초록 ▼

A virtual private internet may include various network components, including an enhanced service domain name server (DNS), an enhanced service router, and an enhanced service gateway, which all access service policy information stored in an enhanced service repository. The network components in the

A virtual private internet may include various network components, including an enhanced service domain name server (DNS), an enhanced service router, and an enhanced service gateway, which all access service policy information stored in an enhanced service repository. The network components in the virtual private internet perform common service processing tasks for routing service requests across firewalls and other network boundaries. The network components also execute other service policies, such as logging, message format translation, and protocol bridging for each service request processed by the network. Updates to services may be implemented in the virtual private internet via changes to service policy information stored in the enhanced service repository.

대표청구항 ▼

1. A system comprising: a centralized service repository configured to store service policy information related to a plurality of service policies, wherein the plurality of service policies include entitlement, routing, workload management, logging, protocol bridging, format translation, filtering,

1. A system comprising: a centralized service repository configured to store service policy information related to a plurality of service policies, wherein the plurality of service policies include entitlement, routing, workload management, logging, protocol bridging, format translation, filtering, and business process management;a plurality of service routers configured to route a plurality of service requests to network components based on the routing policies stored within the centralized service repository, wherein at least one of the routing policies relates to routing the plurality of service requests through at least one firewall that connects a first network with a second network;a plurality of service gateways configured to perform a plurality of service processing tasks related to entitlement, routing, workload management, logging, protocol bridging, format translation, filtering, and business process management by accessing the service policy information stored within the centralized service repository, wherein the plurality of service gateways includes at least one appliance configured to process Extensible Markup Language (XML) files transmitted by the centralized service repository,wherein at least one of the plurality of service gateways is located in the first network and at least another one of the plurality of service gateways is located in the second network,a plurality of service domain name system (DNS) servers configured to dynamically translate service uniform resource locators (URLs) into service addresses by accessing the service policy information stored within the centralized service repository;a plurality of user terminals configured to transmit the plurality of service requests to at least one of the plurality of service routers and the plurality of service DNS servers; anda plurality of service providers configured to provide access to a plurality of privileged resources within the second network. 2. The system of claim 1, wherein the plurality of service requests are chosen from the group consisting of: opening a bank account, registering for a credit card, and applying for a loan. 3. The system of claim 1, wherein the workload management service policies define a number of network components that are needed to respond to at least one of the plurality of service requests. 4. The system of claim 1, wherein the logging service policies define when to measure an amount of time taken to respond to at least one of the plurality of service requests. 5. The system of claim 1, wherein the filtering service policies define when to strip away data that is not needed in a service transaction related to at least one of the plurality of service requests. 6. The system of claim 1, wherein the entitlement service policies define how to authenticate and authorize service requestors to access to the plurality of privileged resources. 7. The system of claim 1, wherein the routing service policies define how to route the plurality of service requests via content-based routing. 8. The system of claim 1, wherein the protocol bridging service policies define how to change data associated with the plurality of service requests from Hypertext Transfer Protocol (HTTP) to XML. 9. The system of claim 1, wherein the format translation service policies define how to edit data related to the plurality of service requests to make the data suitable for use with a given application. 10. The system of claim 1, wherein the business process management service policies define how complicated service requests are divided into sub-requests. 11. A computer-assisted method comprising: receiving a service request associated with a service from a server through a communication module associated with the computer;requesting access to a plurality of service policies related to the service request from a service repository through the communication module, wherein the plurality of service policies relate to entitlement, routing, workload management, logging, protocol bridging, format translation, filtering, and business process management;in response to the request for access to the plurality of service policies, receiving an Extensible Markup Language (XML) file with the plurality service policies;using a processor associated with the computer, analyzing the entitlement service policies in the XML file to determine if the server is authorized for a privileged resource specified in the service request;when the server is authorized for the privileged resource, (i) using the processor and based on the routing service policies, determining when a firewall needs to be traversed to access the privileged resource;(ii) using the processor and based on the routing service policies, when the firewall needs to be traversed, determining a pre-provisioned route to a service provider of the service that minimizes latency;(iii) using the communication module, routing the service request through the pre-provisioned route, wherein the pre-provisioned route includes the firewall and at least one intermediate node, wherein the at least one intermediate node is an appliance;(iv) receiving a response from the service provider through the communication module; and(v) using the communication module, routing the response to the server. 12. The computer-assisted method of claim 11, wherein the filtering service policies define when to strip away data that is not needed in a service transaction related to the service request. 13. The computer-assisted method of claim 12, further comprising: using a style sheet filter stored in a memory of the computer, stripping away confidential information from the service request after analyzing the filtering service policies. 14. The computer-assisted method of claim 11, wherein the protocol bridging service policies define how to change information within the service request from a first protocol used by the server to a second protocol used by the service provider. 15. The computer-assisted method of claim 14, wherein the first protocol is File Transfer Protocol (FTP) and the second protocol is Hypertext Transfer Protocol (HTTP). 16. A non-transitory computer-readable storage medium having computer-executable program instructions stored thereon that when executed by a processor, cause the processor to perform: (a) receiving a first request from a first service gateway located on a first network for a plurality of service policies related to a service, wherein the plurality of service policies are related to entitlement, routing, workload management, logging, protocol bridging, format translation, filtering, and business process management;(b) generating a first Extensible Markup Language (XML) file that includes first information related to the plurality of service policies, wherein the first information is also based on a network utilization level and a time of day in which the first request is made;(c) transmitting the first XML file to the first service gateway;(d) receiving an update to at least one of the plurality of service policies related to the service;(e) storing the updated at least one of the plurality of service policies;(f) receiving a second request from a second service gateway located on a second network for the plurality of service policies related to the service, wherein the first service gateway and the second service gateway are separated by a firewall;(g) generating a second XML file that includes second information related to the updated at least one of the plurality of service policies, wherein the second information is also based on a network utilization level and a time of day in which the second request is made;(h) transmitting the plurality of service policies with the updated at least one of the plurality of service policies to the second service gateway, wherein the plurality of service policies are configured to be enforced at the first service gateway and the second service gateway. 17. The non-transitory computer-readable storage medium of 16, wherein the first service gateway comprises an appliance. 18. The non-transitory computer-readable storage medium of 16, wherein the firewall separates a first and a second business unit within a bank. 19. The non-transitory computer-readable storage medium of 18, wherein the first business unit is a home mortgage loan department and the second business unit is a credit card department of the bank. 20. The non-transitory computer-readable storage medium of claim 19, wherein the service is related to access of home mortgage loan information for a service requestor within the credit card department.