TW200528979A - System for regulating access to and distributing content in a network - Google Patents

Abstract

There is provided a system for regulating access and managing distribution of content in a network, such as the Internet. The system includes communication gateways, installed at a subscriber site, internet control points, installed remotely, and various network elements installed throughout the network. The communication gateways and network elements operate in conjunction with the internet control points to restrict or allow access to specified Internet sites and to manage efficient distribution of content such as music, video, games, broadband data, real-time audio and voice applications, and software to subscribers.

Description

200528979 (1) IX. Description of the invention [Technical field to which the invention belongs] The present invention generally relates to a specification for accessing a network, and more specifically, about efficiently distributing content and simultaneously protecting digital copyrights associated with the content . [Prior art] A network known to the general public as the Internet, or any similar private or managed network, that provides an electronic device for delivering extraordinary music, games, broadband data, real-time audio and video applications, and software Convenient media for materials or content to users. To achieve these goals, the Internet is composed of several components, including, for example, content providers to generate content; service providers to deliver content; user terminals to receive, display, and play content; and Additional network components between service providers and users to assist with content distribution. Service providers include, for example, telephone line providers, corporate data centers, and cable phone providers. The user terminal is located at the user terminal and includes, for example, a personal computer, a television with a modem installed, a combination of the two, or any other combination of consumer electronics capable of providing electronic content to the user. As the Internet has grown, there has been a high level of interest in providing content delivery via the Internet. However, there are still several issues that need to be overcome before the full and fast delivery of the Internet is fully effective, while also protecting the rights of content owners, that is, owners of intellectual property. The technology that protects this intellectual property is often referred to as digital rights management (D RM). Recent news 200528979 (2) The music industry's legal action against pirated music proves that these difficulties have not been resolved by current DRM technology. Service providers and content providers need to ensure that intellectual property (music, video, games, software, etc.) is not at risk of being illegally downloaded and transmitted through the Internet. It is the main source of lost revenue and hundreds of legal proceedings. The main part. Service providers want this feature to end legal attacks by music companies and to encourage the film industry to allow them to distribute content via unsecured Internet. Seeing the negative impact of piracy on the record industry, the film industry is understandably reluctant. Content providers therefore demand this feature to stop the billions of dollars spent each year in the music and film industry from illegally downloading and transmitting intellectual property over the Internet. Techniques to reduce the abuse of content provider resources and the amount of large amounts of network data are also needed to increase the speed and efficiency of accessing content on the network. Another issue to be addressed is to provide a means for law enforcement agencies to authorize eavesdropping on Internet communications such as e-mail and instant audio and video communications. Given the importance of thwarting terrorist attacks, solutions to this problem are particularly needed. The Patriot Act of the United States and other recently passed legislation point to the need and importance for law enforcement agencies to provide these capabilities. Therefore, there is a need to provide new access specifications and data flow control technologies that can be used by telephone providers, ISPs, businesses, and cable companies for their Internet access. There is also a need to provide a means for law enforcement agencies to counter the prevalent use of Internet communications to plan illegal operations. In particular, there is a need to meet the needs of these service providers using winter 200528979 (3) existing distribution networks. SUMMARY OF THE INVENTION According to the present invention, a system for regulating access to a network is provided. The system includes a controller node coupled to the network. The controller node includes a first processor for generating controller instructions and a first processor for transmitting the controller instructions through the network. Web interface. The system also includes a plurality of gateway units. The gateway units include a user interface for receiving a network access request input by a user, an affinity to the network, and receiving from the network and a gateway. The second network interface of the two processor controller commands. The second processor selectively transmits at least some network access requests through the network according to the controller instructions, and responds to the transmitted network access requests through the network transmission through the second network interface. Content information. According to another aspect of the present invention, a system for regulating access to a network accessed by a large number of users is provided. The system includes a controller node coupled to the network. The controller node includes a first processor for generating controller instructions and a first network for transmitting the controller instructions through the network. interface. The system also includes a plurality of network units associated with a first group of users. The network units include a first network unit coupled to the network and receiving control instructions from the network and a second processor. Two network interfaces. The second processor prohibits the second group of users from accessing the content on the network according to the controller instructions. -7- 200528979 (4) According to still another aspect of the present invention, a system for distributing content through a network is also provided. The system includes a controller node coupled to the network. The controller node includes a first processor for generating controller instructions and a first network for transmitting the controller instructions through the network. interface. The system also includes a plurality of network units, the network units including a second network interface coupled to the network, and the second network interface of at least one first network unit in the network units Receiving a controller command from the network and receiving at least a second network unit and a portion of an inner valley data file of a second processing benefit from the network units, at least one of the network units being the first The second processor of the network unit selectively forwards the content data part received from at least a second network unit of the network units to at least one third network unit of the network units according to the instructions of the controllers. . It should be understood that 'the foregoing description and detailed description are for the purpose of illustration and description only and are not intended to limit the claimed invention.倂 A and structure. The accompanying drawings, which are part of the present specification, illustrate one embodiment of the present invention (Lou 1), and together with the description of the invention, serve to explain the gist of the present invention. [Embodiment] System architecture According to the gist of the present invention, Feng Gen is provided with a system including a service preference architecture (SpA). SpA is a hardware component and is executed by these components. The component that is installed on the client side can be called a gateway, or more specifically, a communication gateway (CG). Users may 200528979 (5) to include home and business users. The CG may include a data storage device such as a device, and is operable between active and inactive CGs under the control of a "controller node" (hereinafter referred to as an Internet control point together with an SPA-based Internet server ( ISP) operation. ICP is installed on the ICP network. ICP can be a router based on ICP or a computer that controls the operation of CG. Software routines located in CG and ICP provide a set of special rules. For example, telecommunication line providers' electronic information Centers, companies, and other ISPs can send this set of features by using a network service-based system. Generally speaking, SPA uses ICP to control users' websites and deliver information to users. Using CG, ICP is controlled on, for example, clients PC or LAN server) and the processing of data sent by users to the ISP or content server. The hardware and software of the CCs in the ICP client cooperate to provide the features. These CGs cannot be tampered with by users. This is achieved by these CG points. First, the CGs are specifically designed with disallowed programming and cannot access the CG hardware or software. Yes, these C Gs are only supplied with compiled code loaded from flash memory, hard rock EEPROM. The code is derived from the ICP, and the encrypted password is stored at the indicated source to allow authentication before the CC control program is updated. These passwords are in the "idle processing control" phase. The hard disk drive is in a state. (1C?)) The service provider uses the network to prepare the cable TV for the user (for example, The exchange of information and the location of the two unified users in the unification of the industry device or various updates hidden, without the presence of IC, often changing 200528979 (6) and tracked by an ICP. Second anti-tampering perspective It is to provide a housing for the CG and a detector composed of one or more "non-responsive" switches. "No response" switches cause errors when the housing is opened or the hard disk device of the CG is removed. The circuit can It is passive or active. If the detector is passive, it will send an error signal to an internal controller when it restarts, and an event notification will be sent to the next power-on. An IC P. Upon receiving the event notification, if software tampering has occurred, the ICP starts to diagnose and disable the CG, or the CG disables its control software and its internal hard disk drive device to prevent the hard disk drive The device works until it is returned to the ISP for repair. The user contract can be used to supply a specified tamper to invalidate the approval and the user's lease to transfer a portion of the CG to the ISP and agree to return the tampered product to the ISP. Contract terms. If the detector is active, the " non-response switch ", for example, keeps the battery or capacitor powered. This error is used to immediately disable the controller software in the processor and the internal hard disk of the CG Drive device. Both can only be reset by ICP by automatic or human intervention. These measures prevent users from writing, compiling, executing, modifying, or otherwise tampering with CG operating software. Second, this activity mode Prevent users from accessing the contents of the hard disk drive. In addition to these tamper-resistant provisions, all ICP-CG communications are performed on the ISP side of the network, and [CP — CG communications are encrypted and The hash is protected. Furthermore, all CGs must be registered with the ISP. An ICP will not be able to -10- 200528979 (7) Enable any service to an unregistered CG and the unregistered CG will be rooted Capable of operating in an experimental environment. The CG sends a signal to the IC P at the start of startup or from an immobile to an active state, and the ICP returns an "OK" message before progress is made. This transaction requires OnePlus password exchange in order to authorize the C.G into an "active" state where it can be played, downloaded or delivered to the user. These measures ensure the security control of the data flow between the CP and the CG. This The secure data stream can then effectively and efficiently control the services provided to the users by the ISPs. Reference will now be made in detail to embodiments (exemplary embodiments) of the present invention, the sub-systems of which are illustrated in the drawings. Wherever possible, the same reference numbers will be used throughout the drawings to refer to the same or similar components. FIG. 1 illustrates an environment in which the present invention can operate. A service preference architecture (SPA) may include at least one Internet control point (ICP) 50 connected to a network. The network 5 2 may be, for example, the Internet, a metropolitan area network, or a local area network, and may include several SPA-controlled network elements 5 4 and non-SPA-controlled network elements 5 5. The network elements 54, 55 may include, for example, network switches and routers. The SPA control network element 54 supports regulating access to the distributed content via the network 52. Also connected to the network 5 2 is a content server. These content servers include at least one SPA control content server 56 and a plurality of packets. CG 58], 5 8 2, ... 581Ί communication gateways (CG) 58. A client 60], 60, 2, 60n can be connected to each corresponding CG58, or in an alternative embodiment not shown, it can be used in combination with each corresponding CG 5 8 to use this example service 52 The network of multiple pieces finally formed "fusion nCG 58" with -11-200528979 (8). A SPA control content server 56 can be, for example, a computing terminal used to deliver content services. A content service can Include, for example, ^ send any media files (such as movies, music, images, and H%), software files (such as full applications, operating parameters, data files $, $ partial applications / updates) or real-time applications (such as For an end user @ 5 Yunli data processing, voice communication or visual communication). In an alternative embodiment, the functions of SPA controlling content server 56 and IC P50 can be combined in a single-component. The ICP 50 is typically set away from the user terminal 60 and at the same time regulates the user's access to the network 5 2 and the distribution of content in the network 52. For example, the content may originate from the SPA control content server 56 Or it is derived from the other content server 57 in the network 52. The ICP 50 works by generating instructions in conjunction with CG 58 and the SPA control network element 54. These instructions are transmitted to the CG 58 and SPA through the network 52. The control network element 54 is executed in the SPA control network element 54. The ICP 50 can constitute a source of Internet service control and conditional denial of access to users with URLs or IP addresses selected by the ISP ICP 50 can control CG 5 8 to determine what website data is allowed to pass to users using, for example, a web browser program running in user terminal 60. ICP 50 can also control the packet inspection process in CG 5 8 to determine Which material is allowed to flow through CG 58 to and from user terminal 60, especially when an email or file transfer is initiated. ICP 50 also controls when a corresponding user terminal 60 is inactive, idle CG 5 8 is engaged in What kind of activities. Idle CG 5 8-12-200528979 (9) Can receive software downloads from IC P 50, collect data, and initiate communication activities that are split to specific non-SPA content servers 5 7 Non-SPA content Server 5 7 provides unauthorized downloading of copyrighted materials for users. Multiple I c P 50 can be deployed in an I s P network according to geographical location to support CG 50 CG management capabilities and its services Number of users in the area. An ISP may provide an ISP portal 62 to facilitate user access to the network 52. The ISP portal 62 may be, for example, an enterprise data center. The access node 66 is associated with an ISP that provides an ISP portal 62. The ICP 50 interacts with the ISP portal 62, the access node 66 associated with the ISP, and the SPA control content server 56 to control the user's ability to access the services provided by the ISP portal 62. ICP 50 also controls CG 58 to deliver various services, such as including advertising, ISP portal 6 2 or SPA control content server 5 6 web server home page, or user terminal 60 as they use ISP 6 2 or SPA controls software download for 6 server services. I C P 50 also interacts with SP A control network element 54 used by I SP entry 62 to deliver services. The ICP 50 controls the user's ability to access services provided by the ISP portal, and controls the operation of these services by controlling the data flow through the SPA control network element 54 used by the ISP portal 62. I C P 50 can be programmed by human input or by web crawler software controlled by the operator. Updates to the database in ICP 50 can be provided by an active intervention system 64 to discover and implement changes to the I C P 50 database input. The ICP 50 database can be updated in a class of -13-200528979 (10), which is distributed to 64 individuals and registered in the library's network. 500 people have general updates of computer viruses with body-parameter devices. Virus definitions and worm protection. Web crawlers, human intervention, and library updates for ICP 50 and CG 58 can be controlled by the active intervention system 64. Active intervention systems may include, for example, a centrally maintained computer system. The active intervention system 64 can control a variety of ICP 50 operations deployed by geographical location. The procedure starts with the active intervention system 6 4. The active intervention system 64 is used by operators to discover new URLs or IP addresses to "piracy" websites. Conditionally blocks access to these URLs or IP addresses by CG 58. Digital copyright management is now implemented. (DRM) technology changes, discovery and recording of new packet characteristics, installation of eavesdroppers on command, processing of new copyright note input, change of encryption technology, and implementation of other management services. ICP 50 is then delivered proactively and immediately Network management, dissemination of new data input and input changes to CG 5 8 and tracking of SPA control network components 5 4 operations. Although only one is shown, there can be multiple ICP 50. Therefore, multiple ICP 50 can be linked So that they can manage a large number of SPA control circuit elements 54 and provide redundant, highly reliable operations. Furthermore, ICP can all use a completely consistent database to enable uninterrupted network management as shown in Figure 2 A CG 58 may include a user interface 100, which receives a usage request input by a user at an associated user terminal 60 to access the network 5 2. The CG 58 may also include a network Interface 1 0 2 and network 52 exchange data and receive instructions from ICP 50; a memory device 104, including a database for storing ICP-generated instructions, initial job counts, and other records; a process for implementing those instructions -14-200528979 ( 11) 1 0 6; content storage device 1 ο 8, having a partition for storing content and a network partition; and an external detector 1 1 0 for preventing tampering as described above. The memory device 104 may be, for example, A combination of one or more memory banks, one or more hard disk drive libraries, semiconductor memory disk drives, or other devices that hold data. 106 For example, a general-purpose processor such as 1 (Pentium 4) A processor, an integrated circuit, or a combination of integrated circuits) that can execute program instructions and is designed to allow control of the CG 5 8 to be implemented in a physical manner and is also available for non-CG related general purposes. 0 6 can be a special-purpose processor (integral or integrated circuit), which can execute program instructions and is provided with the power, bus, logic and hardware required to control CG 58. Content storage device 1 〇8 may be, for example, a combination of one or more semiconductor libraries, one or more hard disk drive device libraries, semiconductor memory and hard devices, or any other device that holds data. CG may be provided in various forms, such as Combining TV, video, Internet voice access, a dial-up remote access server, an ADSL data router, a satellite TV gateway, a cable TV modem, an Internet gateway on the machine, a Wireless modems, or other electrical, television, stereo, wireless phones, telephones, DVDs, WLAN access points, wireless broadband or narrowband modems or similar devices or mobile computing, playback, recording, display or communication devices. As shown in FIG. 3, an IC P 50 may include one or more surfaces 200, one or more processors 2 0, a memory device 2 04, and a semiconductor body and a hard processor using a case. The reckless 4-way set of purely soft-computing circuit should be counted as only a body-accelerated memory disk drive to multi-network and machine-to-circuit integration including wireless VCR and fixed network interface. Memory-15- 200528979 (12) Physical device 2 (Η includes a database for storing records, and a non-internet communication link for communication between processors and shared storage devices and memory. These records It preferably includes instructions that can be updated by the active intervention system 64 and distributed to the CG 58 and the SPA control network element 54 for execution. As shown in Figure 4, the SPA control network element 54 may include one or more networks. Road interface 300, one or more processors 302, a memory device 3 04 including a database, and one or more switch modules 3 06 for providing routing and switching devices. Components 3 0 0, 3 0 2 and 3 0 4 can be operated in a similar manner to the corresponding components of CG. Spa controls the network elements. 5 4 can be provided in various forms, such as a computer for delivering data services or content services, A core router or ATM switch, one to control access to the network, allow access to the network, DSLA M (Digital Subscriber Line Access Multiplexer), cable modem system, wireless modem system, or any other Multiplexing or channel services The user management system that authenticates the user or device before sending the system, or satellites that incorporate any of these components. The service initialization CG 58 may have to log in to Icp 50 when it is first turned on. These CG 58 will remain Activities until they receive a login confirmation from the spa control content server 56 or ICP 50. The registry process may include collecting information used by ICP 50 to approve registrations from users, such as CG 58 hardware addresses and other identification Data. If necessary, ICCP 5 will then send the latest operating software to CG 5 8 and its initial operating parameters to load the memory] 04. The initial operating parameters may include, for example, -16-200528979 (13) 5 8 , I CP 50 0 address and other variables described below. Subsequent re-login can be started by CG 5 8 under the user's control for address or ISP change. Active and inactive CG processing is controlled by CG 58 power In the event of a shutdown or inactivity timeout, CG 58 may register itself as "idle" by sending an event notification to ICP 50. The duration of an inactivity timeout can be preset and can be controlled by ICP 50 The following is changed because the input to the ICP 50 is used to disseminate to all CG 58. At a later reactivation which can be started by power-on or a signal from the user terminal, the CG 58 sends an event notification to the ICP 50 to change Recognizing itself as "active", ICP 50 responds with an approval. Failure to receive approval by CG 5 8 will result in a series of retries until the last timeout or maximum number of retries occurs. When this occurs, A diagnostic program can be executed within CG 58 to advise the user what to do next based on the source of the inference of the error. The active C G 5 8 can process and control the delivery of content and services from the SPA control content server 56 or the IS portal 62. Inactive C G 5 8 can handle and control CG maintenance or can perform CG activities that are deliberately entrusted to inactive. Conditional Blocking Figure 5 illustrates a method for regulating user access to the network in accordance with the present invention. At step 400, a gateway unit associated with a user receives a controller command from a network. Next, in step 402, the gateway unit receives a 200528979 (14) -network access request from a user via a user terminal. At step 404 ', the gateway unit selectively transmits the network access requests over the network according to the controller instructions. Finally, in step 406, the gateway unit receives the content data of the network access request which should be transmitted from the network. According to the present invention, this section, and other sections that follow, will explain the implementation of this method in more detail. C G 5 8, under the control of I C P 5 0, can provide a network-based digital rights management (DRM) service. The DRM service prevents the ability to send or receive data to or from users that contain "pirated" URLs or IP addresses that contain unauthorized copyrighted material. CG 58 removed the "pirated" U RL when implementing this blocking Or ί P address and replace with a URL or 1 ρ address of a website that provides licensed copyrighted material for legal and authorized sale. A "pirated" URL or URL known to contain unauthorized copyrighted material or The list of IP addresses can be updated frequently, similar to how virus definition files are frequently updated. Furthermore, when other non-web browser programs running in the user terminal 60 attempt to access a blocked website, requests for the URL or IP address of the blocked website may be redirected to The URL or IP address of a legitimate content provider is either ignored. When a CG 58 is registered as "active", the ICP 50 may update the DRM URL or IP address replacement in the Cg 58. The packet inspection CG 58 and SP A control network element 54 may be based on the nature of the file including, for example, file extension, file format, header or trailer content, and has been known to be unauthorized by -18-200528979 (15) URL / IP address of the copyrighted material, perform a packet check to determine the file type of all files that are to be transmitted via CG 5 8 or SPA control network element 5 4. ICP 50 plans C G 5 8 or SP A control network element 5 4 in a specific data format. These profile bears can be of any length and can contain exact matches or general descriptions. When a particular data message is recognized, the data transmission may be stopped or another action taken according to the instructions delivered by the IC P 50. The e-mail server & client forges a CG 58 or a SPA control network element capable of exchanging traffic within the network, can present itself to the user terminal 60 as the e-mail server of the associated user, It can be a network element 5 4. In addition, the CG 58 or the first SPA control network element 54 that can exchange traffic within the network can present itself to the user's e-mail server as a user terminal 60. In this way, the c G 58 or the first SPA control network element 54 capable of exchanging traffic within the network acts as a two-way encryption / decryption point to enable inspection of additional encrypted data. When the email is sent through a CG 58 or a first SPA control network element 5 4 capable of exchanging traffic within the network, all additional files are checked using, for example, the above-mentioned packet inspection technology. Based on the instructions delivered by the ICP, a CG 5 8 or a first SPA control network element 5 4 capable of exchanging traffic within the network can then block access to absolutely incoming files, stop transmitting outgoing files, or take other actions. . -19- 200528979 (16) Browser, program communication, and URL or IP address blocking 丨 Under the control of ICP 50, CG 58 can block users' access to the URL or IP address. When CG 58 logs on to ICP 50: Active ", CG 58 receives updates from ICP 50—the list of blocked IP addresses and its replacement list. The replacement list, for example, is to be replaced by CG 58 to block specific users. URL or IP URL or IP address. A request by a user to enter a blocked URL or IP address in a web browser program or a program made by the user to connect to a blocked URL or IP address. IP address program calls can be allowed to time out. Alternatively, CG 58 can propose an alternative URL or IP address to display to the user from the list. Timeout may occur when the replacement or IP address does not exist. An ISP Optionally allow a user to send input to these blocked URLs or IP addresses for parental control purposes. The fused CG 5 8 can also use features to grant access and delivery to services provided by the ISP only if the user has subscribed , But exclude all others. This blocking feature can also be used for websites for public policy, court order or ISP policy purposes. Event notifications whenever a packet is checked for a match or an attempt to access a conditional URL is denied When detected, CG 58 and S The PA control network 54 delivers an event notification to the ICP 50. The virus-initiated blocking service traffic blocking list is recorded as a "live URL or an alternative URL including a regular URL to the terminal 60 address. The list of this blocked video is blocked by the roadblock element-20-200528979 (17) Use any user terminal 60 served by CG 5 8 to repeat and quickly send data to ~ or a short list of URLs or IP addresses When detected by CG, 'traffic to the identified website will not be redirected. Voice over Internet Protocol (VoIP) Blocking For users who are not VoIP users, CG 58 or SPA network element 54 can be identified by recognizing the destination URL, source URL, encapsulation 'header information, or packet content Use the service map of V ο IP. Incoming or outgoing VoIP packets may be discarded and an advertisement providing a subscription service may be delivered and displayed to the user terminal 60. Real-time video or audio streaming blocking. For users who are not real-time service users, the CG 5 SPA control network element 54 can identify the intended URL by recognizing the destination URL, source URL packet length, header information or packet content. Immediately attempt. Incoming or outgoing instant packets can be discarded and an advertisement providing an instant subscription service can be delivered and displayed to the user terminal 60. Degradation of the quality of instant video or audio services (QOS) For non-immediate service quality users or users attempting to access known P2P file sharing, CG 58 or SPA control network 54 recognizes the destination URL, The source URL, packet length, header, or packet content identifies attempts to use the real-time application. In the discrimination ’C G 5 8 or SP A control network elements 5 4 reduce the data being transmitted.

Controlling the packet length of the enterprise VoIP 8 or closed stream illegal components Information -21-200528979 (18) The duty cycle can reduce the speed of traffic delivery. This can be done by inserting TCP / IP messages, Nak / Ack or χ-Οη / χ-Off pairs. Provided that the requested website is not a known illegal P2P website, an advertisement providing an instant QoS subscription service can be delivered. Internet or Data Network Access Authentication This technology prevents users from replacing external gateways and logging on to the Internet (remote broadband or narrowband) access servers without controlling their data flow. After the ICP 50 has authorized the data stream through the CG 58, the ICP 50 may send an authorization instruction to the access node 6 6 associated with the I SP providing the I SP entry 62. The access node 66 may be, for example, an Internet access server or a user management system. These authorization instructions must be received by the access node 66 before the user can be authenticated and granted Internet access. Blocking services and counterfeiting attacks on websites that distribute unauthorized copyrighted material A method according to the present invention for regulating users to most content servers in a network is shown in FIG. First, at step 500, a network unit associated with a first group of users receives a controller command from the network. Then, in step 502, the network unit selectively prohibits a second group of users from accessing a part of the content servers according to the controller instructions. According to the inventors, this section explains the implementation of this method in more detail. -22-200528979 (19) Network units including, for example, CG 5 8 and s PA control network element 5 4 that are turned on and inactive, can be instructed by an instruction received from an ICP 50 to start pirating " The URL or IP address of the website repeatedly requests service or other similar transactions, that is, such "pirated" websites are those websites that have been identified as blocked by a list of conditional blocking services delivered by ICP. I c P 5 0 can trigger any of these attacks based on any of several criteria: "scheduled over time", ICP 5 0 " immediate actuation ", or" event driven ". When the attack is "scheduled by duration," ICP 50 instructs CG 5 8 to attack at a specific time and the attack continues for a specified time interval. When the attack is "immediately activated", IC P 5 0 Instructs CG 5 8 to immediately start or end the attack. When the attack is |, event-driven ", ICP 50 instructs CG 5 8 to start an example attack on an event, such as entering an inactive state. An" scheduled attack over a period of time "can be associated with an" event-driven " Attack syndication to start an example attack on an event and end after a time interval specified by ICP 50. In this way, users who are not served by CG 5 8 under ICP 50 control may also be blocked from having absolute copyrighted material Therefore, the impact of the initial deployment of CG 5 8 was greatly expanded to prevent access to pirated data on the network 5 2. In addition to instructing to block service attacks on URLs or IP addresses in the conditional block service list ICP 50 can also instruct CG 58 and SPA control network element 54 to perform similar attacks on URLs or IP addresses identified by governments or law enforcement agencies such as the Ministry of Defense. URLs or IP addresses are being used when planning criminal or terrorist activities. Many P2P servers facilitate the unauthorized distribution of copyrighted content. ^ 200528979 (20). Use of active intervention systems 6 4 Human operators can discover the IP address or URL of these servers. This can be achieved by several methods, including, for example, subscribing to P 2 P services from multiple sources or using P 2 P software. Via P 2 P resource bits The files shared by the address server can then be checked by these people to find out which Internet server contains a link to unauthorized copyrighted content. Provide or include links to unauthorized copyrighted material The URL or IP address of the P 2 P server can be blocked by placing them on the blocked address list maintained by the IC P 50. The human operator then uploads alternative file indicators to multiple p 2 P resource address server and use the active intervention system 64 to input counterfeit attack instructions. These alternative file indicators clearly indicate to servers which should be unauthorized copyrighted files, and will be searched from P 2 P users These unauthorized access requests for copyrighted files are redirected to alternative files. These include network units such as CG 5 8 and SPA Control Network Element 5 4 that are powered on and inactive, and can also be downloaded from an ICP 5 0 The received instruction instructs the uploading of alternate file indicators to various P 2 P resource address servers. Such alternate files may be, for example, invalid or defective valid files, or may include informing users that access has been blocked And legal copies of information that can be obtained from other places. Copyright registration login is not stored and allowed to access by the central 1C P 50. Users who have purchased copyrighted materials can be registered by the seller or the owner of the licensed use of the material. Further, non-copyrighted materials can be registered for identification purposes-200528979 (21) to identify archives with no limit on the number of copies made or to be mailed or downloaded electronically. Copyright file deletion-An inactive CG 5 8 can be viewed under the control of ICP 50, a computer file system associated with any user terminal 60 that can be accessed by CG 5 8 in a network attached to CG 5 8 . CG 58 may notify ICP 50 of the name of the file that conforms to the form of packet inspection in order to identify the existence of copyrighted material that the associated user may not be entitled to. Human intervention via the active intervention system 64, or a copyright registration card, can be used to check the user's right to enjoy copyrighted material found in the user's file system. If the right to enjoy is not found, a C G 5 8 associated with the file system can then delete files that the user is not entitled to. First Portal Visibility The "first portal" feature is used to present a specified URL to the user with the content specified by the ISP, which serves as the "first portal" page to be displayed to the user upon launching a web browser. Irrespective of the user's choice as the "home page" in the web browser program executed by the user terminal 60. CG 58 delivers the "first entry" under the instruction of ICP 50. The "'first entry'" can be selected from a list of URLs or IP addresses when a web browser is launched or, for example, a reactivation of a timed out event has occurred. The ICP 50 may periodically change the list of URLs or URL addresses delivered to C G 5 8. C G 58 receives the user's URL request through the user interface 100 and delivers it instead. -25- 200528979 (22) This, the first entry, URL. The user can be presented with the rotation axis of a URL or IP address, where each URL in the URL or IP address list delivered by the ICP is presented in a circular manner, each time a new " first entry "opportunity is created Or, the list received from ICP 50 may consist of a URL 'or the URLs or IP addresses in the list may be weighted so that certain URLs appear more often than others. The specific weighting function can be selected The location is configured by an ISP. The advertisement is under the control of ICP 50, during the web page presentation from the "first entry" U RL, and during the event designated by ISP 62, ISP 62 may propose a set of brackets and / Or customized advertisement to the user terminal 60. The CG 58 can receive an advertisement or URL or IP address list to be presented to the user related to the user terminal 60 from the ICP 50 via the network interface 102. The advertisement can be based on the user by the ICCP 50 Customized ISP input, user input, postal code, URL or IP address. A set of events that trigger the advertisement to be presented in the user terminal 60 ’s browser can be controlled by the operator; [CP 5 〇 was transferred to CG 58. The file can be time-triggered or can include, for example, the start or completion of a new URL or IP ADDRESS request or data transfer. Ads can be delivered to the user terminal via pop-up windows, browser windows, email messages or physical media 6 0. Service small application download subscription subscriptions to video-based phone, games or gambling fee-based services-26- 200528979 (23) Users of the service can receive small application downloads from ICP 50 or SPA content servers. The small Application downloads can then be downloaded to an associated user terminal 60 or network device / controller. These small applications are typically permanent software necessary for the service. CG 58, under the control of ICP 50 , The download of the small application can be limited to the service that the user subscribes to. The update of the small application can be delivered to a user when they are online and when CG 5 8 is registered as an ICP 50 event. Law enforcement or national security agencies around the world are concerned about "threats," during which situations they monitor the use of the Internet and email. These agencies are also responsible for having access to Internet communications with legal approval. With this feature, some or all of the information flowing through the C G 5 8 or SP A control network element 5 4 can be copied to a designated law enforcement or national security monitoring website (not shown in the drawing). In order to send only a portion of the traffic, the data stream can be monitored by a packet inspection engine at the CG 58 or SPA control network element 54 to investigate the IP address or data and send the selected traffic to the appropriate agency website. The monitoring system is activated with an ICP 50 human intervention via an active intervention system 64, and monitoring instructions are then sent to a suitable CG 58 or SPA control network element 54. Pay Per View (PPV) Advertising This technology allows users to view advertisements in a searchable format. The advertisements can be video, text, audio, or a combination of two or all three media formats. -27- 200528979 (24). A search result that displays a short description of the loopback advertisement can be presented to the user. The user can then select ads that are of interest to watch or listen to. When packaged with a video delivery service, users generally can skip ads embedded in the video program and can search for ads with text input and receive ads that match their interests. For each ad viewed, the user can be watched for a fee. The compensation may be insignificant and used to stimulate the high penetration of the ads viewed by interested users who would actually buy the products presented by the ads. The advertisement can be played in a `` click and play '' mode, `` short play and skip to the next (sh 0 rtp 1 ayandski ρ ί 〇thenext) '', or `` play until I stop ( p 1 ayunti] I saystop) · 'mode. Dialogue between playback modes can be controlled by the user. PPV advertisers can purchase configurations that are high above the list. Users can enter weights to search terms to increase or decrease the order in which ads are displayed for search results. When PPV advertisements are packaged with audio delivery services, audio equivalent to display user weighting can be delivered by using user terminal 60 or a remote control. A user may select a continuous play mode of the advertisement or a "listen and skip" mode to allow the user to listen to any part and then skip to the next advertisement. Text can be added to a video or audio service by using a display embedded in the advertising player. Full content delivery using CG-based capture / storage and content service delivery access to network bandwidth A method for distributing content data over the network according to the present invention-28- 200528979 (25) 7 Figure. First, in step 600, a first network unit receives a content distribution instruction from the network. Next, in step 602, the first network unit stores a first portion of content data from the network. Then, in step 604 ', the first network unit initiates a request through the network according to the content distribution instructions and responds to a user request for the rest of the content data. In step 606, the first network unit receives the rest of the content data from the network. Then, in step 608, the first network unit combines the first part of the content data with the rest of the content data. In step 610, the first network unit supplies the combined content data to the user. Finally, in step 6 1 2, the first network unit selectively forwards the first part of the content data to a first network unit according to the content distribution instructions. In more detail, this method according to the present invention incorporates the use of network units such as CG 5 8 to store a portion or piece of content delivered with IC P controlled content delivery so that the CG 5 8 can be used to Respond to users' requests to deliver content from their clips to each other. SP A Control content The server 56 first receives all incoming content. The SPA control content server 56 may be composed of any number of platforms. The incoming content can be video, music, books, software, games, and so on. After receiving the content, the SPA-controlled content server 56 then distributes a substantial portion of the content for storage in its user network CG 58 in order to reduce the data communication requirements through its network connection. An individual CG 58 receives a controller command from ICP 50 and a small piece or portion of the overall content. The content downloaded to the CG 58 thus reaches 100% of the delivered content. Therefore, the small pieces of content downloaded by -29- 200528979 (26) are stored in a network partition of the content storage device 108 in each CG 58, and the SPA control content server 56 is only allowed to "write" and The user only grants " read " to it, and then only downloads the content to CG 5 8 from CG 5 8 or ICP controlled content server 5 6 at ICP 50 from the request for that content and as directed. The content requested by the user can also be stored in this network partition of the content storage device 108. A user can delete content due to a user's request. Based on distributing content from C G 5 8 to additional CGs to meet the needs of other users, the "deletion" of all users can be immediately allowed or deferred to a later event by ICP 50. The IP address and other unique identifying information about which C G 5 8 holds which part of the content is tracked by the SPA control content server 56 and ICP 50. This technique further parses individual files into smaller chunks and then places them in an array of CG 58 to place several "seed CGs" within a network containing the same content. In this way, a violent burst of packets can be generated, overcoming the imbalance between the upstream and downstream bit rate speeds that are delivered to CG 58. Many CGs with lower upstream (CG to network) rates can download data to a request for a higher downstream (network to CG) rate download. In addition, the SPA control network element 54 can facilitate the distribution of content by storing the seeds or pieces of content to be distributed in order to reduce the requirements on the SPA control content server 56. In response to a user's request for content, the user can access all content stored in the C G and other C G network partitions controlled by IC P 50. When many users request the same content, then I C P 5 0 indicates a copy of the content because it is to be distributed to C G 5 8. "-30- 200528979 (27) Copying" is a technology by which the first CG to receive specific content transfers the content to other CCs. These other CGs can sequentially download content to several subsequent CGs. Therefore, C G 5 8 selectively forwards the content file of this part according to the instruction received from IC P 5 0. In this way, all c Gs receive content in a short period of time. If the file cannot be obtained from any other CG, the ICP 50 instructs the content to be delivered from the SPa control content server 56 to the requesting user. Once a content file resides in CG 58, the associated user can choose to play it. The content is not displayed on consumer electronics and displayed on the user terminal 60, but is delivered to other terminals as long as the content is licensed. Content delivered by a user request will be stored in the user's CG 5 8 network partition. Under license, playback of content and / or file transfers using consumer electronics is permitted. I C P 5 0 keeps track of which C G 5 8 is powered on and is active and available. I C P 5 0 also keeps track of the content written to the active C G by SP A control content server 56. Content can be regularly removed from these CC network partitions in several ways. First, a "Delete Date" is available for each content file. Second, when new content is delivered, the SPA control content server 56 notifies the CG 58 of the deletion, and the SPA control content server 56 can delete the content. Third, if the space in the network partition is too small to accept new content, the oldest content can be wiped out. A fourth ' user may delete content that was previously downloaded upon user request. CG 58 may also include a user partition where one user can store content that he or she owns. The content stored in a user partition can be -31-200528979 (28) Any file including, for example, media, and software, and data files. The content in a user zone can also be retrieved by a user via a user terminal 'or can be transmitted to a sequence of consumer electronic products at the location of the user to be played or displayed. ICP, CG and network component database structure Each ICP 50 can maintain a master database for controlling SPA control content 5 6, C G 5 8 and SP A control network component 5 4. The database can be managed as a database system accessed by the ICP software. Yes' no storage space is allocated for the record column with empty content. Each of the CG network elements 54 and the SPA control content server 56 may also hold 3 to a subset of the banks for processing. The following sections describe the various types of data maintained in the I C P 50 main database and in C G 5 8, components 54, and SPA control content servers 56 content servers. Individually managed CGs, network components, content servers and provisioning user identifiers MP 50, CG 58, network components 54, and SPA control content 56 databases may each contain hardware records. The main database of ICP 50 can include the current records for each CG 5 8, network component 54, and SPA control internal server 56. ICP 50 uses a "history folder" to manage the day 5 8. Network components 5, 4, and SPA control content server 5 6, the "file folder" includes up to ten past records to explain to the user I sp storage 60 storage 3 types of servers The owner is best 58 > Data Network Holder / Servo record Rongsi I CG history entry-32- 200528979 (29) 6 2. Network components 5 4, CG 5 8 and SPA control content server 5 6 Software changes. The information in the master database record may include, for example, user / contact name, company name, address, city, state, country, postal code, phone number, email address, CG 58, SPA control network element 54, Or hardware address of SPA control content server 56, CG 58, SPA control network element 54 or unique identifier, model, serial number, hardware release version, software release version, URL enforcement of SPA control content server 56 Agency copy, event logged in from cg 5 8, network element 54 or SPA control content server 56, authentication pre-authentication URL or IP address, active image ID, inactive image ID, active / inactive flag, Instant QoS flags, and VoIP QoS flags. The CG 58, network element 54, and SPA control content server 56 database records may each include individual corresponding identification information that they have. C G, current regenerative software versions and images of network components or content server models. This record is maintained only in the ICP 50 master database. The following columns can be kept in this master database for each managed CG 58, network component 54, or SPA-controlled content server 5 6: Model, hardware release version, software release version, current code image, last two Code images, and release notes for customer support. Manage I C P list Manage ICP list data is kept only in CG 58, SPA control network element -33- 200528979 (30) pieces 5 4 and SP A control content server 56. This information includes the URL or IP address to the ICP 50 that can control the associated C G 5 8, network element 5 4 or SP A control content server 56. The first input is permanent and allows initial registration and download of ICP addresses to an ISP associated with that particular CC, network element, or SPA control content server 56. Active image list ICP 50, CG 58, network element 54, and SPA control content server 5 6 databases each contain active image list data. Active processing is a subroutine that can be executed by the regeneration software executed in each CG 58 when the CG is in an active state. Whenever a CG 5 8, SPA control network element 5 4, or SPA control content server 56 performs a `` I'm Active '' login, the active processing can be ICP 50 changes without changing the current regeneration software. Copies of the active processing routines can be downloaded to CG 5 8, SPA control network element 5 4, or SPA control content server 5 6 ' The intervention system 64 is instructed by an image distribution routine applied to ICP 50 by human input. A human operator can identify a set of "unique identifiers" that can be carried by each specific initiative. The initiative The processing image list can be empty. The idle processing image list ICP 50, CG 5 8, network element 5 4, and SPA control content server 56 database can each contain the idle processing image list data. The idle processing system can be When the CG is in an active state, it is executed on each c G 5 8 -34- 200528979 (31) The subroutine executed by the software. Whenever a CG 5 8, SPA control network element 54, or SPA control content Server 56 runs an "I'm idle ,, ( "I'm Idle") when signing, such idle processing icp 5〇 be changed without changing the reproduction software. These idle processing images are downloaded to CG 5 8, SPA control network element 5 4, or spa control content server 56, and are distributed by an image applied to ICP 50 by human input in active intervention system 64. As indicated by the routine. The human operator can identify a set of unique identifiers that can be carried by each particular idle process. The list of idle process images can be empty. P 2 P idle process attack URL list P 2 P idle process attack URL The list is kept only in the ICP 50 and CG 5 8 databases. The data contains a list of URLs or IP addresses of websites containing illegally distributed unlicensed material that can be attacked by the idle processing. The list can be empty This list contains a set of flags to define the type of content that these illegal websites have to be provided by the active intervention system 64. The Department of Defense (DOD) idle processing attack URL list DOD idle processing attack URL list information is only used by Stored in the icP 50, CG 58, and SPA control network element 54 databases. This is a list of URLs or IP addresses generated by the DOD to be attacked during the idle processing period. The The list can be empty. -35-200528979 (32) "Sneak Peek" URL Lists "Seek Peek" URL lists are only stored in the ICP 50 and CG 58 databases. This information contains a list of URLs or IP addresses that will be presented to the user with a "first entry" browser screen. This list can be empty 'or can have one or more inputs. Multiple inputs can be cycled through a routine built into Icp 50 or C G 5 8 software. Ad Insert URL List The Ad Insert URL list data is only stored in the ICP 50 and CG 58 databases. This information contains a list of URLs or IP addresses that are presented to the user on an "advertising" browser screen. This list can be empty or it can have one or more logins. Multiple logins can be built into the routine of the CG58 through the entire cycle. List of legal content URLs The list of legal content URLs is only stored in the ICP 50 and CG 58 databases. This information contains a list of URLs or IP addresses that are presented to users as legitimate websites when they attempt to connect their browser to one of the URLs or IP addresses on the "P 2 P Blocking URLs" list. This list can be empty or it can have one or more inputs. Multiple inputs can be cycled through a routine built into the CG 58. The content flag from this P2P blocked URL list is used by the active CG 58 or SPA-controlled content server 56 to process a browser screen containing a URL that matches the "legal content URL" that the user is trying to access. To present to the user. -36-200528979 (33) p 2 P blocked URL list P 2 P blocked URL list data is only stored in the ICP 50 and 58 databases. This information contains a list of website URLs or IP addresses of illegally distributed unlicensed material to be actively processed to block access. This list can be empty. This list contains a set of flags that define the status of the content to be provided by these illegal websites that E-active intervention system 64 is aware of. These flags are used by CG 5 8 software to present a browser screen to users with "legal content sites". When they try to direct their browsing to a site on this list, etc., The legitimate content website mentions the content similar to the P 2 P blocking URL. P 2 P QoS restricted URL list P 2 PQ 〇S restricted URL list data is only stored in I c P 5 0 CG 5 8 In the database, this data contains a list of URLs or IP addresses of websites that contain illegally distributed unauthorized data, and the amount of such illegally distributed licensed data and the output from users is processed by the initiative Strictly compressed. The list can be empty. This list contains a set of flags that define the type of content that these illegal sites are to be provided by the active intervention system 64. These flags are used by CG 5 8 software to present A "first bite" or advertisement browser screen is provided to a user who contains a "legal content website", etc. The M legal content website `` provides content similar to that provided by the p 2 P QoS restriction URL. CG's famous quilt container can be used in this place. -37-200528979 (34) Entrance Block URL List The entrance block URL list data is only saved in ICP 50, CG 58, and network components 5 4 In the library. This information contains a list of URLs or IP addresses that have been blocked in accordance with ISP policy or requested by an administrator or court order. Blocking is performed by a C G 5 8 active processing program or a network element 5 4. The list can be empty. This list is used by the active handler to present a browser screen containing a "No URL Available" message to the user, or similar to the requesting user. Ingress QoS Restricted URL List

Ingress QoS restricted URL list data is only stored in the ICP 50, CG 58, and Network Components 5 4 databases. This information includes websites whose QOS is severely restricted by the CG 58 proactive process or the SPA control network element 54 due to the lack of a contracted configuration with an associated ISP to deliver high output or generate high-level traffic into the network. A list of URLs or IP addresses. The list can be empty. This restriction controls the core network cost of the I SP. Law enforcement agencies "copy to" list law enforcement agencies "copy to" list data is only stored in the ICP 50, CG 58, and network element 54 database. This data contains Cg 58, SPA control network element 5 4 or A list of unique identifiers and traffic to which the URL or IP address of the (etc.) law enforcement website is to be copied, and the identified SPA-controlled content server 5 6 is based on receiving -38- 200528979 (35) At the time of a legal eavesdropping order, it was manually entered in the active intervention system 64. The list can be empty. More than one agency can be copied. Packet inspection pattern list Packet inspection pattern list data is only stored in ICP 50, CG 58, and network element 54 database. This data contains a list of patterns that are used by the packet inspection routines in CG 58 or SPA control network element 54 to detect the indicated virus Morphology, traffic caused by viruses, or other unwanted data being sent to the network 5 2. Received event log sheet Received event log sheet data is only stored in the ICP 50 master database. This data containsA record of the event reported by CG 58, SPA control content server 56 or SPA control network element 54 to ICP 50. It may contain three columns: the unique ID of the CG 5 8 reporting it, an event ID, and a Event description. Sent event record table The sent event record table data is only stored in the database of CG 5 8, network element 5, 4 and SPA control content server 5 6. This data contains data from CG 58, network element 54 or a record of the event reported by the SPA control content server 56 to the ICP 50. It may contain three columns: the unique ID of the CG 58 'network element 54, or the unique ID of the SPA control content server 56, An event ID and an event description.-39- 200528979 (36) Copyright registration version 権 The registration information is only saved in the ICP 50 master database. This information contains identification information from the copyright holder or user registrant and has been registered A file of the entire content. Information from these files is used to generate file signatures. The packet inspection process can use file signatures to discover that a copyrighted work is being blocked by sending or receiving an email. The online content data of the above content is only stored in the ICP 50 master database. The data contains metadata that is currently available to users for downloading. And the data can include a set of indicators for each metadata file to show which SPA control The content server 56 or CG 58 has which parts of the content file that are currently available for download to the CG 58. In addition, the data may include a set of indicators for each metadata file, showing the SPA control content server 56 Or which of the CG 5 8 should copy the content and metadata file, and a progress indicator containing the status of the content downloaded to other CG 5 8. Incoming and Downloading Content The data of incoming and downloading content is only stored in the CG 58 and SP A Control Content Server 5 6 database. In CG 58 this material may contain metadata for content currently available for download or viewing by users. The data can also contain a set of indicators (sent from 1C P 50) for each content file being downloaded, showing which SPA control is within the range of 40- 200528979 (37) The content server 56 or CG 58 has a download currently available to cg 58 which parts of the content file. The data may also contain a set of indicators (sent from ICP 50) for each "seed", content file contained in CG 58, showing where other CG 5 8 will copy the content and metadata files, and also A progress indicator that can include the status of downloading content to other CG 58. In the SPA control content server 56, this data may include the SpA control content server that can currently be accessed from the SPA control content server 56 for users to self-correspond. The metadata of the content downloaded to the CG 58 by the browser 56. The data may also include an indicator to each metadata file, which shows which CG 58 needs to have the content file downloaded to them and an instruction to download the content to the CG 58 Program indicator. Pre-authorization flag data is only stored in the ICP 50, network element 54, and SPA control content server 5 6 database. This data is used to ensure that the CG being used by the user 5 8 Series "" Managed by ICP. It is updated each time C G enters an activity from idle or enters idle from an activity, and it is a parent that started with C G 5 8. Unoccupied pre-authorization flags are used by SPA to control network element 54 or SPA to control content server 56 to prevent users from attempting to access network 52 services with unmanaged CG 58. The invention is not limited to the embodiments described above, but can be implemented using a variety of configurations. Those skilled in the art can understand that they can engage in various modifications and changes related to the background of the present invention, and the implementation will not depart from the scope and spirit of the present invention. -41-200528979 (38) [Brief description of the drawings] Fig. 1 illustrates the overall environment in which the present invention is implemented. Figure 2 illustrates a communication gateway according to the present invention. Figure 3 illustrates an Internet control point according to the present invention. Figure 4 illustrates a network element according to the present invention.

FIG. 5 is a flowchart of a method for selectively transmitting a network access request according to the present invention. Figure 6 is a flowchart of a method for disabling access to a content server of a network according to the present invention. FIG. 7 is a flowchart of a method for distributing content in a network according to one embodiment of the present invention. [Description of main component symbols] 5 0 Internet control point 5 2 Network 54 SPA control element 5 5 Non-SPA control element 56 SPA control content server 5 7 Non-SPA control content server 58 Communication interpreter 60 User terminal 6 2 Internet Service Provider Entrance 64 Active Intervention System-42- 200528979 (39) 66 Access Point 1 00 User Interface 102 Network Interface 104 Memory Device 10 6 Processor 10 8 Content Storage Device

110 Case removal detector 200 Network interface 2 02 Processor 2 04 Memory device 3 0 0 Network interface 3 0 2 Processor 3 04 Memory device 3 06 Switch module

-43-

Claims (1)

200528979 (1) X. Patent application scope 1 · A system for regulating access to a network, the system includes: a controller node coupled to the network, the controller node includes: Controller for generating controller instructions; and a first network interface for transmitting the controller instructions through the network; and a plurality of gateway units, the gateway units including: a user Interface, receiving a network access request input by a user; a second network interface, said to be coupled to the network and receiving the controller instructions from the network; and a second processor, the second processing The device selectively transmits at least some network access requests through the network according to the controller instructions, and transmits content data in response to the transmitted network access requests through the network through the second network interface . 2 . For example, the system of claim 1, wherein: the gateway unit further includes a storage device for storing instructions; the gateway unit further includes a gateway unit uniquely associated with a user An associated identifier; and the storage device is operable to store user-specific information. 3. For example, the system of claim 1 in the patent scope, wherein: the gateway units include a user interface to receive a request to transmit data; and the gateway units include a second processor, which checks the data to root -44-200528979 (2) The data is selectively transmitted according to the controller instructions. 4.  For example, if the system of the patent application item 1 is used, wherein: the gateway units include a user interface to receive a request to receive data; and the gateway units include a second processor, the data is checked to The controller instructions selectively transmit the data. 5.  For example, the system of claim 1 in which the first processor automatically generates the controller instructions. 6. For example, the system of claim 1 of the patent scope, wherein the processor of the table generates the controller instructions in response to a request input by an operator. 7. For example, in the system of claim 1, the controller nodes include a first processor, and the controller instructions are generated by operator-controlled network crawling. 8 . For example, the system of claim 1 in the patent scope, wherein the controller nodes include a first processor, generating the controller instructions to prevent users from accessing the first group of network servers. 9 For example, the system of claim 8 in which the gateway unit includes a second processor, so that if a network access request specifies a network server of the network server of the first group, A notification is generated for a controller node. 10 · The system according to item 8 of the patent application, wherein the gateway units include a second processor in order to: detect the network of a network server specifying a network server of a first group Access request; and -45-200528979 (3) redirect the access request to a network server of a second group according to the controller instructions. 11 · The system according to item 1 of the patent application scope, wherein: the controller nodes include a first processor that generates the controller instructions, the controller instructions include a file identifier; and the system includes a plurality of and A gateway unit associated with a user file system'The gateway units include a second processor to detect a file corresponding to the file identifier in a user file system. 1 2 · The system of item 11 in the scope of patent application, wherein the gateway units are operable between an active state and an inactive state. 1 3. If the system of claim 12 is applied for, the second processor notifies a controller node if the associated gateway unit enters an inactive state. 14 · If the system of item I 2 of the scope of patent application is applied, wherein the second processor deletes the detected files from a user file system according to the instructions of the controller. 1 5. For example, if the system of claim 14 is applied for, the second processor deletes the detected files from a user file system during the inactive period. 16 · If the system of item 11 of the scope of patent application is applied, if a file corresponding to the file identifier is deleted, the gateway units notify a controller node. 1 7. For example, the system of item 1 of the patent scope, wherein the gateway units include: -46-200528979 (4) a casing; and a detector for detecting an attempt to open the casing. 1 8. For example, the system of claim 17 in the patent application scope, wherein the gateway unit notifies the controller node of a detected attempt to open the housing after an event initiated by a user. 1 9. For example, the system of claim 17 in the patent application, wherein the gateway unit includes a storage device, and when the detector detects an attempt to open the casing, the second processor prevents the storage device from being stored. take. 2 〇 The system according to item 1 of the patent application, wherein the gateway units include a second processor which enters a user-controlled operation mode after receiving a license from the controller node. 2 1 · If the system of item 1 of the patent application scope, the controller node includes a copyright registration to track the copyright status of the content data files distributed to the gateway unit in the system. twenty two . For example, in the system of claim 21, the user interface receives a registration of the content data files for transmission to the copyright registration. twenty three . For example, in the system of claim 1, the second processor causes the gateway unit to access a predetermined network when the web browser software is activated according to the instructions of the controllers. twenty four. For example, the system of claim 23, wherein the second processor selects the predetermined network station from a list of one predetermined network station received via the instructions of the controllers. 2 5. For example, the system of claim 24 in the scope of patent application, wherein the second processor -47-200528979 (5) selects the predetermined network platform according to a weighting function, so that at least a part of the predetermined network stations More often selected. 2 6. For example, the system of claim 1 in which the gateway unit receives registration information from a user via the user interface; and receives initial operating parameters via the second network interface. 2 7. For example, the system of claim 1, wherein the gateway units: receive registration information from a user through the user interface; and receive software updates through the second network interface. 2 8. For example, the system of claim 1 in the patent scope, wherein: the gateway units send advertisements to a user display via the user interface, and the advertisements are based on at least one of the second network interface and the user interface through the user interface. The information received by one is customized. 2 9. For example, the system of claim 1 in the patent scope, wherein the gateway units: selectively display pay-per-click advertisements to the user via the user interface; and generate billing when the advertisements are displayed by the user Amount to the user. 3 0. For example, the system of claim 29 of the patent scope, in which the gateway units respond to a user's choice to generate one of a plurality of viewing modes -48-200528979 (6) the viewing mode to view the pay-per-view advertisement. 3 1. For example, the system of claim 1 in which the gateway unit receives software for execution in the second processor via the second network interface, and the software establishes one of the fee-based network services , Online video calls, and online games. 3 2. For example, the system of claim 1, wherein the second processor detects a denial of service attack. 33. The system of claim 32, wherein the second processor detects a denial of service attack initiated by a virus. 3 4 · If the system of item 1 of the patent application scope, wherein the gateway units selectively transmit information describing at least one of the entry data and the outgoing data to the gateway units to the law enforcement terminal . 3 5 · The system according to item 1 of the patent application scope, wherein the gateways σα-early: detect an attempt by a user to transmit and receive at least one of sound traffic; and selectively according to instructions of the controllers Block the detected attempt. 3 6. For example, the system of claim 35, wherein the gateway units transmit an advertisement providing a sound transmission service through the user interface. 3 7. If the system of claim 1 is applied, the gateways pg — early: detect at least one of the audio and video traffic attempts by a user; and -49- 200528979 (7 ) Selectively block the detected attempt according to the controller instructions. 3 8. For example, the system of claim 37, wherein the gateway units transmit an advertisement of at least one of audio and video traffic services through the user interface. 3 9 · If the system under the scope of patent application, the gateway units: detect at least one of audio and video traffic flowing through the second network interface; and select according to the instructions of the controllers To reduce the service quality of at least one of audio and video traffic, wherein the degradation of service quality includes at least one of the following: reducing the duty cycle, inserting TCP / IP messages into at least one of audio and video traffic , Inserting Nak / Ack for at least one of audio and video traffic, and inserting X-On / X-Off for at least one of audio and video traffic. 4 〇 · If the system of item 1 of the patent application scope further includes a plurality of access nodes, the controller node includes a controller for generating authorization instructions and transmitting the authorization instructions to the access nodes through the network. The first processor and the access nodes: receive the authorization instructions from the controller node; and selectively grant the gateway units access to the network according to the authorization instructions. 4]. For example, the system of the first scope of the patent application, where the gateways-50-200528979 (8) The unit contains a data storage unit that is divided into a network part and a user part, and a group of gateways At least one of the units is selectively shared and stored in the network partition with at least one of the gateway units of a second group via the second network interface according to the controller instructions. data of. 4 2. If the system of the scope of patent application is applied for, the second processor in at least one first gateway unit of the gateway units will selectively receive from the gateways according to the instructions of the controllers. The content data of at least one second gateway unit of the unit is transferred to at least one third gateway unit of the gateway units. 4 3. If the system of claim 42 is applied, the second processor in at least one of the gateway units-the first gateway unit: according to the instructions of the controllers from a group of news The router unit receives a portion of a content data file; and combines a data file based on the received portions for transmission to the user via the user interface. 4 4 · If the system of the first patent application scope further includes an intervention node, the intervention node includes: an operator interface for receiving counterfeit attack instructions input by the operator; and a second network interface for According to the counterfeit attack instructions, at least one substitute file indicator is transmitted to an address in the network. 4 5 · If the system of item 1 of the patent application scope further includes a network unit, these network units include: -51-200528979 0) A network interface, coupled to the network and receiving control from the network Device instructions and network traffic from a gateway unit; and a processor to selectively reduce the received network traffic flow based on the controller instructions. 4 6. For example, the system under the scope of patent application No. 45, wherein the network units: detect the volume of sound traffic; and selectively block the detected traffic according to the instructions of the controllers. 4 7. For example, the system of claim 45, wherein the network units: detect the traffic of at least one of audio and video traffic; and selectively block the detected traffic according to the instructions of the controllers . 4 8. For example, the system of claim 45, wherein the network units: detect the traffic of at least one of audio and video traffic; and selectively reduce the detected audio and video frequency according to the instructions of the controllers. The service quality of at least one of the video, wherein the degradation of the service quality includes at least one of the following: reducing the duty cycle, inserting TCP / IP messages into at least one of audio and video traffic, inserting Nak / Ack For at least one of audio and video traffic, and insert X-On / X-Off for at least one of audio and video traffic. -52- 200528979 (10) 4 9 _ A system for regulating access to a network accessed by a plurality of users, the system includes: a controller node coupled to the network, the controller node including : A first processor for generating controller instructions; and a first network interface for transmitting the controller instructions through the network; and a plurality of networks associated with users of the first group The network unit includes: a second network interface coupled to the network and receiving the controller instructions from the network; and a second processor, the second processor according to the The controller command prohibits the users in the second group from accessing the content on the network. 5 0. For example, in the system of claim 49, the second processor in the network prohibits the access of the second group by performing a denial of service attack according to the controller instructions. 5 1. For example, the system of claim 50, wherein the second processor executes an attack based on a schedule, the schedule includes at least one of the following: a schedule based on the duration of the attacks; instructions to the controller Immediate response, as well as responding to an event. 5 2 · The system according to item 49 of the scope of the patent application, wherein at least a part of the network units includes a router unit uniquely associated with a user. -53-200528979 (11) 5 3. For example, the system of claim 52, in which the gateway units: are operable between an active state and an inactive state; and perform blocking service attacks during the inactive state according to the instructions of the controllers. 54. The system of claim 49, wherein the second processor detects a denial of service attack. 5 5. The system of claim 54, wherein the second processor detects a denial-of-service attack initiated by a virus. 56. The system according to item 54 of the patent application scope, wherein the second processor prevents a denial of service attack on detection. 5 7. For example, in the system of claim 49, the network units selectively transmit information describing at least one of the entry data and the outbound data to the gateway unit to the law enforcement terminal. 5 8 · A system for distributing content over a network, the system comprising: a controller node coupled to the network, the controller node comprising: a processor and a processor for generating controller instructions; and A first network interface for transmitting the controller commands through the network; and a plurality of network units, the network units including: a second network interface coupled to the network; The second network interface in at least one first network unit of the network unit receives the controller commands from the network and receives at least one first -54-200528979 (12) one from the network units. The content of the network unit is ~ part ~; and a% 2 processor selects the content data shooting case to be received in at least the first network unit of the network units according to the equal control instruction. The fourth one is selectively forwarded to at least one third network unit among the network units. 59. The system of claim 58 in the scope of patent application, wherein: the two network interfaces receive a plurality of parts of a content data file from a group of networks according to the controller instructions; and the first processor is based on The received parts combine a data file for transmission to the user via the user interface. 60. For example, the system of claim 58, wherein: the second network interface of the second network unit receives a part of a content data file from a content server; and the second network unit of the second network unit The processing transfers the portion of the content data file to at least a first network unit of the network units according to the controller instructions. 6 1 · The system according to item 58 of the scope of patent application, wherein the second processor deletes part of the content data according to a predetermined deletion date related to the content data. 62. For example, the system of claim 58 in which the second processor deletes part of the content data when new content data is delivered. 63. For example, if the system of claim 58 is applied for, the second processor deletes some content data when the storage space is still insufficient, and deletes the oldest content data first. -55- 200528979 (13) 6 4. For example, the system of claim 58 of the patent application scope, wherein the second processor deletes part of the content data according to an associated user selection. 6 5.  A gateway unit for regulating access to the network, including: a user interface that receives a request to send data; a network interface that receives a controller command from the network; and a processor, The information is checked and selectively transmitted in accordance with the received controller instructions. 66.  A gateway unit for regulating access to the network, including: a user interface that receives a request to receive data; a network interface that receives a controller command from the network; and a processor, The information is checked and selectively received according to the received controller instructions. . 6 7-A controller node for regulating access to a network, the controller node comprising: a processor that generates controller instructions to cause a plurality of gateway units to selectively pass through the network Transmitting a network access request using inputs, the processor generating the controller commands by at least one of them automatically generating commands and generating commands in response to a user input request; and a network interface transmitting the Wait for the controller to instruct the plurality of gateway units. 6 8. For example, the controller node of the patent application No. 67 includes a processor, and the controller instructions are generated by operator-controlled network crawling. 69.  —A controller node for regulating access to the network, including: a processor that generates controller instructions; and -56- 200528979 (14) a network interface that sends the controller instructions to the network through For a plurality of gateway units, the controller instructions cause at least one gateway unit to deny access to the network servers of the first group. 7 〇. For example, if the controller node of the scope of patent application No. 69 is applied, if at least one gateway unit detects a request to access a blocked network server, the network interface receives the request from the at least one gateway unit. Notice. 7 1. For example, the controller node of the scope of patent application 69, wherein the processor generates an instruction that causes a gateway unit to redirect the user access request to the network server of the second group according to the instructions of the controller. 72 · A system for regulating file access in a network, the system comprising: a controller node coupled to the network, the controller node comprising: a first processor for generating a controller instruction, The instructions include a file identifier; and a first network interface for transmitting the controller instructions through the network; and a plurality of gateway units associated with a user file system, the gateways The unit includes: a second network interface that receives the controller instructions from the network; and a second processor that detects a file corresponding to the file identifier in the user file system. 73. The system according to item 72 of the patent application scope, which comprises a plurality of gateway units operable between an active state and an inactive state. -57-200528979 (15) 7 4. For example, if the system of claim 73 is applied for, the gateway unit notifies a controller node when it enters the active state. 7 5. For example, the system of claim 73, wherein the gateway units include a processor to delete the detected files during the inactive state. 7 6. If the system of claim 72 is applied, if at least one file matching the list of file identifiers is deleted, the plurality of gateway units notify a controller node. 7 7 · —A gateway unit for regulating access to the network, including: a user interface that receives network access requests entered by the user; a network interface 'for transmitting such network storage A request to the network; a casing; and a detector for detecting an attempt by a user who wants to open the casing. 7 8. For example, the gateway unit of the patent application No. 77, wherein the detector informs the controller node of an attempt to open the casing after a subsequent user-activated event. 7 9 · The gateway unit according to item 7 of the patent application scope further includes a storage device and an interlock to prevent the storage device from being stored when the detector detects an attempt to open the casing. take. 8 0.  -A gateway unit for regulating access to the network, including a network interface to provide access to the network; a user interface to receive user-entered network access requests And a processor, after receiving a license from a -58- 200528979 (16) controller node through the network through the network interface, it enters a user-controlled operation mode. 8 1.  A controller node for regulating file access in the network, including a copyright registration and a processor, wherein the processor: receives registration of content data files distributed to a plurality of gateway units; and tracks the Copyright status of content files. 8 2.  -A gateway unit for regulating access to the network, including: a network interface to provide access to the network and to receive controller commands from the network; a user interface For transmitting content between the network and a user; and-a processor for connecting to a predetermined network according to the received controller instructions when the web browser software is started Road platform. 8 3. For example, the gateway unit of the patent application No. 82, wherein the processor selects a predetermined network station from a list of predetermined network stations. 8 4 · The gateway unit according to item 83 of the patent application scope, wherein the processor selects from the list of predetermined network stations according to a weighting function, so that at least a part of the predetermined network stations is more common than others Was selected. 8 5.  -A gateway unit for regulating access to the network, including a network interface that provides access to the network; a user interface that transfers content between the network and a user And a processor 'collects registration information from the user through the user interface and receives initial operating parameters through the network interface. -59- 200528979 (17) 8 6.  -A gateway unit for regulating access to the network, including: a network interface that provides access to the network; a user interface that transfers content between the network and a user; And a processor that collects registration information from the user through the user interface and receives software updates through the network interface. 8 7 · —A gateway unit for regulating access to the network, including: a network interface to receive information from the network; a user interface to receive information from the user; and a processor , Sending an advertisement to a user display via the user interface, wherein the advertisement is customized based on information received through at least one of the network interface and the user interface. 8 8 · —A gateway unit for regulating network access, including: a network interface that provides access to the network and receives pay-per-view advertisements from the network; a user interface , Transmitting content between the network and a user; and a processor 'transmitting the pay-per-view advertisement to a display selectable by the user via the user interface and generating a signature when the advertisement is displayed by the user The amount is credited to the user. 89. If the gateway unit of item 88 of the patent application scope, the processor responds to a user choosing to generate one of the plurality of viewing modes for viewing the pay-per-view advertisement. 9 0.  —A gateway unit for regulating access to the network, including: -60-200528979 (18) a network interface that provides access to the network and receives software from the network; a user An interface for transmitting content between the network and a user; and a processor, via the user interface, executing the software to enable the user to use a fee-based network service, network videophone, and At least one of them. 9 1 · A gateway unit for regulating access to a network, comprising: a network interface providing access to the network; a user interface receiving network access requests from a user And a processor that detects one of the service receiving attacks being received from the user interface and transmitted to the network via the network interface. 9 2. For example, in the case of a plurality of gateway units under the scope of the patent application No. 91, the processor detects a blocking service attack initiated by a virus. 9 3.  —A gateway unit for regulating access to the network, including: a network interface that provides access to the network and receives controller commands; a user interface that connects a user to the network Incoming data and outgoing data are transmitted between interfaces; and a processor 'selectively transmits at least one of the describing incoming data and outgoing data to the law enforcement terminal according to the received controller instructions. 94.  A gateway unit for regulating access to a network includes: -61-200528979 (19) A network interface that provides access to the network and receives controller commands; a user interface in the Transmitting traffic between a network and a user; and a processor that detects an attempt by a user to transmit and receive at least one of voice traffic through the network, the processor based on the received controllers The instruction selectively blocks the detected attempt, and sends an advertisement providing a sound transmission service through the user interface. 95 · —A gateway unit for regulating network access, including: a network interface that provides access to the network and receives controller commands; a user interface that communicates with the network Traffic between users; and a processor that detects at least one of an attempt by a user to transmit and receive at least one of audio and video traffic over the network, the processor receiving The controller instructs to selectively block the detected attempt 'and to send an advertisement providing at least one of audio and video traffic services through the user interface. 96 · —A gateway unit for regulating access to a network, including: a network interface that provides access to the network and receives controller commands; a user interface that communicates with a network Traffic between users; and a processor that detects at least one of audio and video traffic-62-200528979 (20) flowing through the user interface ', the processor is based on the controllers received The instruction selectively reduces the service quality of at least one of the detected audio and video traffic. The degradation of the service quality includes at least one of the following: reducing the duty cycle and inserting TCP / IP messages into audio and video traffic. Insert at least one of them, insert at least one of Nak / Ack for audio and video traffic, and insert at least one of X-Oη / χ-Off for audio and video traffic. 9 7.  —A network unit for regulating access to the network, including: a network interface that provides access to the network and receives controller instructions and network traffic; and a processor that detects through the network Voice traffic, the processor selectively blocks the traffic according to the received controller instructions. 9 8 · —A network unit for regulating access to the network, including: a network interface that provides access to the network and receives controller commands and network traffic; and a processor ' At least one of audio and video traffic on the network, the processor selectively blocks the traffic according to the received controller instructions. 9 9 · A gateway unit for regulating access to a network, comprising: a network interface 'providing access to the network and receiving controller instructions and network traffic; and a processor' detecting audio And at least one of video traffic, the processor selectively reduces the service quality of at least one of the audio and video traffic detected in 200528979 (21) according to the received controller instructions, where The degradation of service quality includes at least one of the following: reducing the duty cycle, inserting TCP / IP messages into at least one of audio and video traffic, inserting Nak / Ack into at least one of audio and video traffic, And insert X-On / X-Off for at least one of audio and video traffic. 1 0 0. A controller node 5 for regulating user access to the network includes: a processor that generates an authentication instruction representing an authenticated user; a network interface that transmits the authentication instruction to a coupling to the network The access node; and wherein the access node is received according to the. The authentication command to 'selectively grants access to users of the network. 1 01.  —A gateway unit for regulating access to the network, including: a network interface that provides access to the network and receives controller commands; a data storage unit that is divided into a network partition and a use A partition; and a processor to selectively transmit data stored in the network partition via the network interface according to the received controller instructions. 1 0 2.  —A network unit for regulating access to the network, including: a user interface that receives a network access request input by a user; a network interface that is coupled to the network and receives data from the network Controller instructions, and -64-200528979 (22) a processor that selectively transmits at least some of the network access requests over the network according to the controller instructions, and via the network The interface transmits the content data of the network access request that should be transmitted through the network, wherein the network unit selectively forwards the content data received from the first related network path unit to at least one according to the controller instructions. The second associated unit. 1 0 3. For example, the network unit under the scope of patent application No. 102, wherein the processor = a part of receiving a content data file from a group of third related network link units according to the instructions of the controllers; The received part combines a data file for transmission to a user via the user interface. 104. For example, the network unit of the scope of patent application No. 102, wherein the processor = receives a part of a content data file from a content server; and transfers the part of the content data file to the first according to the instructions of the controller Related networking unit. 1 0 5.  -A network unit for regulating access to the network, including: a network interface 'provides access to the network and receives controller instructions; and a processor' based on the received controllers Instruction execution prevents service attacks. ~ 65-200528979 (23) 10 6. A method for regulating access to a network, the method comprising: receiving a controller command from a network at a gateway unit associated with a user; receiving the command from a network at the gateway unit One of the users' network access request; selectively transmitting the network access request through the network according to the controller instructions; and receiving the content of the network access request which should be transmitted from the network data. 1〇 7. A method for regulating access to a plurality of content servers, the method comprising: receiving a controller instruction from the network at a network unit associated with a first group of users; and according to the And other controller instructions to selectively prohibit users of the second group from accessing a portion of these content servers. 1 0 8. For example, the method of applying patent scope item 107, wherein prohibiting the access of the users of the second group includes performing a denial of service attack. 1 0 9. -A method for distributing content data through a network, the method comprising: receiving a content distribution instruction from the network; storing a first part of the content data from the network in a first network unit; distributing according to the content Command and respond to a user's request for the rest of the content data, initiate a request through the network;-66- 200528979 (24) Receive the rest of the content data from the network; combine the first part of the content data With the rest of the content data; and supplying the combined content data to the user. 1 1 0. For example, the method for applying scope of patent No. 109 further includes selectively transferring the first part of the content data to a second network unit according to the content distribution instructions. 1 1 1 · A gateway unit for regulating access to a network. The gateway unit includes: a user interface that receives a network access command input by a user; a network interface that is coupled to the Network and receives controller instructions from a controller node in the network; and a processor that selectively transmits at least some of the network access requests through the network according to the controller instructions And the content data in response to the transmitted network access requests through the network transmission through the network interface. 1 1 2.  A network unit associated with users of the first group to regulate access to the network, the network unit comprising: a network interface coupled to the network and receiving data from the first group; A group of users is associated with a controller instruction of a control node; and a processor, according to the controller instructions, prohibits the users of the second group from accessing content on the network. ] 1 3 · —A controller node for regulating access to the network, the controller node includes: -67-200528979 (25) a processor for generating controller instructions; and a network interface for To transmit the controller instructions through the network, the controller instructions being configured to cause a gateway unit associated with the user to selectively transmit at least some networks for input by the user through the network Access request. 1 1 4. For example, the controller node in the scope of patent application item 113 further includes a content server for providing content data in response to network access requests input by these users. 1 1 5.  A controller node for regulating access to the network, the controller node comprising: a processing node for generating controller commands; and a network interface for transmitting the controller commands through the network To a network unit associated with a first group of users, the controller instructions are configured to cause the network units to prohibit a second group of users from accessing content on the network . -68-