 |
Description  |
|
|
BACKGROUND OF THE INVENTION
1. Related Patent Application
U.S. patent application Ser. No. 08/309,336, filed on Sep. 19, 1994 by
David Mathew Peps, Lisa B. Blitzer, James Joseph Brockman, William Cruz,
Dwight Omar Hakim, Michael Kramer, Dawn Dian Petr, Josefa Ramaroson,
Gerardo Ramirez, Yang-Wei Wang, and Robert G. White, discloses subject
matter related to the present application and is hereby incorporated by
reference.
2. Field of the Invention
The present invention relates to an improved interface between private
computers or private computer networks and the World Wide Web (WWW) using
both wireline and wireless connections. More specifically, the invention
relates to an improved WWW interface with protocol translation, security
and automatic configuring features.
2. Description of the Related Art
For fifty years, people have dreamed of a universal information
database--data that would not only be accessible to people around the
world, but organized such that related information is easily discovered
and so that the most relevant data for a particular need is quickly found
and accessed by a user.
In the 1960's, this idea was explored further, giving rise to visions of a
"docuverse" that would revolutionize all aspects of human-information
interaction, particularly in the educational field. Only recently has the
technology started to fulfill these visions, making it possible to
implement them on a global scale.
The Internet has evolved through a cooperative effort by universities,
corporations and government. Years ago, the Defense Department started
interconnecting the computer networks of universities, private
organizations and sometimes corporations with whom research was being
conducted. This network of networks has, over time, evolved into a global
network commonly referred to as the Internet or the World Wide Web (WWW).
The official description for the WWW is a "wide-area hypermedia
information retrieval initiative aiming to give universal access to a
large universe of documents."
As the WWW became more popular and subject to wider public use, the
Department of Defense curtailed its involvement. Today, many
government-funded links on the Internet have been turned over to
commercial enterprises that maintain the interconnection of Local Area
Networks (LANs) between universities, companies, etc.
Though the WWW is proving to be an extremely valuable resource for
corporate enterprises (for communicating via electronic mail (e-mail),
accessing information on-line, etc.), corporations are concerned about the
security of their intellectual property, trade secrets, financial records
and other confidential information stored on their computer networks.
There is also concern about electronic vandalism--unauthorized access of a
computer network over the WWW for the purpose of destroying or distorting
computerized information.
In response to these concerns, some connections to the WWW have been
protected with "Network Security Firewalls." As shown in FIG. 1, a
firewall is commonly a specific piece of hardware and/or software bridging
the connection between a private computer or computer network (LAN) 10 and
the WWW 12. The main purpose of a firewall is to screen data traffic into
and out of the network that is to be protected. If a network intruder is
detected, the firewall has the capability of sifting through the data
traffic and disabling the intruder's access. In early forms of Internet
firewalls, it was generally difficult to ascertain which data traffic was
good or bad, i.e., relating to a corporate user or an intruder. This
created a problem for corporate users (inside the corporate LAN) of
Internet applications, such as File Transfer Protocol (FTP), because their
applications would sometimes get incorrectly blocked by the firewall. The
firewalls needed more intelligence about application data traversing a
firewall so that desirable traffic was not hindered.
Internet engineers designed "proxy" services on Internet firewalls to meet
this need. These proxies are computer processes that completely understand
specific applications like an FTP application. It became a straightforward
matter for network administrators to add multiple proxies to the firewall
system based on the type of applications the internal corporate users
wanted to execute. For example, WWW browsers (described below) would use a
Hyper Text Transport Protocol (HTTP) proxy to transfer Hyper Text Markup
Language (HTML) documents.
To facilitate use of the WWW, "browsing" software 6 was developed.
Browsers, such as the popular Netscape.TM. and Mosaic.TM. browsers, allow
WWW users to browse information available on computers linked to the WWW.
A related invention by the assignee, described in U.S. patent application
Ser. No. 08/309,336 (hereinafter "the '336 application), provides users on
computer networks with a consistent means to access a variety of media in
a simplified fashion. Making use of browsing software, the invention of
the '336 application has changed the way people view and create
information--it has created the first true global hypermedia network.
One responsibility of an HTTP proxy is to receive requests from browsers or
software applications 6 within the protected network 10 and relay those
requests to the WWW 12. The proxy also monitors access to the protected
computer or network 10 from the WWW 12. Thus, the proxy 4 can allow a
system administrator to monitor information and requests flowing between
the protected network 10 and the WWW 12. If illicit activity is
discovered, the proxy 4 can interrupt the connection to the WWW 12. This
proxy-driven firewall 2, 4 allows corporations and those with similar
concerns to make use of the valuable resources of the WWW 12 while
maintaining a degree of security.
To effect links between computers and software applications across the WWW,
protocols have been developed to govern the transmission of computerized
data. A protocol organizes data to be transmitted over the WWW in a
standard way recognizable by the receiving computer. There are seven
layers in the open systems interconnection (OSI) model of a computer
protocol. Each layer adds additional organizational capabilities that
facilitate the transmission of data.
Internet Protocol (IP) is the third layer in the OSI model and the basic
"language" that is spoken on the Internet. The fourth layer, Transmission
Control Protocol (TCP), is a more specialized protocol contained in IP. To
use the WWW, a computer must be able to communicate using a protocol that
incorporates IP and, consequently, TCP.
The WWW and technologies surrounding Internet access have seen explosive
growth. Many companies have evolved to allow subscribers access to the WWW
using standard telephony. A group called Internet Service Providers (ISP)
represents many of these service providers.
A promising area for further expansion of Internet access is wide-area
wireless data networks. The wireless networks include cellular digital
packet data (CDPD, provided by cellular carriers), circuit-switched
cellular networks, such as the Mobitex.TM. network (provided by RAM Mobile
data in the U.S.), the Ardis.TM. network, and a host of emerging national
wireless data providers.
All of the listed data network providers offer traditional Internet
Protocol (IP) service and are capable of integrating with the WWW. The
data speeds range from 4,800 to 28,8000 bps and have latencies that range
from milliseconds to 10 seconds.
Despite the popularity of the WWW, there are still technical and security
issues that must be overcome in accessing the Internet. Some of these
problems are particularly acute for wireless systems trying to access the
WWW.
Problem 1
The first problem is caused by data latency (described in more detail
below). Data latency refers to the time delays created by multiple hops
and slow links as data travels across various nodes within the WWW. This
particular problem is exacerbated when the WWW is accessed using a
wireless modem. Most wide area wireless, and some wireline, data networks
were not originally designed to support the TCP/IP protocol. Latencies are
increased even further by encapsulating IP data into the networks'
original data protocols.
When TCP is organizing data for transmission over the WWW, it breaks the
data into discrete "packets" of information. TCP then transmits the
individual packets. Each packet includes instructions to the receiving
system for reassembling the packets into the complete data structure being
transmitted. Each packet also includes a cyclic redundancy check that
allows the receiving system to check that the packet was not corrupted or
broken up during transmission.
TCP is typically configured to transmit a number of packets and then wait
for a confirmation from the receiving system that the packets have been
received properly. The amount of time required to transmit a data packet
and receive confirmation of its arrival is known as the "latency" of the
system.
If TCP does not receive confirmation that the data packet was properly
received, it will assume that the packet was lost during transmission and
re-transmit the packet. If the latency of the system gets too high, TCP
will assume, prematurely, that the packet was lost and flood the network
with re-transmissions of the same data packets before the original packets
reach their destination. This is also a problem because many service
providers charge users per data packet transmitted. If TCP is flooding the
system with unnecessary duplicates of packets still in transmission, the
cost to the user will be greatly increased. Thus, TCP cannot operate
properly over a connection with a high latency. If the latency of the
system exceeds approximately 3 to 5 seconds, TCP will begin to
malfunction.
When the WWW is accessed over standard phone lines that do not support TCP,
the TCP datagram must be encapsulated (i.e., translated) into a form that
can be sent over the telephone line. The datagram is then unpacked and
used by the receiving computer. While this approach works, it adds to the
latency of the transmission.
A further problem with accessing the WWW using a wireless modem is the
increased latencies that are introduced by the wireless network. A general
trend is the wider the area served by a wireless data network, the lower
the bandwidth (in bps) of the transmission. For example, present wireless
communication systems in use in the United States are capable of
transmitting 4,800 bits of data per second. This results in latencies up
to as much as 10 seconds.
Related art on wireless WWW access exists at: 1. Carnegie Mellon
University's Information Networking Institute, Wireless Andrew Initiative.
2. Rutgers University's Winlab, Dataman project. 3. University of
Washington's CS&E, Mobisaic. 4. Xerox's Palo Alto Research Center, PDA and
virtual office computing concepts. 5. Computer Networks & ISDN Systems
Volume 0028, Number 1-2 ISSN:0169-7552, December '95, "PDAs as Mobile WWW
Browsers", Gessler S., Kotulla A. 6. General Magic's, Magicap OS version
of a WWW browser with enhancements for Telescript agent technology.
All of these projects and papers either require the modification of a
browser, specification of new protocols (still based on TCP), or defining
generic inter-networking specifications for connecting wireless and
low-bandwidth networks to the Internet for WWW access.
Thus, there is a need for a method of translating TCP in connections over
high-latency wireless and wireline networks.
Problem 2
A second problem is that current WWW access software does not provide
standard mechanisms for compression, encryption, or filtering. Compression
entails decreasing the size of transmissions of data over the network
without changing the content of the information. Most proposals for
compression support require external utilities from the browser to
decompress the data, and then return usable output to the browser through
the use of Multipurpose Internet Mail Extension (MIME, Nathaniel
Borenstein et. al RFC 1521) types.
Encryption is the coding of data transmissions. Encryption helps to provide
security since encrypted data transmissions are much more difficult for an
unauthorized party to intercept and access. Unfortunately, it is unlikely
that generic, open standards for these desirable services could be created
to support all WWW client requests. Standards are evolving for encryption
in WWW software (i.e., Secure Socket Layer (SSL)). However, at current
levels of computer hacking, it is unlikely that any open standard for
encryption will be able to maintain integrity for long.
Most advanced browsing technologies, therefore, have installed proprietary
encryption schemes and are only capable of working between a WWW server
that supports the encryption scheme. This option goes against the open
standards design of the WWW.
Filtering refers to global control of a WWW response based on data size,
type, or some other characteristic whereby a user can customize the
receipt of data. Work is being done in this area through WWW search
engines, specialized caching utilities on advanced browsers, etc.
The filtering referred to here is a global safety net for unwary users that
could potentially misuse a wireless/low-bandwidth data network by
requesting too much data, retrieving spurious information, or some other
unwanted side effect resulting from a WWW request. For example, a user may
request a data object from the WWW that a user is not aware is extremely
large, and perhaps costly, to transmit. AS a safety net, the user may
configure a filter to automatically prevent a particular request from
being executed.
Thus, there is a need for an implementation of compression, encryption and
filtering features in a WWW interface.
Problem 3
A third problem exists in that there is no standard way for WWW access
software to receive asynchronous or unsolicited updates from the network.
Existing browser technology is client based. The most popular browsers,
such as the Netscape.TM., Mosaic.TM., Lynx.TM. browsers, as well as other
less popular browsers, require users to initiate some form of request
before response data will be delivered to the respective browser.
For example, it is desirable for a company providing access to the WWW to
be able to remotely configure a subscriber's WWW access system from within
the network. Since regular browsers do not offer this feature, subscribers
must configure and update their access software manually. This may require
the support of the service provider through a traditional voice customer
support line or custom agent software on the user's host system.
Thus, there is a need for a WWW interface that can receive and implement
unsolicited transmissions from the network or service provider,
particularly to automatically configure software for accessing the
network.
SUMMARY OF THE INVENTION
It is thus an object of the present invention to meet the above-described
needs and others. It is an object of the present invention to provide a
method and system for interfacing with the WWW that supports TCP/IP in a
high-latency environment, provides compression, encryption and filtering
services and accepts and implements unsolicited messages from the WWW or
the service provider.
Additional objects, advantages and novel features of the invention will be
set forth in the description that follows, and will become apparent to
those skilled in the art upon reading this description or practicing the
invention. The objects and advantages of the invention may be realized and
attained by the appended claims.
To achieve the foregoing and other objects and in accordance with the
purpose of the present invention, as embodied and broadly described
herein, the system and method of the present invention may utilize a host
computer having a browser and a local proxy in a first location, a remote
proxy in a second location in communication with the local proxy through a
low-bandwidth network, means for initiating a query on the browser and
sending the query to the local proxy using an application layer protocol,
means for converting the application layer protocol of the query into a
transport protocol suitable for transmission over the low-bandwidth
network, means for transmitting the query over the low-bandwidth network
from the local proxy to the remote proxy, and means for converting the
transport protocol into an application layer protocol suitable for
execution of the query on the computer network.
It is also preferred that the system and method of the present invention
include means for communicating the query to a network server, executing
the query, and returning a data object to the remote proxy, means for
converting the data object into a transport protocol suitable for
transmission over the low-bandwidth network, means for transmitting the
data object over the low-bandwidth network from the remote proxy to the
local proxy, means for converting the transport protocol of the data
object into an application layer protocol at the local proxy, and means
for communicating the data object into the browser using the application
layer protocol.
It is also preferred that the system and method of the present invention
include means for creating a query script having settings for compression,
filtering, and encryption, means for encapsulating the query script for
transmission over the low-bandwidth network from the local proxy to the
remote proxy, means for compressing, filtering, and encrypting the data
object according to the settings in the query script, and means for
placing the data object in a reply script for transmission over the
low-bandwidth network from the remote proxy to the local proxy.
In a further aspect of the present invention, in accordance with its
objects and purposes, the system of the present invention may also
comprise a system for communicating with a computer network, comprising a
host computer having a browser for a user interface, a local proxy means
for communicating with the browser using an application layer protocol,
the local proxy means having means for converting the application layer
protocol into a transport protocol, and a remote proxy means for
communicating with the local proxy means using the transport protocol. The
remote proxy means includes means for converting the transport protocol
into the application layer protocol, and means for communicating with the
computer network using the application layer protocol.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will become more clearly appreciated as the
disclosure of the present invention is made with reference to the
accompanying drawings, wherein:
FIG. 1 is a block diagram showing the related art firewall interface
between a private computer network and the WWW.
FIG. 2 is a block diagram showing the split proxy interface of the present
invention.
FIG. 3 is a schematic diagram of the protocol translation performed by the
local proxy interface of the present invention.
FIG. 4 is a schematic diagram of the protocol translation performed by the
remote proxy interface of the present invention.
FIG. 5 is a flow chart showing the implementation of the proxy interface of
the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
Reference will now be made in detail to a preferred embodiment of the
invention, an example of which is illustrated in the accompanying
drawings.
The creation of the WWW is a computing revolution which also offers a
potential catalyst for wireless data networks to become a direct
participant in exploding Internet popularity. The present invention
provides a method and system for interfacing a private computer or private
computer network with the WWW which provides support for TCP/IP in a
high-latency environment; compression, encryption, and filtering services;
and the receipt and implementation of unsolicited messages transmitted by
the service provider. The present invention also allows a Laptop or
Personal Digital Assistant (PDA) direct access to the WWW from a mobile
(wireless) terminal.
For example, the interface to the WWW of the present invention may be
implemented by modifying a proxy, FIG. 1, element 4, to perform the
required functions. The modified proxy would become a system of split
proxies (sometimes referred to as Agent technology, as described in U.S.
application Ser. No. 08/309,336) that could be implemented on a firewall,
or can be an application running in the background on an individual
computer, even a laptop, that can access the WWW via a wireless or
wireline network.
Referring to FIG. 2, the interface of the present invention is a modified
split proxy. A split proxy comprises a local proxy 56 and a remote proxy
66, which are software modules that enable translation and restoration of
WWW requests.
A user operating a mobile terminal 52 is using a web browser 54 which
communicates with the WWW using TCP/IP. The local proxy 56 is a software
package that runs in the background on the user terminal 52. Where high
latency is a problem, the local proxy 56, according to the principles of
the present invention, will translate data requests/transmissions between
the TCP/IP protocol used by the browser and a protocol robust enough to
carry data across the communication network to the remote proxy.
In the illustrated embodiment of FIG. 2, the user is accessing the WWW
through a wireless network. For example, a wireless modem 58 uses a
low-bandwidth optimized protocol, such as AirBoss.TM. Wireless Transport
Protocol, to communicate with base station 60. Thus, the local proxy 56
translates the low-bandwidth optimized protocol to TCP/IP.
The local proxy's encapsulated request script (see FIG. 5--General Browser
Usage Flow), is transmitted through a wireless network 62 to the remote
proxy 66. The remote proxy 66 makes the necessary protocol translations
between TCP/IP and the low-bandwidth optimized protocol, such as
AirBoss.TM. Wireless Transport Protocol, to connect the user to the WWW
68.
The present invention provides several methods by which standard web
browsers that support proxy services can be adapted for wireless and
low-bandwidth web browsing. The present invention will be explained by
describing three sets of methods, which relate to the first, second, and
third problems described above, respectively.
Method Set 1
The first problem to be overcome is the transmission of data using TCP/IP
over networks that experience high latency, for example, more than
approximately 3 to 5 seconds. The method and system used to solve Problem
1 involve protocol translation. Protocol translation refers to
encapsulating TCP application requests that have a single request/response
pair (i.e., HTTP, SMTP, Gopher, and WAIS) into a suitable
connection-oriented protocol robust enough to function in the high
latencies encountered over communication networks, particularly wireless
and other low-bandwidth networks, that transmit the data.
The protocol translation is achieved by the split proxy. The local proxy is
started on the host where a user also initiates a standard web browser.
The web browser is configured, either by the user or the local proxy, to
communicate with the local proxy. The latter configuration option is
preferred because it hides reasonably sophisticated proxy configuration
issues from the user. However, the proxy must know which browser is being
used.
Once the local proxy and web browser are launched and configured correctly,
the browser then funnels all WWW requests through the local proxy. The
local proxy then takes the browser's WWW request and converts it into an
appropriate low-bandwidth optimized protocol for the network being used
(e.g., AirBoss.TM. Wireless Transport Protocol, based on UDP/IP).
The remote proxy is capable of receiving the converted script form from the
local proxy and completing the operation on behalf of the original request
made by the browser. Once the data is received at the remote proxy from
the converted request, the data is encrypted, compressed, filtered based
on the original script, and/or encapsulated into an optimized protocol and
sent back to the local proxy (these services will be described in more
detail in Methods 2 & 3 described below). The local proxy receives the
encapsulated response, unpackages it, and returns the final response to
the browser.
Referring to FIG. 3, the example of a request for WWW data will be
described. The web browser 54 outputs a request which is couched in the
advanced OSI protocol layers or application layer protocols 70 which
comprises TCP/IP. The request is transmitted to the local proxy 56 which
translates the request into a low-bandwidth optimized protocol 72, such as
AirBoss.TM. Wireless Transport Protocol, which is based on UDP/IP. The
encapsulated request is then submitted via the network access device 58
(e.g., modem) to the low-bandwidth network.
Referring to FIG. 4, the request traverses the low-bandwidth network to
arrive at the generic service node 74. The encapsulated request is then
submitted to the remote proxy 66 which translates the encapsulated request
from the low-bandwidth optimized protocol (e.g., AirBoss.TM. Transport
Protocol) to the application layer protocols originally created by the web
browser, and submits the browser's request to the Internet.
Regarding the communication between the remote and local proxies,
multi-threading is important. Multi-threading refers to a
programming/operating system paradigm that al | | |
