WO2007033581A1

WO2007033581A1 - System and method for dynamically generating a user-centric portal

Info

Publication number: WO2007033581A1
Application number: PCT/CN2006/002428
Authority: WO
Inventors: Honming Dennis Kwok
Original assignee: Honming Dennis Kwok
Priority date: 2005-09-20
Filing date: 2006-09-18
Publication date: 2007-03-29
Also published as: CA2520258A1; TW200816012A; CA2520258C

Abstract

The present invention relates to a system and method for dynamically generating a user-centric portal in a hieratically distributed and layered network. The layered network structure is physically, virtually, or both physically and virtually constructed for grouping or categorizing users within the network and for providing high level of privacy and security without sacrificing accessibility, availability, and flexibility of the user-centric portal.

Description

SYSTEM AND METHOD FOR DYNAMICALLY GENERATING A USER- CENTRIC PORTAL

FIELD OF THE INVENTION

The present invention relates to a system and method for dynamically generating a user-centric portal in a hieratically layered network of distributed stake master servers.

BACKGROUND OF THE INVENTION

The Internet has expanded its horizon and has been making vast amount of information available to its users. As the result, the Internet becomes a disorganized database of various information with a lack of disciplinary and comprehensive indexes or directory of metadata to differentiate or categorize information. The Internet users have been struggling with the massive amount of information due to the lack of effective tools to discriminate or segregate "useful" information for the users from others. Development and deployment of portals are one way to address such issues by grouping information with particular interests or categories. There are a number of portal sites that are available and popular among Internet users, such as YAHOO!^®, MSN^®, Google^® and a few other major portals. These websites also provide features for its users to create and personalize their own portal based on their personal preferences or profile information. However, as the numbers of users for these websites grew drastically over the last few years, Internet traffic concentrations to these popular portals have been seriously degrading its services to the users. The system structures or models that these portal sites adapted have further accelerated the traffic concentration. There have been a number of solutions introduced or deployed to address such issues; however, scalability without sacrificing capability to personalize and customize portals by the users has always been an issue for the portal providers. It also makes the system difficult to scale its capacity, and to provide a flexibly customizable portal to its users.

Another issue with centralized portal sites or solution is that, for regional Internet service providers or regional commercial / business operations, there is no efficient and effective ways to integrate their commercial interests or stakes with these popular portals. Quite often, they would need to spend extra amount of money to obtain a global presence in these portals, even though, what they really need is a regional presence in these portals, thus quite often, they need to develop their own portal to attract the regional users.

These popular portals failed to provide a method to integrate with a user's home network. As the number of home network deployment increases, there is an increasing demand on easy accessibility to the home network through the portal; however, these portal sites do not provide such flexibility.

The other issue with these popular web portals relates to its security and protection of its users' personal information, due to the fact that these portals are open to the greater general public. The centralized system structures and weak authentication mechanism even worsen its vulnerability.

Due to various needs and diverse interests of users, each portal has attracted different users with different interests. Due to this diversity, each user is required to access different web sites / portals accordingly. Quite often, accesses to these portals are not interoperable or common, thus independent authentication is required for each portal site. As the result, the users have to memorize as many passwords and usernames as the number of web sites or web services that the users need to access.

It would be desirable to provide a system and method for dynamically generating a user-centric portal in a hieratically layered and distributed network, comprising a gate master, local master and home master servers at each serving layer addressing aforementioned problems of existing portals.

SUMMARY OF THE INVENTION

The present invention relates to a system and method for dynamically, generating a user-centric portal in a hieratically layered and distributed network. The layered network structure is physically, virtually, or both physically and virtually constructed for grouping or categorizing users within the network and for providing high level of privacy and security without sacrificing accessibility, availability, and flexibility of the user-centric portal. According to one aspect of the invention, it provides a system for dynamically generating a user-centric portal in a hieratically layered and distributed network, comprising: a network access server, aggregating a plurality of first stake master servers; each of the plurality of the first stake master servers aggregating a plurality of second stake master servers establishing first communication links therewith; each of the plurality of the second stake master servers aggregating a plurality of third stake master servers establishing second communication network links therewith; each of the plurality of the third stake master servers aggregating a plurality of home devices for forming home networks; wherein the first, the second, and the third stake master servers are servers of web services, comprising user management system, service integration engine, resource organizer, network management system and database; and wherein one of the first, the second and the third stake master servers first receives a request for the user-centric portal for a user directly or through said network access server from a browser with a user identification and password, the request is redirected to a corresponding one of the first, the second and the third stake master servers based on profile of the user stored in said database of the stake master server first received the request, the user management system of the corresponding server authenticating said user based on the profile of the user stored in the database of the corresponding stake master server, and the corresponding stake master server dynamically generates the user-centric portal by integrating services from associated ones of the first, the second and the third stake master servers based on the profile of the user and profiles of stakeholders associated with the user.

According to another aspect of the invention, it provides a method for dynamically generating a user-centric portal in a hieratically layered and distributed network, comprising the steps of: (i) receiving a request for the user-centric portal at one of first stake master servers, second stake master servers and third stake master servers from a user through a browser with user identification and password; wherein the first, second and third stake master servers are servers of web services; wherein the first stake master servers are aggregated by the network access server; wherein each of the first stake master servers aggregating a plurality of the second stake master servers establishing first communication network links therewith; wherein each of the plurality of the second stake master servers aggregating a plurality of the third stake master servers establishing second communication network links therewith; and wherein each of the plurality of third stake master servers aggregating a plurality of home devices; (ii) redirecting the request to a corresponding one of the first stake master servers, second stake master servers and the third stake master servers depending on the profile of the user stored in a database at the stake master server that received the request;(iii) authenticating the user at the corresponding stake master server; (iv) generating the user-centric portal on the corresponding stake master server based on the profile of the user integrating services from associated ones of the first, the second, and the third stake master servers; and (v) transmitting the user-centric portal to the browser in response to the request by the user.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will now be described in more detail with reference to the accompanying drawings, in which:

Figure 1 illustrates a tree structure of a hierarchically layered network of distributed stake master servers in a preferred embodiment of the present invention;

Figure 2 illustrates a stake master monomer of the preferred embodiment of the present invention;

Figure 3 illustrates a stakeholder-oriented architecture of the preferred embodiment of the present invention;

Figure 4 illustrates a gate service layer of gate stakeholder of the preferred embodiment of the present invention; Figure 5 illustrates a local service layer of local stakeholder of the preferred embodiment of the present invention;

Figure 6 illustrates a home service layer of home stakeholder of the preferred embodiment of the present invention; Figure 7 illustrates an overall system component schematic diagram of the preferred embodiment of the present invention;

Figure 8 illustrates a structure of the database of the preferred embodiment of the present invention; Figure 9 illustrates a block diagram of an access control of the user management system in the preferred embodiment of the present invention;

Figure 10 illustrates a block diagram of a data sharing mechanism over P2P file sharings in the preferred embodiment of the present invention;

Figure 11 illustrates a block diagram for a peer-to-peer (or P2P) distribution of system mirror image in the preferred embodiment of the present invention;

Figure 12 illustrates a frame structure of a service bus interface for integrating resource access of the preferred embodiment of the present invention;

Figure 13 illustrates a conceptual view of generation of customized service bus interface for each stakeholder in the preferred embodiment of the present invention;

Figure 14 illustrates an intuitive layout of gate page for smooth data access and exchange in the preferred embodiment of the present invention;

Figure 15 illustrates a common area of the navigation page for home control and transaction processing frame in the preferred embodiment of the present invention; Figure 16 illustrates a conceptual view of service categories of resources based on interest of a targeted home user in the preferred embodiment of the present invention;

Figure 17 illustrates a block diagram for compilation of service repository process by data extraction and data transformation in the preferred embodiment of the present invention;

Figure 18-a illustrates a block diagram identifying features utilized for updating of gate service bus interface and local service bus interface through a staging server in the gate service layer in the preferred embodiment of the present invention; and Figure 18-b illustrates a block diagram identifying features utilized for updating of home service bus interface in the preferred embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

A system and method for dynamically generating a user-centric portal in a hieratically layered and distributed network is disclosed.

Figure 1 illustrates a tree structure of a hierarchically layered network of distributed stake master servers in a preferred embodiment of the present invention. The stake master server is a server of web services controlled by a stakeholder, comprising a user management system, service integration engine, resource organizer, network management system and database. The stakeholder is a person or a legal entity that has interests or stakes in the system 5, such as local or regional service providers, e-business providers, local or regional content providers, etc. An Internet service provider constructs its system 5 comprising a network access server (or NAS) 8, aggregating a plurality of first stake master servers, or gate masters 11 for forming a gate service layer 10.

Under the gate service layer 10, the system 5 comprises a local service layer 20. Each of the gate masters 11 aggregates a plurality of second stake master servers, or local masters 21 in the local service layer 20. From the user's perspective, each of the local masters 21 is segregated from other local masters 21, physically, logically or both physically and logically, and establishes a distinct communication network link 15 with the gate master 11 that this local master 21 belongs to. In the preferred embodiment of the present invention, the communication network link 15 between the gate master 11 and the local master 21 is established over a virtual private network. A plurality of third stake master servers, or home masters 31, are situated or aggregated under each of the local masters 21, forming a home master layer 30. In the similar way, from the user's perspective, each of home masters 31 is segregated physically, logically or both physically and logically from other home masters 31 and establishes a distinct communication link 25 with the local master 21 to which this home master 31 belongs. In the preferred embodiment of the present invention, the communication network link 25 between the local master 21 and the home master 31 is established over a virtual local area network.

Each of home masters 31 aggregates a plurality of home devices 32, segregating the home devices 32 physically, logically or both physically and logically from the home devices 32 under the other home masters 31. As the result of this layered and physically, virtually, or virtually and physically segregated network structure, the system 5 provides a very secure and protected network environment to its users for accessing the home network 34 (not shown). In the system 5, the gate masters 11 and local masters 21 have fixed IP addresses; whereas the home masters 31 and home devices 32 may have dynamically assigned IP addresses.

It is to be noted that the communication network link 15 may be dynamically established as required. In the similar way, the communication network link 25 may also be dynamically established as required.

It is also to be noted that each layer provides necessary functionality to the network. The layers do not need to be implemented as distinct physical entities, but can be implemented in routers or switches, represented by a physical media, or combined in a single box. A hybrid hierarchical network may contain redundant routers and switches to meet policy requirements at each serving layer.

There may be required to have more than three layers, due to some complexities in business and/or regional service requirements. The present invention may allow having additional sub-layers, especially in the local service layer 20 as required. On the other hand, the present invention may also allow omitting a particular layer (likely, local service layer 20) if the business or/and regional service requirements are simple enough to do so. However, in either case, the network hierarchy shall be maintained.

Figure 2 illustrates a stake master monomer 40 of the preferred embodiment of the present invention. The stake master monomer 40 is a fundamental and common platform pattern, can be configured for a specific role and / or modified to provide a specific functions and features, such as gate master 11 (not shown), local master 21 (not shown) and home master 31 (not shown). The stake master monomer 40 comprises five fundamental features, namely a user management system 41, service integration 42, resource organizer 43, network management 44 and database 45. The user management system 41 includes administering a multiple level user authentication and authorization, and user profile management. The service integration 42 is an integration engine for integrating various application and services from the same service layer to the user. The resource organizer 43 is a resource and content management engine to organize resources and contents available on the system 5, enabling the system 5 to grow in its size and depth. The resource organizer 43 also includes a web server feature. The network management 44 is for managing a segregated portion of network under the stake master server, including managing a virtual private network / virtual local area network, a dynamic host control protocol (or DHCP) server, a domain name server (or DNS), a dynamic domain name server (or DDNS) server, etc. The database 45 manages all the data required for aforementioned subsystems of stake master monomer 40, including user profiles, stake holders' profiles, system profiles, stakeholder proprietary information, etc.

The user management system 41 administers and provides multiple levels of user authentication mechanism, such as those provided by a RADIUS^® server or

Shibboleth (an authentication and authorization middleware developed by Internet 2) using credentials such as password, encryption, biometric or digital signature, etc, to grant access to users to various servicing layers of the network.

Unlike those existing popular portals, in the preferred embodiment of the present invention, a stakeholder generates a user name and initial password, and initial user profile information, including, but not limited to, user credential, attributes and electronic certificates, for each of the users for registration. The registered user information is stored at the database 45 of stake master monomer 40 of a corresponding serving layer level. At each stake master server, there is an administrator who has the privilege to add, delete, and update the user information in the database 45. In the preferred embodiment of the present invention, the stakeholder identifies all users under its user group by legal identity credentials, such as passports, identity cards, or driver licenses. The stakeholder must verify these credentials. This is a design criteria of the stakeholder-oriented architecture that provide trust to service providers who can be assured that users who are endorsed by the stakeholders are real and having certain credible customer profile.

Since the stakeholder would have reliable information and identity of its groups of users, the stakeholder would carry out mass registration of services to the groups of the users through the user management system 41. For the local service layer 20 (not shown), the group registration can be done at each local master 21, where the user account may be created, and the registration information can be uploaded to the user management system 41 of the gate master 11 for authentication and authorization. Registered user profiles can also be uploaded to or mirrored by the gate master 11, and can be analyzed and summarized. The stake mater server may generate the statistical profiles of users by monitoring and capturing tendencies or traits of interests and / or behaviors of the users. The registered and statistical user profiles of an individual user will be retained with the respective local master 21 for privacy protection. The statistical user profiles collected by various stake master servers and the registered user profiles can be used to provide targeted and effective marketing services to users, such as pull and push marketing of services.

For pull marketing (or user-centric marketing), users will be able to select services from targeted services provided by different stakeholders and service providers through a list of master services generated at the gate master 11, local master 21 or home master 31. The list of master services is based on the participating stakeholders' profiles in the stakeholder proprietary data 69 (not shown) of the database 45, which is managed by the corresponding stake master server. The targeted services are dynamically generated by different stakeholders based on the statistical user profiles. For users who consent with push marketing, targeted (or relevant to user's traits in interest) promotional materials can be selected based on the statistical and registered user profiles (automatically by the gate master 11, local master 21 or home master 31). These marketing materials are sent to the users accordingly via personal information management means such as e-mail, Short Message Service (or SMS), notices, etc.

Figure 3 illustrates a stakeholder-oriented architecture of the preferred embodiment of the present invention. The gate master 11 forms a gate network 14 at the gate service layer 10 with other gate masters 11 in the system 5. The gate service layer 10 may be the high-speed backbone of the network, which is crucial to enable fast inter-trunk access or communication to other gate masters 11. The communication among the gate masters 11 may take place over Hyper Text Transport Protocol (or HTTP) and/or Hyper Text Transport Protocol over Secure Socket Layer (Or HTTPS) for integrating services by the service integration 42 (not shown) and organizing resources by the resource organizer 43 (not shown) at the level of the gate service layer 10. Each gate master 11 in the gate service layer 10 provides an entry point to the different layers of stake master servers for network support and management. The gate master 11 also integrates services provided by gateway service providers through the gate service layer 10.

The local master 21 forms a communication network (or local network 24) at the local service layer 20 with other local masters 21 in the system 5, integrating stakeholder services. The communication among the local masters 21 may take place over Simple Object Access Protocol (or SOAP), Extensible Markup Language (or XML) / Extensible Stylesheet Language Transformation (or XSLT) and/or Web Service Description Language (or WSDL) as a part of service integration 42 and resource organizer 43 at the level of local service layer 20. The distinct communication network link 15 may be established between the gate master 11 and the local master 21 for vertical service integration, facilitating the gate master 11 and / or the local master 21 for integrating services available through the gate master 11 and through the local master 21.

The home master 31 establishes a home network 34 with the home devices 32 in the system 5, integrating personal information at home service layer 30. The communication between home master 31 and home devices 32 may take place over IEEE 802.11, Bluetooth, and/or IEEE 1394 as a part of service integration 42 and resource organizer 43 at the level of home service layer 30. The distinct network communication link may be established between the local master 21 and the home master 31 for vertical service integration, facilitating the local master 21 and the home master 31 for integrating services available via the local master 21 and through the home master 31.

Figure 4 illustrates an example of a gate service layer 10 of gate stakeholder of the preferred embodiment of the present invention. In this example, one of gate masters 11 is connected through the network from the network access server 8. The gate master 11 is also connected through gate network 14 to other gate masters 11. Those gate masters 11 may additionally provide services, such as a mail server, weather forecast service server, hardware supplier, software supplier, multimedia content provider, voice over IP gatekeeper, and / or bulletin board server. The gate network 14 facilitates the gate masters 11 for horizontal service integration, enabling each of the gate masters 11 to integrate services available through other gate masters 11 in the gate network 14.

Figure 5 illustrates an example of a local service layer 20 of local stakeholder of the preferred embodiment of the present invention. In this example, a local master 21 is connected to a local network 24 comprising other local masters 21 providing various services, such as stakeholder enterprise services including enterprise resource management (ERM), client relation management (CRM) and public relation, services from local service provider including e-commerce, stakeholder local services including notices and opinion polls, and accountings. These services are integrated and made available through the local master 21. In other word, the local network 24 facilitates the local masters 21 to integrate services horizontally, enabling each of the local masters 21 to integrate services available through other local masters 21 in the local network 24.

Figure 6 illustrates an example of a home service layer 30 of home stakeholder of the preferred embodiment of the present invention. In this example, the home master 31 is connected to a home service network 34 for personal information management. The home service network 34 comprises various home devices 32, including personal computers or computing devices, communal aerial broadcast distribution (CABD) system, home network appliances and audio visual (A/V) equipments, and private automatic branch exchanges (PABX). The home master 31 provides means for integrating service (service integration 42 (not shown)) and for organizing the service resources (resource organizer 43 (not shown)).

Figure 7 illustrates an overall system component schematic diagram of the preferred embodiment of the present invention. A client browser 1 is accessing the system 5 through the gate master 11. A firewall 6 provides a first line of security over the system 5. The gate master 11 comprises an access control 102 as the user management system 41 (not shown), web server 103, peer-to-peer (P2P) file sharing 104 and service bus interface generation engine 101 as service integration 42 (not shown) and resource organization 43(not shown), database 100 as the database 45 (not shown), and, DHCP server 105 and DNS 106 as the network management 44 (not shown). Gate network 14 is connected through the gate master 11. The service bus interface 80 (not shown) is a unified graphical user interface or portal dynamically generated by a stake master server, i.e. the gate master 11, local master 21 or home master 31. The service bus interface 80 is segregated into multiple service areas, with each administered by a stakeholder. Each stakeholder could customize the contents on the designated service area to provide access to data that are user-centric to the users. The customized contents are stored in each stake master server and can be changed or updated by the respective stakeholder.

A local master 21 is connected to the gate master 11 over a communication network link 15, i.e. virtual private network for segregating it from other local masters 21. The local master 21 comprises database 200, service bus interface generation engine 201, access control 202, web server 203, P2P file sharing 204 and DHCP server 205. Local network 24 may be accessed through the local master 21. When the user is accessing services at the local service layer through the browser 1 outside the system 5, the service request may be redirected from the gate master 11 to the local master 21, so that the local master 21 would be hosting the user, and be generating the service bus interface 210. Note that the local master 21 works as a gateway for accessing to the home master 31 below in the system 5.

A home master 31 is connected with the local master 21 over another communication network link 25, i.e. virtual local area network for segregating it from other home masters 31. The home master 31 comprises a network address translator (or NAT) 7, database 300, service bus interface generation engine 301, access control 302, web server 303, P2P file sharing 304, and DHCP server 305. Home network 34 may be accessed through the home master 31, where the home master 31 works as a gateway to the home network 24. Optionally, the home master 31 and the home devices 32 support Universal Plug & Play (or UPnP) feature to ensure end-to-end communication from a home device 32 connected there under. It is further optional that the home master 31 may support device control protocol for implementing UPnP.

Each user who wants to gain an access to a hierarchical layer is authenticated by the stake master server of the layer. For example, assuming if the user is accessing the system 5 from outside through the user browser 1, the user browser 1, first, establishes a VPN (or SSL) connection via NAS 8 (not shown) with the gate master 11. The user, then, submits his or her username and password through the gate page 400 of the service bus interface 110 (not shown) generated by the service bus generation engine 101 of the gate master 11. Based on the authentication by the access control 102 and user attributes 61 in the database 100 at the gate master 11, the gate master 11 identifies a corresponding stake master server to which the user belongs. If the user is registered with the gate master 11 and does not belongs to any local master 21 or home master 31, the service bus interface generation engine 101 of the gate master 11 will generate the gate navigation page 401G (not shown) of the service bus interface 110. The gate navigation page 40 IG of the service bus interface 110 would provide access to web contents provided by the gate service layer 10 through the gate master 11. If the user belongs to a local master 21, the request is redirected to the corresponding local master 21. The local master 21 would look up the corresponding user attributes 61 in the database 200 at the local master 21 to determine whether the request comes from a registered user at the local master 21, who does not have a home master 31. If affirmative, and once the access control 202 of the local master 21 authenticates the user, the service bus interface generation engine 201 of the local master 21 would generate the local navigation page 401L (not shown) of the service bus interface 210 (not shown) of the local master 21. If the user has registered with a home master 31, then the request is further redirected to the corresponding home server 31. The dynamically assigned IP address of the home master 31 has to be resolved by the dynamic domain name server 206 of the local master 21, since DHCP server 205 of the local mater 21 dynamically assigns IP addresses to the home masters 31. The access control 302 of the home master 31 would then authenticate the user and its service bus interface generation engine 301 generates the home navigation page 401H (not shown) of the service bus interface 310 (not shown).

Alternatively, the user's request may be forwarded with his/her username and password to an appropriate corresponding stake master server. Then, the user browser 1 may be redirected to the hosting stake master server accordingly with user attribute directory 61 of the corresponding database 100, 200 or 300 at the corresponding stake master server, namely the gate master 11, local master 21 or home master 31.

Figure 8 illustrates a structure of the database 45 of the preferred embodiment of the present invention. Note that the database 45 is the fundamental design template or pattern for all the databases at all the stake master servers. Namely, the database 100 for the gate master 11, database 200 for the local master 21 and the database 300 for the home master 31 are structured and organized in the same way as the database 45. The database 45 comprises a plurality of fields for storing the information related to user management system 41, service integration 42, resource organizer 43 and network management 44. The database 45 maintains user credentials 60, user attributes directory 61 and E-certificate Register 62 for user management system 41.

User credentials 60 includes, but not limited to, the information for validating credential of the user, such as user identification, gender, first name and last name of the user, e-mail address, home phone number, mobile phone number, mailing address, user name, password, user authorization level, user home master hostname, etc. These information are validated by the stakeholder based on the user's proof of identity, including, but not limited to, passport, identification card, drivers license, or likewise. It may also maintain user signature in digital or hand- written format for authentication and validation of the user. Optionally, the user credentials 60 may maintains time of creation for keeping track of when the entry for the user is created, and time of modification for keeping track of when the entry for the user is modified last. User attribute directory 61 includes information regarding which group the user belongs to, what services the user subscribes, which interest group the user belongs to, etc, for service providers to decide whether to provide or to grant access to particular resources in the system 5. User attribute directory 61 may optionally be updated automatically by the user management system 41 by monitoring the user's traits or behaviors through the browser 1. Surveyed information may be used for refining the marketing strategy for a stakeholder, improving the service by a service provider, etc.

E-certificate register 62 maintains and keeps track of E-certificate for each user of the system 5. This is used for validating and certificating the identity of the user upon request for providing another level of security to the user community in the system 5. E-certificate may be used as in a Public Key Infrastructure with a

Certificate Authority.

System configuration 63 maintains system preference, configuration parameters and other data for deciding the role and operational behavior of the stake master server.

System mirror image 64 comprises a plurality of partitions or compartments for storing plurality of system mirror images, including system related data such as system configuration 63 and stakeholder proprietary data 69, for managing and maintaining various versions of system images.

For the service integration 42, the database 45 maintains application programs 65, resource directory 66, service repository 67, application portlets 68, stakeholder proprietary data 69, data warehouse 70 and template 71.

Application programs 65 store a collection of service task-oriented programs for providing controller functions to collate data and various services available at the serving layer of the system 5. The application programs 65 also include a library of subprograms, such as a collection of Java servlets. Each server application program, if required, would initiate communication with the other masters on the same layer to carry out information exchanges and request certain tasks at the other masters. Depending on the serving level, data exchange may be carried out through P2P file sharing 104, 204 or 304.

Resource directory 66 is a collection of Uniform Resource Identifiers (or URIs) of service providers that are collected by the gate master 11 or/and the local master 21. The resources (such as URI) are grouped under sequential layers by services, categories, and types. These resources are accessible from the service bus interface 80 and can be selected by users to form a customized listing of portal resources for access by the users. Each stakeholder can also add or delete resources from his/her own service repository. These resources can be generated dynamically and integrated by the gate master 11, local master 21 and/or home master 31.

Service repository 67 is a library collection of services that have been agreed and provided through the gate master 11 and the local master 21 to the users. These services are organized and identified by corresponding metadata, which include descriptions of the services, vendors, cities where services are available, language support, service coverage area, uniform resource identifier, etc. The services are accessible by the user. The user may select a set of particular services by editing or personalizing his or her service bus interface 80. Each of the services is identified by a uniform resource identifier (or URI), which may be linked to a series of application portlets for the service bus interface 80. The service repository 67 integrates services resides at a particular stakeholder service layer. Application portlets 68 is a collection of portlets defining portions or sub- frames of portal displayable page, or service bus interface that may dynamically be generated, and may work in conjunction with application programs 65, stakeholder proprietary data 69, data warehouse 70 and template 71. The size of portlet would vary depending on the size of the display with the browser 1 by automatically detecting or by specifying the display size required.

Stakeholder proprietary data 69 includes stakeholder profiles and preferences, stakeholder marketing data, statistical data, policies, rules and agreements governing data transfer among the system 5. The policies may include data sharing policy, security policy, user policy, attributes acceptance policy, and attribute sharing policy that each stakeholder would use to set rules that would dictate the methodology and extent of data exchange within the portal system. In the preferred embodiment of the present invention, these policies may be implemented within the operation of an authentication and authorization infrastructure in the similar ways as Shibboleth™ manages. The stakeholder proprietary data 69 is private to the stakeholder, especially stakeholder profiles and preferences, stakeholder marketing data, and statistical data that can be used for generating service bus interface 80. It is noted that the stakeholder proprietary data 69 would not be shared with other stakeholders.

Data warehouse 70 stores multimedia files in various formats, transformed data to accommodate particular requirements for the browser 1 or home devices 32

(i.e. display size, available throughput or bandwidth, available decoding scheme, etc), and/or data extracted by data mining feature via P2P file sharings 104, 204 and 304.

These data are presented to the user through the service bus interface 80, and may be tagged and formatted in Extensible Markup Language (or XML) for better presentation manipulations by a stake master or browser 1.

Templates 71 include shells, containers, forms and templates of displayable pages for generating service interface bus dynamically. Service Bus Interface

Generation Engine 101, 201 or 301, depending on the serving layer, uses and renders templates and frames by integrating it with application programs 65 and / or application portlets 68 accordingly to the user profile / stakeholder profiles.

Figure 9 illustrates a block diagram of an access control 50 of the user management system 41 in the preferred embodiment of the present invention. The access control 50 comprises three fundamental features, namely authentication 51, authorization 52 and registration 53.

Authentication 51 authenticates the user based on supplied user identification and password for verifying whether the user has a proper level of privilege for accessing the requested stake master server and its serving layer based on the information stored in the user credentials 60 (not shown).

Authorization 52 authorizes the user privilege for accessing a set of server applications, services, data and other servers in its serving layer based on the information in user attribute directory 61 (not shown) of the database 45 (not shown). Registration 53 is for an administrator or stakeholder of a serving layer to register user to the serving layer, user group, and level of privilege or authorization to the serving layer. The registered information, including but not limited to user credentials, user attributes and electronic certificates provided by the users, will be stored in user credentials 60, user attributes directory 61 and E-certificate register 63 (not shown). The registration information shall be propagated and shared (or synchronized) with other stake master servers through P2P file sharings 104 (not shown), 204 (not shown) and 304 (not shown) based on servicing policy mutually agreed among stakeholders within the system.

Figure 10 illustrates a block diagram of a data sharing mechanism over P2P file sharings 104, 204 and 304 in the preferred embodiment of the present invention.

The gate master 11, local master 21 and home master 31 share data over the communication network through P2P file sharing 104, 204 and 304. Data mining and data extracting feature may be realized in conjunction with P2P file sharing 104, 204 and 304 at the stake master servers, namely gate master 11, local master 21 and home master 31, respectively, so that any information in databases 100, 200 and 300 can be shared among the stake master servers. It is noted that, in the preferred embodiment of the present invention, with VPN connection (or the communication network link 15) between the gate master 11 and local master 21, and VLAN connection (or communication network link 25) between the local master 21 and home master 31, the gate master 11, the local master 21 and home master 31 are under one virtually private network domain that enables the stake master servers to share data freely. The service bus interface generation engine 101, 201 and 301 may use the similar scheme for accessing the local database or remote database over P2P file sharings 104, 204 and 304.

For example, the data sharing mechanism shown in Figure 10 can be used for propagating the user registration information from one stake master server to the other masters. User registration by an administrator at the gate master 11, the registration shall be done through the access control 102 (not shown) from the administrator's browser 1 (not shown). Once authentication and authorization of the administrator are confirmed through access control 102, the administrator enters the user's registration information through the browser 1, including the user credentials 60 (not shown), user attributes directory 61(not shown) and E-certificate register 62 (not shown). In similar manner, an administrator at the local master 21 does user registration through the local master 21. Moreover, an administrator at the home master 31 does the user registration through the home master 31. Once the user registration to its own master is completed, the registration information will be shared to the other masters. For example, once the registration is completed at the gate master 11, the user registration information is propagated through from P2P file sharing 104 to P2P file sharing 204 and P2P file sharing 304 of the local master 21 and the home master 31, respectively. Once the local master 21 and the home master 31 receive the registration information, it updates corresponding user credential 60, user attributes directory 61 and E-certificate 62 of the databases 200 and 300. Optionally, this propagation or synchronization of user registration information may take place to only stake master servers associated with the user, i.e. the gate master 11, the local master 21 and home master 31 to which the user belongs. The propagation of user registration information enables each stake master server to redirect user's request to appropriate stake master server, when the user accesses at a different stake master server.

Figure 11 illustrates a block diagram for a P2P distribution of system mirror image 64 in the preferred embodiment of the present invention. One of local masters 21-1 initiates a communication with the gate master 11 for checking whether new system mirror image is available. The same can be initiated by a home master 31. Once the local master 21-1 detects a newer system mirror image at the gate server 11, the local master 21-1 initiates to download the latest version of the system mirror image and receives the addresses of the other local masters that would share the latest updating file from the gate master 11.

The gate master 11 starts to transfer some parts of the system mirror image to the local master 21-1 and provides the local master 21-1 with a list of other local masters, namely 21-2 and 21-3, that the local master 21-1 would need to distribute the system mirror image to. Note that the local master 21 has the database 200 partitioned in a plurality of sections for storing the system mirror images. The local master 21 stores the new system mirror image in a different partition than the one storing the currently used system mirror image. The local master 21-1 starts transferring the same parts of the system mirror image that it just received from gate master 11 to the other local masters 21-2 and 21-3. Likewise, the local masters 21-2 and 21-3 store the new system mirror image in the different partition from the one storing the currently used system mirror image. Upon completion of the file sharing, the local masters 21-1, 21-2 and 21-3 switch to operate the system from the newly stored system mirror image.Figure 12 illustrates a frame structure of a service bus interface 80 for integrating resource access of the preferred embodiment of the present invention. The service bus interface 80 consists of a plurality of segregated fixed areas or frames, namely frame 1 81, frame 2 82, frame 3 83, frame 4 84, frame 5 85, frame 6 86, frame 7 87, frame 8 88, and frame 9 89, predefined for integration of applications and various services provided by the stakeholders associated to the user. In other words, these applications and services are provided through the associated ones of the gate masters 11, the local masters 21 and home masters 31 which are associated with the user based on the user profile and stakeholder profile. Each frame has a standardized display size to accommodate a frame-page. Each frame area can be further subdivided into smaller frame areas as required. In other words, each frame may comprise a plurality of sub-frames. Each of the sub-frames bears a corresponding uniform resource identifier (URI). URI includes user selected URI or/and stakeholder selected URI. The user selecting one of sub-frames in one of frames would cause the frame that contains selected sub-frame to be refreshed and to bear a new set of sub-frames. Each frame has a corresponding portlet from application portlets 68 (not shown) for dynamically generating content for the frame, and may utilize information from data warehouse 70, templates 71 and application programs 65. The portlet may exchange specific data within the network for displaying appropriate information. The service bus interface 80, concerted with these multi frames, may activate a certain service synchronously or asynchronously through icons to accomplish the stakeholder-servicing goal.

The service bus interface 80 provides a coherent multi-frame navigation to web services from a list of filtered or selected web sites, and would fit into the full screen of a display on a computing device, such as computer monitor through the browser 1. Navigational clicks, in general, will not be more than three clicks away from functional or application services. In other words, the user will be navigated to a particular web service by selecting no more than three URIs (such as hyper links) or frames provided through the service bus interface 80. Each frame of the service bus interface 80 is individually refreshed during the navigational process, i.e. only smaller frames may be refreshed to provide an interactive follow-me type of further navigation. This method would reduce refreshing time and amount of traffic on the network comparing it with full-page refresh, and would provide a stable and faster navigation environment. Since each frame of the service bus interface 80 is individually processed, it can handle multiple web service requests at the same time. For example, one of the frames may display a streaming video while the user is browsing through other URLs on the other frame.

Figure 13 illustrates a conceptual view of generation of customized service bus interfaces 110, 210 and 310 for each stakeholder level in the preferred embodiment of the present invention. Each of the service bus interfaces 110, 210 and 310 comprises a plurality of displayable pages. At the gate level 120, while the gate master 11 (not shown) is hosting the user browser 1 (not shown), the service bus interface generation engine 101 (not shown) of the gate master 11 (not shown) generates a service bus interface 110, which comprises a gate page 400, a gate navigation page 401G and a framed header and footer page 402G.

At the local level 220, the service bus interface generation engine 201 (not shown) of the local master 21 (not shown) generates a service bus interface 210, which comprises the gate page 400 forwarded by the gate master 11, a local navigation page 401L and a framed header and footer page 402L. The local navigation page 401L has a frame area that is dynamically generated by the service bus interface generation engine 201 of the local master 21 for providing accesses to integrated local services. During the integration, resources of the service repository 67 (not shown) stored at the local master 21 provided by the stakeholders at local service layer 20 are supplemented by the resources of the service repository 67 (not shown) stored at the local master 21 of the stakeholders at the gate service layer 20. Supplemental data may be transferred through from P2P file sharing 104 to P2P file sharing 204. The framed header and footer page 402L comprises a header frame with a plurality of icons for returning to the navigation page 401L and a plurality of icons to pursue different categories of services as listed in the navigation page 401L. The framed header and footer page 402L further comprises a footer frame, which consists of a plurality of icons of home links 533 and home control categories 534. The body of the header and footer page 402L bears the same function as the share service frame 532 but has a much bigger area for displaying various interactive services provided by all stakeholders.

Similarly, at the home level 320, the service bus interface generation engine 301 (not shown) of the home master 31 (not shown) would generate a service bus interface 310 that comprises the gate page 400 forwarded by the gate master 11, a home navigation page 401H and a framed header and footer page 402H. The home navigation page 401H of the service bus interface 310 by home master 31 has a specific areas, namely home links 533 (not shown) and home control categories 534 (not shown) that are customized by the home stakeholder, and generated by the service bus interface generation engine 301 of the home master 31. The service repository 67 (not shown) stored at the home master 31 can be edited and customized by the home stakeholder or home users by editing and / or selecting the services from the service repository 67 (not shown) at the gate master 11. The resources selected from the service repository 67 of the gate master 11 may be listed as home links 533, and categorized under one of the local service categories 531 (not shown).

Figure 14 illustrates an intuitive layout of gate page 400 for smooth data access and exchange in the preferred embodiment of the present invention. The gate master 11 (not shown) collects various customizations at each serving layer level and stores mirror images of the services at various master levels to generate a unified access to interoperable links with other stake master servers for retrieval and processing of specific portlet frames from the respective stake master server. The gate page 400 is a page for retrieving information for or providing services available through the gate masters 11 quickly to the user. The gate page 400 also provides a user login and look-ups of useful information from the system 5. The gate page 400 has a unique interface to reflect services particular to the geographical location that the user resides, corresponding to the location frames, such as location 1 500, location 2 501, location 3 502, and local 503. For example, the local master 21 (not shown) that the user belongs to may supply information required for the frame, local 503. The gate page 400 further comprises a single text box 508 for input queries for different search engine choices indicated in search 1 509, search 2 510, search 3 511 and search 4 512, such as, Yahoo! , Google , dictionary, and yellow pages. Access to quick links, Quick 1 515, Quick 2 516, Quick 3 517, and Quick 4 518 may be provided appropriately. Access to web mail is also provided on this gate page 400. After the user inputting his or her login information by entering his/her identification in the user name 513 and the password in the password 514 and being authenticated, the user can select the screen size of the display to fit into the screen size of the terminal device deployed by the user by selecting size 1 504, size 2 505, size 3 506 or size 4 507. The multi-frame architecture of the gate page 400 will be dynamically reorganized by the gate master 11 to fit into a new sequential flow of multi-frame navigation on the navigation page based on the size of the display of the terminal device using a frame tailoring.

The frame tailoring is the process proceeded by the gate master 11. When the user requests for gate page 400 to the gate master 11, the gate master 11 automatically detects the display resolution of the browser 1 (not shown) of the terminal device.

Based on the resolution, the gate master 11 then searches and selects appropriate portlets and templates in the application portlet 68 (not shown) and template 71 (not shown). The gate master 11 forwards the selected portlets and template to data warehouse 70 (not shown) for generating the frame page(s) to fit with the detected resolution of the display. Then, the gate master 11 sends back the frame page to the browser 1 for display.

Figure 15 illustrates a common area of the home navigation page 401H for home control and transaction processing frame in the preferred embodiment of the present invention. The home navigation page 401H is generated dynamically by the service bus interface generation engine 301 of the home master 31 (not shown), and comprises a plurality of frames, including a frame for gate service applications 530 locating at the top of the home navigation page 401H. Below the gate service application frame 530, the home navigation page 401H comprises a frame for local service category 531, listing up a plurality of local service category selections for the user to chose from, and a frame for a share service frame 532, displaying available services in the selected local service category through the local service category 531. A home links frame 533 and a home control category frame 534 are situated at the bottom of the home navigation page 401H. The home links frame 533 comprises a plurality of URL links associated with personal or home use in general. Dereferencing or following a URL link in the home links frame 533 will lead to another dynamically generated frame pages for providing access to other home services on the share service frame 532 or in the framed header and footer page 402H (not shown). Optionally, the service bus interface generation engine 301 of the home master 31 may dynamically generate a new pop-up window for providing accesses to the aforementioned services.

The home control category frame 534 comprises a number of categories and listing for home controls or control methods associated with home devices 32 (not shown). Dereferencing or following one of the home control category within the home control category frame 534 will cause the service bus interface generation engine 301 of the home master 31 to dynamically generate a share service frame 532 with the selected category of services depicted on the share service frame 532. The share service frame 532 is a common frame to display interactive processing of web services provided by all stakeholders. The dynamically generated share service frame 532 has further navigation links and / or icons for providing interactive steps to display further frames on the share service frame 532 until the service has been consumed by the user or rendered by the service provider. Figure 16 illustrates a conceptual view of service categories 550 of resources based on interest of a targeted home user in the preferred embodiment of the present invention. Each stakeholder would set a policy on a type or types of services to be provided to its coherent user group, and the information is stored and managed in the stakeholder proprietary data 69 (not shown) of the database 45 (not shown). The service categories 550 are dynamically generated, in this case by the service bus interface generation engine 301 of the home master 31 (not shown), as part of the service bus interface 80 (not shown) of the stake master server. The service categories 550 would work in conjunctions with other stake master servers for retrieval and processing of specific portlet frames that belong to other stake master servers. This is to be noted that the gate master 11 and the local master 21 also possess the same capability for generating the service categories 550 dynamically as a part of the service bus interface 80. Portal contents are categorized according to contributions by various levels of stake master servers. Each stakeholder is able to customize contents contributed by its level of stake master server by categories. The contents are communicated with the users through the service bus interface 80.

Services 600 are classified into four services, namely gate services 601, local services 602, home services 603 and other services 604. Each of services 600 is broken down to a plurality of categories 610; each of categories 610 are further broken down to types 620. Finally, each of the types 620 is divided to resources 630. In this example, gate services 601 comprise one of categories 610, weather 611, and then weather 611 is categorized into local weather 621 and international weather 622 for types 620. Both local weather 621 and international weather 622 are further categorized to current weather 631 and weather forecast 632 at resources 630. For the local services 602, it comprises communications 612 for the categories 610; then the communications 612 is divided to Voice over IP (or VoIP) 623 and e-mail 624 as the types 620. For VoIP 623 types, it is further categorized to local call 633 and international direct dialing call as the resources 630. For the home services 603, it comprises a category of entertainment 613. For the other services 604, it comprises time and date 614. For entertainment categories 613, it is divided to TV 625 and DVD 626 for the types 620, and for time and date categories 614, it is divided to local date and time 627 and date and time of an international city 628 for the types 620. Figure 17 illustrates a block diagram for compilation of service repository process by data extraction and data transformation in the preferred embodiment of the present invention. A service provider from a local service layer 20 (not shown) transmits service data or information from the local master 21 through the communication network link 15 to the gate master 11. The service data is stored in service repository 67 in the database 200 on the local master 21, and transmitted from the web server 203 or P2P file sharing 204, via the communication network link 15, to the corresponding web server 103 or P2P file sharing 104, respectively, at the gate master 11. The service data may be transmitted using SOAP / XML as a data exchanging and communication protocol between the web server 103 of the gate master 11 and the web server 203 of the local master 21. Short Message Service (SMS) or e-mail may be used for data exchange between P2P file sharing 104 and P2P file sharing 204. Once the gate master 11 receives the service data, then, the gate master 11 stores the data in the data warehouse 70 in the database 100 on the gate master 11. Then, the gate master 11 transforms the data using XML style language, or data formatting / styling rules, and combines the transformed data with web designed forms or/and templates for generating a series of application frame pages, which to be stored in the database 100. The gate master 11, then, add metadata to the forms or/and templates to form application frame page series as usable URLs, and stores the frame pages in the service repository 67 of the database 100 on the gate master 11. When the web server 203 of the local master 21 requests frame page files to the web server 103 of the gate master 11 for displaying service bus interface 210, the gate master 11 forwards the pages to the local master 21 for caching the page for display on the user browser 1 (not shown). From this perspective, the web server 203 may act as a proxy server for the web server 103 of the gate master 11. The web server 203 may also directly request portlets from the application portlet warehouse 68 of the database 100 on the gate server 11.

Figure 18-a illustrates a block diagram identifying features utilized for updating of gate service bus interface 101 and local service bus interface 201 through a staging server 700 in the gate service layer 10 (not shown) in the preferred embodiment of the present invention. An administrator at gate service layer 10 or local service layer 20 (not shown) accesses the staging server 700, on which a service bus interface 110 for the gate master 11 or service bus interface 210 for the local master 21 has been tested and verified. The administrator provides his or her user identification and password to the access control 702 of the staging server 700. The administrator may add or delete services through the browser 1 by alternating contents in the service repository 67 and/or resource directory 71 of the database 710 on the staging server 700. The final contents are distributed to the gate master 11, the local master 21, and/or the home master 31 through P2P file sharing 704. For example, the service bus interface 110 of the gate master 11 would be distributed from the staging server 700 through P2P file sharing 704, over the communication network, through

P2P file sharing 104 of the gate master 11 and P2P file sharing 204 of the local master 21 for updating service repository 67 and resource directory 66 of the database 100 on the gate master 11 and service repository 67 and resource directory 66 of the database 200 on the local master 21, respectively. The service bus interface 210 for the local master 21 would be distributed only to the local masters 21, from the service repository 67 and resource directory 66 of the database 710 on the staging server 700 through P2P file sharing 704 over the communication network through P2P file sharing 204 of the local master 21 to the service repository 67 and resource directory 66 of the database 200 on the local master 21. System mirror image may be distributed in the similar way as well, i.e. a system mirror image from the system mirror image 64 in the database 710 may be distributed through P2P file sharing 704 over the communication network through P2P file sharing 104 of the gate master 11, P2P file sharing 204 of the local master 21, and P2P file sharing 304 of the home master 31 to the system mirror image 64 of the databases 100, 200 and 300 on the gate master 11, local master 21 and home master 31, respectively. Figure 18-b illustrates a block diagram identifying features utilized for updating of home service bus interface 301 in the preferred embodiment of the present invention. An administrator at home service layer 30 accesses the home master 31 through the browser 1 via the web server 303 for updating the home master service bus interface 301. The home master 31 authenticates the administrator based on the administrator's identification and password supplied by the administrator at the access control 302. Once the administrator is authenticated, the administrator may add or delete services by alternating the contents in the resources directory 66 and service repository 67. Once the services are finalized, the system mirror image will be stored in the system mirror image 64 of the database 300 on the home master 31. It is to be understood that the embodiments and variations shown and described herein are merely illustrations of the principles of this invention and that various modifications may be implemented by those skilled in the art without departing from the spirit and scope of the invention.

Claims

1. A system for dynamically generating a user-centric portal in a hieratically layered and distributed network, comprising:

(i) a network access server, aggregating a plurality of first stake master servers;

(ii) each of said plurality of said first stake master servers aggregating a plurality of second stake master servers establishing first communication network links therewith;

(iii) each of said plurality of said second stake master servers aggregating a plurality of third stake master servers establishing second communication network links therewith;

(iv) each of said plurality of said third stake master servers aggregating a plurality of home devices for forming home networks; wherein said first, said second, and said third stake master servers are servers of web services, comprising user management system, service integration engine, resource organizer, network management system and database; and wherein one of said first, said second and said third stake master servers first receives a request for said user-centric portal for a user directly or through said network access server from a browser with a user identification and password, said request is redirected to a corresponding one of said first, said second and said third stake master servers based on profile of said user stored in said database of said stake master server first received said request, said user management system of said corresponding stake master server authenticating said user based on said profile of said user stored in said database of said corresponding stake master server, and said corresponding stake master server dynamically generates said user-centric portal by integrating services from associated ones of said first, said second and said third stake master servers based on said profile of said user and profiles of stakeholders associated with said user.

2. The system as recited in claim 1, wherein said plurality of said first stake master servers form a first service network layer over a first communication network, said plurality of said second stake master servers form a second service network layer over a second communication network, and said plurality of said third stake master servers form a third service network layer over a third communication network.

3. The system as recited in claim 2, wherein said first communication network is established over at least one of Hyper Text Transfer Protocol and Hyper Text Transfer Protocol over Secure Socket Layer for integrating said services among said first stake master servers by said service integration engines of said first stake master servers.

4. The system as recited in claim 2, wherein said second communication network is for integrating said services among said second stake master servers by said service integration engines of said second stake master servers, and is established over at least one of Simple Object Access Protocol, Extended Markup Language / Extensible Stylesheet Language Transformations and Web Services Description Language.

5. The system as recited in claim 2, wherein said third communication network is for integrating said services among said third stake master servers by said service integration engines of said third stake master servers, and is established over at least one of IEEE 802.11, Bluetooth and IEEE 1394.

6. The system as recited in claim 2, wherein said second service network layer comprises a plurality of sub-layers.

7. The system as recited in claim 1, wherein each of said stake master servers are controlled by each of said stakeholders.

8. The system as recited in claim 7, wherein said stakeholder is a person or legal entity that has interests or stakes in said system.

9. The system as recited in claim 1, wherein said first communication network links segregate said second stake master servers aggregated by said first servers physically, virtually or physically and virtually.

10. The system as recited in claim 9, wherein said first communication network links segregates said second stake master servers virtually by virtual private network.

11. The system as recited in claim 9, wherein each of said first communication network links facilitates said first and said second stake master servers to integrate said services available through said first and said second stake master servers.

12. The system as recited in claim 1, wherein said second communication network links segregate said third stake master servers aggregated by said second servers physically, virtually or physically and virtually.

13. The system as recited in claim 12, wherein said second communication network links segregates said third stake master servers virtually by virtual local area network.

14. The system as recited in claim 12, wherein each of said second communication links facilitates said second and said third stake master servers to integrate said services available through said second and said third stake master servers.

15. The system as recited in claim 1, wherein said portal comprises a plurality of pages.

16. The system as recited in claim 15, wherein said portal is resized manually by said user selecting a plurality of predetermined display sizes of said browser.

17. The system as recited in claim 15, wherein said portal is automatically resized by said resource organizer automatically detecting display size of said browser.

18. The system as recited in claim 15, wherein said plurality of pages comprise a gate page, a navigation page and a framed header and footer page.

19. The system as recited in claim 18, wherein said gate page comprises areas for said user to enter a user name and password.

20. The system as recited in claim 19, wherein said gate page further comprises a plurality of frames for providing web services available through said first stake master servers and for services particular to a geographical location that said user resides.

21. The system as recited in claim 20, wherein each of said plurality of said frames further comprises a plurality of sub-frames, wherein each of said plurality of said sub-frames bearing Uniform Resource Identifier.

22. The system as recited in claim 21, wherein said user selecting one of said plurality of said sub-frames in one of said plurality of said frames causes said one of said plurality of said frames to refresh for bearing another plurality of said sub-frames.

23. The system as recited in claim 22, wherein said user is navigated to one of said services by selecting any of said plurality of said sub-frames in one of said plurality of said frames within three times.

24. The system as recited in claim 18, wherein said navigation page comprises a plurality of frames for providing web services available through said corresponding stake master server.

25. The system as recited in claim 24, wherein each of said plurality of said frames further comprises a plurality of sub-frames, wherein each of said plurality of said sub-frames bearing Uniform Resource Identifier.

26. The system as recited in claim 25, wherein said user selecting one of said plurality of said sub-frames in one of said plurality of said frames causes said one of said plurality of said frames to refresh for bearing another plurality of said sub-frames.

27. The system as recited in claim 26, wherein said user is navigated to one of said services by selecting any of said plurality of said sub-frames in one of said plurality of said frames within three times.

28. The system as recited in claim 1, wherein said network management system comprises dynamic host configuration protocol server and dynamic domain name server.

29. The system as recited in claim 1, wherein said user management system comprises functions of user authentication, user authorization and user registration.

30. The system as recited in claim 1, wherein said database comprises a plurality of fields for managing said user profile for said user management, wherein said plurality of fields comprise:

(i) user credentials for managing credential information for said users;

(ii) user attribute directory for managing attribute information of said users; and

(iii) electronic certificate register for managing electronic certificates of said users.

31. The system as recited in claim 30, wherein said database further comprises plurality of fields for managing said system, wherein said plurality of fields comprise:

(i) system configuration for maintaining configuration and preference information of said stake master server; and

(ii) system mirror image, comprising a plurality of partitions for maintaining a plurality of versions of system mirror images for said stake master server.

32. The system as recited in claim 31, wherein said database yet further comprises a plurality of fields for organizing resources, integrating services, and generating said portal, wherein said plurality of fields comprise:

(i) application programs for storing a collection of service task-oriented programs providing controller functions to collate data and various services available through said corresponding stake master server;

(ii) a resource directory for maintaining a collection of Uniform Resource Identifiers of service providers that are collected by at least one of said first and said second stake master servers;

(iii) said service repository for managing services that have been agreed between said user and said stakeholders and provided through said first master and said second stake master servers; (iv) application portlets for defining a portion of said portal by itself or in conjunction with corresponding applications of said server application programs stored in said application program;

(v) stakeholder proprietary data for managing stakeholder profiles and preferences, marketing data, statistical data, policies, rules and agreement governing data transfer among said stake master servers;

(vi) data warehouse for storing multimedia files and data in various formats; and

(vii) template for managing forms and templates for displayable pages for generating said portal dynamically.

33. The system as recited in claim 32, wherein said resources of said service repository is organized in a plurality of layered groups, comprising services, categories, and types.

34. The system as recited in claim 1 further comprises a staging server for testing and verifying a system image for one of said first and said second stake master servers.

35. A method for dynamically generating a user-centric portal in a hieratically layered and distributed network, comprising the steps of:

(i) receiving a request for said user-centric portal at one of first stake master servers, second stake master servers and third stake master servers directly or through a network access server from a user through a browser with user identification and password; wherein said first, second and third stake master servers are servers of web services; wherein said first stake master servers are aggregated by said network access server; wherein each of said first stake master servers aggregating a plurality of said second stake master servers establishing first communication network links therewith; wherein each of said plurality of said second stake master servers aggregating a plurality of said third stake master servers establishing second communication network links therewith; and wherein each of said plurality of said third stake master servers aggregating a plurality of home devices;

(ii) redirecting said request to a corresponding one of said first stake master servers, second stake master servers and said third stake master servers depending on the profile of said user stored in a database at said stake master server that received said request;

(iii) authenticating said user at said corresponding stake master server;

(iv) generating said user-centric portal on said corresponding stake master server based on said profile of said user integrating services from associated ones of said first, said second, and said third stake master servers; and

(v) transmitting said user-centric portal to said browser in response to said request by said user.

36. The method as recited in claim 35, wherein said plurality of said first stake master servers form a first service network layer over a first communication network, said plurality of said second stake master servers form a second service network layer over a second communication network, and said plurality of said third stake master servers form a third service network layer over a third communication network.

37. The method as recited in claim 36, wherein said first communication network is established over at least one of Hyper Text Transfer Protocol and Hyper Text Transfer Protocol over Secure Socket Layer for integrating said services among said first stake master servers by said service integration engines of said first stake master servers.

38. The method as recited in claim 36, wherein said second communication network is for integrating said services among said second stake master servers by said service integration engines of said second stake master servers, and is established over at least one of Simple Object Access Protocol, Extended Markup Language / Extensible Stylesheet Language Transformations and Web Services Description Language.

39. The method as recited in claim 36, wherein said third communication network is for integrating said services among said third stake master servers by said service integration engines of said third stake master servers, and is established over at least one of IEEE 802.11, Bluetooth and IEEE 1394.

40. The method as recited in claim 36, wherein said second service network layer comprises a plurality of sub-layers.

41. The method as recited in claim 35, wherein each of said stake master servers are controlled by a stakeholder.

42. The method as recited in claim 41, wherein said stakeholder is a person or legal entity that has interests or stakes in said system.

43. The method as recited in claim 35, wherein said first communication network links segregate said second stake master servers aggregated by said first servers physically, virtually or physically and virtually.

44. The method as recited in claim 43, wherein said first communication network links segregates said second stake master servers virtually by virtual private network.

45. The method as recited in claim 43, wherein each of said first communication network links facilitates said first and said second stake master servers to integrate said services available through said first and said second stake master servers.

46. The method as recited in claim 35, wherein said second communication network links segregate said third stake master servers aggregated by said second servers physically, virtually or physically and virtually.

47. The method as recited in claim 36, wherein said second communication network links segregates said third stake master servers virtually by virtual local area network.

48. The method as recited in claim 46, wherein each of said second communication links facilitates said second and said third stake master servers to integrate said services available through said second and said third stake master servers.

49. The method as recited in claim 35, wherein said portal comprises a plurality of pages.

50. The method as recited in claim 49, wherein said portal is resized manually by said user selecting a plurality of predetermined display sizes of said browser.

51. The system as recited in claim 49, wherein said portal is automatically resized by said resource organizer automatically detecting display size of said browser.

52. The method as recited in claim 49, wherein said plurality of pages comprise a gate page, a navigation page and a framed header and footer page.

53. The method as recited in claim 52, wherein said gate page comprises areas for said user to enter a user name and password.

54. The method as recited in claim 53, wherein said gate page further comprises a plurality of frames for providing web services available through said first stake master servers and for services particular to a geographical location that said user resides.

55. The method as recited in claim 54, wherein each of said plurality of said frames further comprises a plurality of sub-frames, wherein each of said plurality of said sub-frames bearing Uniform Resource Identifier.

56. The method as recited in claim 55, wherein said user selecting one of said plurality of said sub-frames in one of said plurality of said frames causes said one of said plurality of said frames to refresh for bearing another plurality of said sub-frames.

57. The method as recited in claim 56, wherein said user is navigated to one of said services by selecting any of said plurality of said sub-frames in one of said plurality of said frames within three times.

58. The method as recited in claim 52, wherein said navigation pages comprises a plurality of frames for providing web services available through said corresponding stake master server.

59. The method as recited in claim 58, wherein each of said plurality of said frames further comprises a plurality of sub-frames, wherein each of said plurality of said sub-frames bearing Uniform Resource Identifier.

60. The system as recited in claim 59, wherein said user selecting one of said plurality of said sub-frames in one of said plurality of said frames causes said one of said plurality of said frames to refresh for bearing another plurality of said sub-frames.

61. The method as recited in claim 60, wherein said user is navigated to one of said services by selecting any of said plurality of said sub-frames in one of said plurality of said frames within three times.

62. The method as recited in claim 35, wherein said network management system comprises dynamic host configuration protocol server and dynamic domain name server.

63. The method as recited in claim 35, wherein said user management system comprises functions of user authentication, user authorization and user registration.

64. The method as recited in claim 35, wherein said database comprises a plurality of fields for managing said user profile for said user management, wherein said plurality of fields comprise:

(i) user credentials for managing credential information for said users;

65. The method as recited in claim 64, wherein said database further comprises plurality of fields for managing said system, wherein said plurality of fields comprise:

66. The method as recited in claim 65, wherein said database yet further comprises a plurality of fields for organizing resources, integrating services, and generating said portal, wherein said plurality of fields comprise:

(iii) said service repository for managing services that have been agreed between said user and said stakeholders and provided through said first master and said second stake master servers;

(iv) application portlets for defining a portion of said portal by itself or in conjunction with corresponding applications of said server application programs stored in said application program;

67. The method as recited in claim 66, wherein said resources of said service repository is organized in a plurality of layered groups, comprising services, categories, and types.

68. The method as recited in claim 35 further comprises a staging server for testing and verifying a system image for one of said first and said second stake master servers.