SUBSCRIPTION ACCESS SYSTEM FOR USE WITH AN UNTRUSTED NETWORK

US 20020002688A1
Filed: 06/11/1997
Published: 01/03/2002
Est. Priority Date: 06/11/1997
Status: Active Grant

First Claim

Patent Images

1. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, comprising:

clearinghouse means for storing identity data of said first server computer and the identity data of each of said subscriber client computers server software means installed on said first server computer adapted to forward its identity data and identity data of each subscriber client computer to said clearinghouse means at the beginning of an operating session in which access to selected computer resources of said first server computer is requested;

client software means installed on each of said subscriber client computers adapted to forward its identity data to said first server computer at the beginning of an operating session in which access to selected computer resources is requested;

said clearinghouse means being adapted to authenticate the identity of said subscriber client computer responsive to a request for selected computer resources of said first server computer by a subscriber client computer;

said clearinghouse means being adapted to authenticate the identity of said first server computer responsive to said subscriber client computer making the request for selected computer resources of said first server computer;

said clearinghouse means being adapted to permit access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making said request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is disclosed for controlling access to computer resources using an untrusted network. The system preferably uses a hardware key connected to each subscriber client computer and adds software to the subscriber client computer and to the existing server computer. A clearinghouse is provided to store client and server identification data, including demographic data, including URL data, usage data and billing information. The clearinghouse authenticates the subscriber and server computers before an operating session occurs. For every new client session, a login mechanism requires the client computer to supply appropriate identification data, including a digital identification generated by the hardware key. The login parameters are verified by the clearinghouse and a session is then started. The system is adapted to protect preselected content from being printed or copied by a client using a web browser. The system architecture permits a geographical distributed system of multiple subscriber client computers, multiple server computers and multiple clearinghouses which can interact with each other.

Citations

36 Claims

1. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, comprising:
- clearinghouse means for storing identity data of said first server computer and the identity data of each of said subscriber client computers server software means installed on said first server computer adapted to forward its identity data and identity data of each subscriber client computer to said clearinghouse means at the beginning of an operating session in which access to selected computer resources of said first server computer is requested;
  
  client software means installed on each of said subscriber client computers adapted to forward its identity data to said first server computer at the beginning of an operating session in which access to selected computer resources is requested;
  
  said clearinghouse means being adapted to authenticate the identity of said subscriber client computer responsive to a request for selected computer resources of said first server computer by a subscriber client computer;
  
  said clearinghouse means being adapted to authenticate the identity of said first server computer responsive to said subscriber client computer making the request for selected computer resources of said first server computer;
  
  said clearinghouse means being adapted to permit access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making said request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. A system as defined in claim 1 wherein the untrusted network is the Internet.
  - 3. A system as defined in claim 1 wherein each of said subscriber client computers includes a hardware key connected thereto adapted to generate a predetermined digital identification, which identification is part of said identity data.
  - 4. A system as defined in claim 3 wherein said subscriber client computer identity data includes a client name, a client password and said predetermined digital identification.
  - 5. A system as defined in claim 3 wherein said first server computer intermittently requests said subscriber client computer to forward said predetermined digital identification to said first server computer to thereby confirm that said hardware key is connected to said subscriber client computer.
  - 6. A system as defined in claim 5 wherein successive ones of said intermittent requests occur at predetermined time intervals.
  - 7. A system as defined in claim 1 wherein said clearinghouse means provides authentication confirmation data to said subscriber client computers and to said first server computer when the identities of the same are authenticated, said authentication confirmation data being encrypted in subsequent communications from each of said first server computer, subscriber client computer and clearinghouse means to another of said first server computer, subscriber client computer and clearinghouse means.
  - 8. A system as defined in claim 5 wherein said first server computer has the ability to change said predetermined digital identification of the hardware key connected to each of said subscriber client computers, said changed predetermined digital identification being transmitted to said clearinghouse means.
  - 9. A system as defined in claim 1 further characterized in that it is adapted to monitor the communications between said first server computer and each subscriber client computer during operating sessions and acquire and store demographic data for each subscriber client computer.
  - 10. A system as defined in claim 9 wherein said demographic data comprises personal profile information, including at least two of the following items of information including:
    - user name, user passwork, address, type of browser used, operating system used, phone number, job title, name of employer, type of business, credit card identification and credit card number.
  - 11. A system as defined in claim 1 further characterized in that it is adapted to monitor the communications between said first server component and each subscriber client computer during operating sessions and acquire and store billing data based upon the subscriber client computer'"'"'s usage of server computer resources.
  - 12. A system as defined in claim 1 wherein each of said subscriber client computers has an application for browsing the untrusted network, said first server computer being adapted to designate specific resource content as being protected and to provide predetermined protection data identifying said resource content as being protected when said data is transmitted to one of said subscriber client computers responsive to a request for said resource content, said data being monitored by said subscriber client computer and selectively disabling predetermined functionality of said application for said designated specific resource content.
  - 13. A system as defined in claim 12 wherein said data defines a hierarchical system of protection, whereby said application has selective functions which are disabled as a function of the content of said protection data.
  - 14. A system as defined in claim 13 wherein said application has the functional operations of print, save cut/copy/paste, said protection data identifying various combinations of said functional operations which are disabled.
  - 15. A system as defined in claim 1 further including at least two server computers and at least two clearinghouse means, said server computers and clearinghouse means being capable of being at separate physical locations.
  - 16. A system as defined in claim 9 wherein said demographic data comprises the history of all URL sites visited by a subscriber client computer.
  - 17. A system as defined in claim 1 wherein said clearinghouse means is adapted to operate as an independent entity and can provide said authentication operations for multiple server computers.
  - 18. A system as defined in claim 3 wherein said server computer is adapted to selectively query each of said subscriber client computers to generate said predetermined digital identification, each of said subscriber client computers generating said digital identification in response to said query.
  - 19. A system as defined in claim 18 wherein said server computer'"'"'s selective querying of subscriber client computers occurs by operation of query algorithms, said server computer being adapted to change said query algorithms.
  - 20. A system as defined in claim 1 wherein said server computer is adapted to selectively prompt said subscriber client computers to enter its identity data including its username and password in the beginning of an operating session.
  - 21. A system as defined in claim 12 wherein said server computer is adapted to selectively enable and disable said disabling predetermined functionality of said application for said designated specific resource content.
  - 22. A system as defined in claim 1 wherein said first server computer is adapted to assign one of a plurality of authorization levels to the computer resources provided by said first server computer, said identity data of each of said subscriber client computers including a particular authorization level, said first server computer only permitting access to particular computer resources by a subscriber client computer that are permitted by said particular authorization level.
  - 23. A system as defined in claim 22 wherein said computer resources are contained in a plurality of directories containing files, said authorization levels being assigned on a directory level.
  - 24. A system as defined in claim 22 wherein said computer resources are contained in a plurality of directories containing files, said authorization levels being assigned on a file level.

25. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, wherein each of said subscriber client computers has an application for browsing the untrusted network, said first server computer being adapted to designate specific resource content as being protected and to provide predetermined protection data identifying said resource content as being protected when said data is transmitted to one of said subscriber client computers responsive to a request for said resource content, said data being monitored by said subscriber client computer and selectively disabling predetermined functionality of said application for said designated specific resource content.
- View Dependent Claims (26, 27)
- - 26. A system as defined in claim 25 wherein said data defines a hierarchical system of protection, whereby said application has selective functions which are disabled as a function of the content of said protection data.
  - 27. A system as defined in claim 26 wherein said application has the functional operations of print, save cut/copy/paste, said protection data identifying various combinations of said functional operations which are disabled.

28. A method of controlling access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network during an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, comprising the steps of:
- registering identity data of said first server computer and the identity data of each of said subscriber client computers and storing the registered identity data in a clearinghouse means associated with said first server computer and said subscriber client computers;
  
  requiring a subscriber client computer to forward its identity data to said clearinghouse means at the beginning of an operating session in which access to selected computer resources is requested;
  
  attempting to authenticate the identity of said subscriber client computer from said clearinghouse means responsive to a request for selected computer resources of said first server computer by a subscriber client computer;
  
  attempting to authenticate the identity of said first server computer from said clearinghouse means responsive to said subscriber client computer making the request for selected computer resources;
  
  permitting access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making said request.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
- - 29. A method as defined in claim 28 wherein each of said subscriber client computers has a hardware key connected thereto adapted to generate a predetermined digital identification, said registered identity data of each subscriber client computer including said digital identification.
  - 30. A method as defined in claim 29 wherein said subscriber client computer identity data includes a client name, a client password and said predetermined digital identification.
  - 31. A method as defined in claim 29 wherein access is permitted subsequent to initial successful authentication only when said predetermined digital identification is forwarded to said clearinghouse means subsequently during an operating session by said subscriber client computer.
  - 32. A method as defined in claim 28 wherein said untrusted network is the Internet.
  - 33. A method as defined in claim 28 further including the steps of:
    - monitoring the communications between said first server computer and each subscriber client computer during operating sessions;
      
      acquiring and storing usage data relating to said communications.
  - 34. A method as defined in claim 33 further including the step of:
    - acquiring and storing demographic data on each client computer.
  - 35. A method as defined in claim 33 further including the step of:
    - acquiring and storing billing data based upon the subscriber client computer'"'"'s usage of server computer resources.
  - 36. A method as defined in claim 29 wherein said first server computer can change the predetermined digital identification of a hardware key connected to a subscriber client computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Original Assignee
Prism Resources, Inc.
Inventors
GREGG, RICHARD L., GOEKE, TIMOTHY C., GIRI, SANDEEP

Granted Patent

US 6,516,416 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/34   involving the use of extern...

G06F 2221/2103   Challenge-response

G06F 2221/2135   Metering

H04L 63/08   for authentication of entit...

SUBSCRIPTION ACCESS SYSTEM FOR USE WITH AN UNTRUSTED NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

SUBSCRIPTION ACCESS SYSTEM FOR USE WITH AN UNTRUSTED NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links