is unable to acquire a network resource from the network server, the device may signify to the user via an indicator that the device has failed to acquire a resource. The device may then continue to acquire the network resource unless directed otherwise by the user. If the device is unable to connect to the service, the device may signify to the user via an indicator that the device has failed to connect to the service. The device may then continue attempting to connect to the service unless directed otherwise by the user. See operation 608.
[0058] Once the device has connected to the service, the device may signify to the user via an indicator that it has connected to the service. The device may then await further commands from the service. See operation 610. Upon receiving instructions from the service, the device may update its internal database with identifying information.
[0059] For example, the device may update information associated with its configuration. See operation 612. Additionally, a local registration database may be updated. See operation 614. In addition, the device may await further commands from the service.
[0060] Figure 7 illustrates an automatic identification method 700, in accordance with another embodiment. As an option, the method 700 may be implemented in the context of the architecture and environment of Figures 1-6. Of course, however, the method 700 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0061] As shown, a user may log into a service with an associated identifier (e.g. ID, username, etc.) and password. See operation 702. In other words, the service may provide access to the user based on the associated identifier. The service may then check for any un-configured devices from the users IP address that have contacted the service. See operation 704. If any un-configured device exists, such device may be displayed to the user. See operation 706. The same flow would follow for a pre-configured device, where during the discovery phase, the service (e.g. YOICS service) would scan for unregistered devices. Upon discovery of a registered device, where manufacturer and device type may be used as further filters, that device is presented to the user for confirmation. Upon registration by the user, a mechanism could be in place to allow device ownership transfer or simply to provide sharable access.
[0062] The user may optionally select to configure the device. If the user selects to configure the device, then the device may be configured as being associated with the user. In this way, the user may be allowed to configure and control the device.
[0063] If no un-configured device exists, the user is presented with devices owned by the user and options for configuration and control. See operation 708. It should be noted that once a device is configured and associated with a service ID, the device may be removed from a network associated with the user and plugged into another network where the associated service ID may still be able to control it. This may therefore allow users to configure devices and retain ownership and control of such devices once deployed.
[0064] Figure 8 illustrates an abstracted device configuration 800, in accordance with another embodiment. As an option, the abstracted device configuration 800 may be implemented in the context of the architecture and environment of Figures 1- 7. Of course, however, the abstracted device configuration 800 may be implemented in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0065] In the present exemplary embodiment, a device 802 may be configured through a service. Each class of devices may be associated with a first set of configurable options. The first set of configurable options may be stored in a local device database 806 associated with each device 802. US2007/020750
- 18 -
[0066] In addition, each class of devices may be associated with a second set of options. The second set of options may be stored in a service database. It should be noted that, the device 802 may not be configurable. In this way, a need for a device user interface and its associated network infrastructure may be alleviated, thus possibly lowering the complexity and cost of the device 802.
[0067] The service may be able to control and configure the device 802 through a simple device protocol that runs in conjunction with a chat protocol 814 associated with the service. A user interface for the device configuration may be implemented through the service and may be scriptable to allow the addition of many classes of devices. Such classes of devices may be created and supported by the service and/or created and supported by a partner of the service.
[0068] Utilizing a web interface 804, a user may select a device 802 to configure (e.g. utilizing a web browser 812). The device 802 may be looked up in the device database 806. Moreover, the chat engine 814 may query the device 802 for the current configuration.
[0069] A corresponding web configuration interface template 808 for the selected device 802 may be populated with the current device configuration and may then be displayed to the user. Such web configuration interface template 808 for the selected device 802 may be populated using a device configuration control table 810, for example. The user may customize the device configuration and the chat engine 814 may make the desired customization to the device 802. The configuration may then be re-read, and displayed once again to the user to verify that the changes are correct. As an option, device classes may have different web interface "skins" depending on which service ED or device properties are configured. US2007/020750
- 19 -
[0070] Figure 9 illustrates a system 900 for establishing a peer-to-peer connection between devices on a network, in accordance with another embodiment. As an option, the system 900 may be implemented in the context of the architecture and environment of Figures 1-8. Of course, however, the system 900 may be implemented out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0071] As shown, associated devices and User IDs may be utilized to establish a direct peer-to-peer network connection between a remote device and another device, where the other device is utilized by a user for logging in to a service allowing access to the remote device. The direct connection between the two devices may ensure efficient topology, particularly where both devices are located within the same local area network (LAN).
[0072] The service may be used to facilitate the remote devices and/or users connecting based on their associated User IDs, UDLs and/or UNIQUE IDs, along with the associated permissions and/or delegations configured on the service and/or device or specified by the users. For example, where the devices are remotely located on the Internet, the service may track the location of the devices, the users and their associated User IDs, UDLs and/or UNIQUE IDs (i.e. the users' internet IP and port addresses used by the user/device from the device/user perspective and the perspective of the internet service).
[0073] This information may allow the remote devices to be informed, for example, when the service attempts to create a session between such remote devices (and/or between one or more other remote devices) using the information passed to the devices from the service. The information may include addressing information, encryption keys, access rights, and/or any other information capable of being utilized in the creation and operation of the connection between the remote devices and/or users of the service. As an option, any part of the communications (e.g. between the devices and/or between the devices and the service) may be encrypted and/or authenticated using cryptographic hashes and/or encryption functions.
[0074] As specifically shown, a camera 901 and/or user (via a PC 902) may communicate with a service server 903 via standard Internet Protocols (e.g. TCP, UDP, and/or other internet protocol) and may transmit to the service server 903 (i.e. UDL server) its local address and port from the local network 904, its associated UNIQUE ID5 authentication information and/or any other information associated therewith. The service server 903 may store the received information along with a perceived Internet address and communication port for the device/user (e.g. as determined by the service server 903). With this information, the service server 903 may determine if it will acknowledge the device (e.g. the camera 901) of its enrolment (e.g. registered status, etc.) and/or give the device further instructions. In this way, the camera 901 and/or user may register with the service server 903.
[0075] Once the camera 901 and/or user are registered with the service server 903, connections created between such devices (i.e. the camera 901 and the user's PC 902) may be facilitated by the service server 903. In one embodiment, a remote user via a PC 910 may request access to the camera 901, and the service server 903 may determine if the remote user has access rights to connect to the camera 901. If the remote user has such access rights, the service server 903 may send a connect message to both the camera 901 and the requesting user.
[0076] The connect message may contain various information related to internet addresses and ports, encryption and authentication keys, access rights and/or other session information used to create a connection between the two peer devices (i.e. the camera 901 and the user's PC 910). Using this information, packets may be sent to the requested addresses specified in the connect message in an attempt to create a direct connection between the devices using internet protocols (e.g. user datagram protocol (UDP), transmission control protocol (TCP) and/or any other internet protocol, etc.). If a direct connection is unable be established, an indirect connection via the service server 903 (or possibly any other well connected internet device or server) may optionally be established. Once a peer connection has been established between various devices, a session may be generated and any type of data may be sent over the connection.
[0077] Once devices are connected via a session, multiple separate data and/or control connections (referred to as tunnels) may be established between the devices utilizing the session. These tunnels may directly map other Internet protocols [e.g. UDP, TCP, internet control message protocol (ICMP), etc.], or may also map custom information and protocols. Such protocols may be defined in a tunnel connection negotiation message, and/or in any other manner that may optionally be dependent on the session set-up or the device type. Each session may contain a single tunnel, but of course may also utilize any number of different types of tunnels.
[0078] Figure 10 illustrates a method 1000 for registering a device with a service server, in accordance with another embodiment. As an option, the method 1000 may be implemented in the context of the architecture and environment of Figures 1-9. Of course, however, the method 1000 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0079] As shown, an idle user/device is attached to a service. See operation 1002. As a result, a request authorization is sent to a server. See operation 1004. If a server authentication response is received, authentication and identification information is sent. See operation 1006.
[0080] In the case that the request authentication is redirected, a new server is stored to use. See operation 1008. Another request authentication may be sent to this new server. Once authentication and identification information is sent, it is determined whether the authentication/identification passes or fails. If the authentication/identification passes, the user/device is registered. See operation 1010. If the authentication/identification fails, new credentials are requested from the user. See operation 1012. As shown, if a retry count or a number of attempts threshold is reached, the user/device is set back to idle.
[0081] Figure 11 illustrates a method 1100 for allowing a connection between devices utilizing a service server, in accordance with another embodiment. As an option, the method 1100 may be implemented in the context of the architecture and environment of Figures 1-10. Of course, however, the method 1100 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0082] As shown, a request is received to connect to a session while in an idle mode. See operation 1102. As a result, rights are checked and a search for a target peer is initiated. See operation 1104. If a target peer is found and the rights are validated, an initiate connect message is constructed and initiated to both peers. See operation 1106. If a target peer is not found and/or the rights are not validated, an error message is constructed. See operation 1108.
[0083] Figure 12 illustrates a method 1200 for generating a session between peer devices, in accordance with another embodiment. As an option, the method 1200 may be implemented in the context of the architecture and environment of Figures 1- 11. Of course, however, the method 1200 may be carried out in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0084] As shown, an idle system receives an initiate connection message from a server. See operation 1202. Peer "hello packets" are then sent. See operation 1204. If the "hello packet" is received, a peer acknowledgement (ACK) packet is sent. See operation 1206 and operation 1208. Once the ACK packet is sent, and the "hello packet" is received, a connection is made. See operation 1210.
[0085] Figure 13 illustrates a session 1300 containing different types of tunnels, in accordance with another embodiment. As an option, the session 1300 may be viewed in the context of the architecture and environment of Figures 1-12. Of course, however, the session 1300 may be viewed in the context of any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0086] As shown, once devices 1302 are connected via a session 1304, multiple separate data and/or control connections 1306 (referred to as tunnels) may be established between the devices utilizing the session. These tunnels 1306 may directly map other Internet protocols [e.g. UDP, TCP, internet control message protocol (ICMP), etc.], or may also map custom information and protocols. Such protocols may be defined in a tunnel connection negotiation message, and/or in any other manner that may optionally be dependent on the session set-up or the device type. Each session may contain a single tunnel, but of course may also utilize any number of different types of tunnels as show in Figure 13.
[0087] Figure 14 illustrates a service webpage 1400 for remotely accessing a device over a network, in accordance with another embodiment. As an option, the service webpage 1400 may be implemented in the context of the architecture and environment of Figures 1-13. Of course, however, the service webpage 1400 may be implemented in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0088] As an option, service access software utilized for remotely accessing a device over a network may be distributed via web-embeddable software code 1401 using Java, Active-X, Flash, and/or any other browser embeddable code. In addition, machine installable software programs, machine embedded software and/or any other types of software configurations may be utilized for distributing the service access software via the web-embeddable software code 1401. The embeddable software code 1401 may be inserted with other web-base object code, such as static HTML content 1402, dynamic HTML content 1403, Java script 1404 and/or any other type of web-servable content in any order or form.
[0089] Thus, a user of the service may be allowed to access an associated account and devices via the web-embedded code, thus preventing the need to download and install software for obtaining such access. This may be useful for accessing service enabled devices and users from remote places such as Internet cafes and other public locations where downloading and installing applications is not possible.
[0090] Figure 15 illustrates a user-created web space 1500 for remotely accessing a device over a network, in accordance with another embodiment. As an option, the service webpage 1500 may be implemented in the context of the architecture and environment of Figures 1-14. Of course, however, the service webpage 1500 may be implemented in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0091] As shown, embeddable code may allow public or private access to user devices from user-created web space 1500. In various embodiments, the user created web-space 1500 may include web content hosted on web servers, online personal spaces (e.g. myspace.com®, Facebook, etc.), any user created web content 1502, embeddable web object (e.g. embeddable web objects 1503 and 1504), etc. The web embeddable code may be sourced from the user's website, the services website and/or a third party website. Thus, direct access to devices, such as web- cameras 1503, may be allowed and/or access or status information associated with devices (e.g. answering machines 1504) may be received without the need for static IP addresses, dynamic IP resolving services, redirection servers, firewall port forwarding, and/or any other consumer configuration that may otherwise prevent such access. It should be noted that the user content and the embeddable code may be formatted in any desired manner, and is therefore not limited to user-created web space 1500 shown.
[0092] Figure 16 illustrates a web space 1600 for remotely accessing a device over a network, in accordance with another embodiment. As an option, the web space 1600 may be implemented in the context of the architecture and environment of Figures 1-15. Of course, however, the web space 1600 may be implemented in any desired environment. It should also be noted that the aforementioned definitions may apply during the present description.
[0093] As shown, remote access to a plurality of network devices and services 1602 is provided. For example, the web space 1600 may provide access to a network printer, a configuration screen for a router, or any dedicated network device or a TCP/IP service running on a system. Additionally, such devices and services may be transformed into a remote accessible and shareable internet resource without having to modify a firewall of the system.
[0094] In one embodiment, right clicking a mouse corresponding with the system will display a window 1604 which may allow a user to access devices on a network. The window 1604 may allow the user to connect to a device, disconnect from a device, restart the web space 1600 and refresh the plurality of network devices and services 1602, change access to a device, configure parameters on a device, and/or various other functions.
[0095] While various embodiments have been described above, it should be understood that they have been presented by way of example only, and not limitation. Thus, the breadth and scope of a preferred embodiment should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.

Claims

CLAIMSWhat is claimed is:
1. A method, comprising: automatically identifying a device connected to a network; and automatically configuring the device.
2. The method of claim 1, wherein the configured device is associated with a user.
3. The method of claim 2, wherein the user is permitted to grant varying degrees of permission to access the device to at least one other user.
4. The method of claim 2, wherein the user is permitted to grant varying degrees of permission to configure the device to at least one other user.
5. The method of claim 2, wherein the user is permitted to transfer an association of the device to at least one other user.
6. The method of claim 1, wherein the device includes an un-configured device.
7. The method of claim 1, wherein the device includes a configured device.
8. The method of claim 1, wherein a local Internet Protocol (IP) address associated with the device is unknown.
9. The method of claim 1 , further comprising linking the device to an account.
10. The method of claim 9, wherein the account is associated with a service.
11. The method of claim 10, further comprising re-configuring the configured device utilizing the service.
12. The method of claim 11 , wherein the service allows a connection to the configured device without the knowledge of an Internet Protocol (IP) address associated with the configured device.
13. The method of claim 11, wherein communication between the service and device includes a protocol that updates configuration information of the configured device at the request of a user.
14. The method of claim 11 , wherein the configured device is re-configured utilizing an interface associated with the service.
15. The method of claim 14, wherein a website associated with the service includes the interface.
16. The method of claim 14, wherein the interface associated with the service is populated with configurable information of the configured device.
17. The method of claim 16, wherein the device is updated, based on the configurable information.
18. The method of claim 1, wherein the identifying includes identifying the device connected to the network utilizing a unique identifier associated with the device.
19. A computer program product embodied on a computer readable medium, comprising: computer code for automatically identifying a device connected to a network; and computer code for automatically configuring the device.
20. A system, comprising: a processor for identifying a device connected to a network, and automatically configuring the device.
21. A method, comprising: identifying a device connected to a network utilizing a unique identifier associated with the device.
22. The method of claim 21 , further comprising automatically configuring the device.
23. The method of claim 21, wherein the unique identifier includes one of a Media Access Control (MAC) address and a Universal Product Code (UPC).
24. The method of claim 21 , further comprising associating the device with at least one universal device locator.
25. The method of claim 24, further comprising accessing the device on the network utilizing the at least one universal device locator.
26. The method of claim 25, wherein the association of the device with the at least one universal device locator is utilized to establish a direct peer-to-peer network between the device and a remote device associated with the at least one universal device locator.
27. The method of claim 25, wherein the unique identifier is associated with the at least one universal device locator.
28. The method of claim 27, wherein the at least one universal device locator corresponds to a service provider.
29. The method of claim 28, wherein a user associated with the at least one universal device locator has access to the device over the network.
30. The method of claim 29, wherein the access to the device is provided utilizing a service corresponding to the service provider.
31. The method of claim 25 , wherein an association between the unique identifier and the at least one universal device locator is utilized to establish ownership of a product.
32. The method of claim 31 , wherein the association between the unique identifier and the at least one universal device locator is utilized to establish device capabilities of a product.
33. The method of claim 32, wherein the device capabilities are disabled when the association is broken.
34. The method of claim 32, wherein the device capabilities are limited when the association is broken.
35. The method of claim 31 , wherein a transfer of the association between the unique identifier and a user is used for triggering a transaction.
36. The method of claim 31 , wherein a transfer of the association between the at least one universal device locator and a user is used for triggering a commercial transaction.
37. The method of claim 25, wherein a plurality of universal device locators are associated with the device.
38. The method of claim 37, wherein a master universal device locator, identified from the plurality of universal device locators, designates permissions for the plurality of universal device locators.
39. A computer program product embodied on a computer readable medium, comprising: computer code for identifying a device connected to a network utilizing a unique identifier associated with the device.
40. A system, comprising: a processor for identifying a device connected to a network utilizing a unique identifier associated with the device.
41. A method, comprising: providing access to a service; scanning for unregistered devices utilizing the service; and displaying the unregistered devices resulting from the scan.
PCT/US2007/020750 2006-09-25 2007-09-25 System, method and computer program product for identifying, configuring and accessing a device on a network WO2008039481A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US82688706P 2006-09-25 2006-09-25
US60/826,887 2006-09-25
US11/860,876 2007-09-25
US11/860,876 US8447843B2 (en) 2006-09-25 2007-09-25 System, method and computer program product for identifying, configuring and accessing a device on a network

Publications (1)

Publication Number Publication Date
WO2008039481A1 true WO2008039481A1 (en) 2008-04-03

Family

ID=39230512

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/020750 WO2008039481A1 (en) 2006-09-25 2007-09-25 System, method and computer program product for identifying, configuring and accessing a device on a network

Country Status (1)

Country Link
WO (1) WO2008039481A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009101077A1 (en) * 2008-02-11 2009-08-20 Alcatel Lucent Method for configuring an apparatus in situ
CN104604197A (en) * 2011-12-30 2015-05-06 施耐德电气(美国)公司 System and method of securing monitoring devices on a public network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6073172A (en) * 1997-07-14 2000-06-06 Freegate Corporation Initializing and reconfiguring a secure network interface
US20030065947A1 (en) * 2001-10-01 2003-04-03 Yu Song Secure sharing of personal devices among different users
US6647389B1 (en) * 1999-08-30 2003-11-11 3Com Corporation Search engine to verify streaming audio sources

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6073172A (en) * 1997-07-14 2000-06-06 Freegate Corporation Initializing and reconfiguring a secure network interface
US6647389B1 (en) * 1999-08-30 2003-11-11 3Com Corporation Search engine to verify streaming audio sources
US20030065947A1 (en) * 2001-10-01 2003-04-03 Yu Song Secure sharing of personal devices among different users

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LEBKICHER: "Role Based Access Control", 30 November 2000 (2000-11-30), Retrieved from the Internet <URL:http://www.66.102.1.104/scholar?hi=en&lr=&q=cache:W11N_ZAFaP8J:> *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009101077A1 (en) * 2008-02-11 2009-08-20 Alcatel Lucent Method for configuring an apparatus in situ
US8626846B2 (en) 2008-02-11 2014-01-07 Alcatel Lucent Method for remote configuration of an apparatus via a network
CN104604197A (en) * 2011-12-30 2015-05-06 施耐德电气(美国)公司 System and method of securing monitoring devices on a public network

Similar Documents

Publication Publication Date Title
US9253031B2 (en) System, method and computer program product for identifying, configuring and accessing a device on a network
US10965473B2 (en) Smart object identification in the digital home
US9231904B2 (en) Deploying and managing networked devices
US9154378B2 (en) Architecture for virtualized home IP service delivery
US7934014B2 (en) System for the internet connections, and server for routing connections to a client machine
US7778193B2 (en) Residential network setting method, home gateway apparatus, home gateway program, and recording medium
US8307093B2 (en) Remote access between UPnP devices
US20100125652A1 (en) Method, Apparatus, and Computer Program for Binding Local Devices to User Accounts
US10498864B1 (en) System and method for selecting connection mode between a client and a server
US7421266B1 (en) Installation and configuration process for wireless network
US20150288678A1 (en) Private cloud routing server connection mechanism for use in a private communication architecture
CN113542389A (en) Private cloud routing server connection mechanism for private communication architecture
KR100906677B1 (en) Secure remote access system and method for universal plug and play
JP3649438B2 (en) Internet connection system
JP6437069B2 (en) Network device, terminal device capable of communicating with network device, live camera device capable of communicating with network device, and specific server communicating with network device
WO2008039481A1 (en) System, method and computer program product for identifying, configuring and accessing a device on a network
EP3206423A1 (en) Device and method for connecting devices to a network
CN117014251A (en) Private substance gateway linking mechanism for private communication architecture
CN115769203A (en) Apparatus and method for incorporating a device into a local area network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07838864

Country of ref document: EP

Kind code of ref document: A1

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07838864

Country of ref document: EP

Kind code of ref document: A1

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)