Network access control method, network system using the method and apparatuses configuring the system

US 20020053029A1
Filed: 03/26/2001
Published: 05/02/2002
Est. Priority Date: 10/30/2000
Status: Active Grant

First Claim

Patent Images

1. A network access control method for a network system comprising:

network apparatuses having packet filtering functions;

a service server connected with an IP network via the network apparatus, providing a service to a user;

a user terminal connected with the IP network via the network apparatus, for the user to utilize therethrough the service provided by said service server;

a reception server connected with the IP network via the network apparatus, receiving an access from the user for said service server; and

an access control server controlling the network apparatus, said method comprising the steps of;

a) said reception server receiving access request information from said user terminal, and holding it; and

b) said access controlling server performing traffic control such as to extract, based on a processing capability of said service server and a traffic amount for said service server, such an amount of the access request information held by said reception server as that which said service server can optimally deal with, so as to allow the access for said service server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network access control method for a network system comprising network apparatuses having a packet filtering function, a service server connected with an IP network via the network apparatus, providing a service to a user, a user terminal connected with the IP network via the network apparatus, for the user to utilize the service provided by the service server, a reception server connected with the IP network via the network apparatus, receiving an access from the user for the service server, and an access control server controlling the network apparatuses. The method comprising the steps of a) the reception server receiving access request information from the user terminal, and holding it, and b) the access controlling server performing traffic control such as to extract, based on processing capability of the service server and a traffic amount for the service server, such an amount of the access request information as that the service server can optimally deal with, so as to allow the access for the service server.

65 Citations

12 Claims

1. A network access control method for a network system comprising:
- network apparatuses having packet filtering functions;
  
  a service server connected with an IP network via the network apparatus, providing a service to a user;
  
  a user terminal connected with the IP network via the network apparatus, for the user to utilize therethrough the service provided by said service server;
  
  a reception server connected with the IP network via the network apparatus, receiving an access from the user for said service server; and
  
  an access control server controlling the network apparatus, said method comprising the steps of;
  
  a) said reception server receiving access request information from said user terminal, and holding it; and
  
  b) said access controlling server performing traffic control such as to extract, based on a processing capability of said service server and a traffic amount for said service server, such an amount of the access request information held by said reception server as that which said service server can optimally deal with, so as to allow the access for said service server.

2. A network system comprising:
- network apparatuses having packet filtering function;
  
  a service server connected with an IP network via the network apparatus, providing a service to a user;
  
  a user terminal connected with the IP network via the network apparatus, for the user to utilize the service provided by said service server;
  
  a reception server connected with the IP network via the network apparatus, receiving an access from the user for said service server; and
  
  an access control server controlling the network apparatuses, said reception server having an access registering part which receives access request information from said user terminal, and holds it; and
  
  said access controlling server having a filtering optimizing part which performs traffic control such as to extract, based on a processing capability of said service server and a traffic amount for said service server, such an amount of the access request information held in said access registering part as that said service server can optimally deal with, so as to allow the access for said service server.

3. A reception server comprising:
- an access list holding access request information from a user terminal;
  
  a user profile holding user information including a user class for each user;
  
  an access receiving part receiving an access from the user terminal;
  
  an access registering part registering access request information received via said access receiving part into said access list in order of the reception;
  
  a user class extracting part extracting an IP address from the received access request information, and identifying the user by using the extracted IP address so as to extract the user class from said user profile; and
  
  a by-user-class registering part registering the access request information received via said access receiving part into said access list based on the user class extracted through said user class extracting part.
- View Dependent Claims (4, 5, 11, 12)
- - 4. The reception server as claimed in claim 3, further comprising:
    - an estimated waiting time calculating part calculating an estimated waiting time, from the number of the users waiting, according to a position of said access list at which the access request received from the user terminal is registered; and
      
      an access information reporting part reporting the calculated estimated waiting time to the user, and reporting to the user that the access can be performed after the estimated waiting time has elapsed.
  - 5. The reception server as claimed in claim 3, further comprising:
    - an access confirming part determining whether or not the access request is to be registered in said access list, when waiting is needed, after receiving the access request from the user terminal; and
      
      a waiting confirmation inquiring part inquiring to the user for said access confirming part to make the determination.
  - 11. The reception server as claimed in claim 3, further comprising a user authenticating part determining, based on the user class extracted through the user class extracting part, whether or not the received access request is given from an unallowed user, and, reporting, when the access request is given from the unallowed user, this matter to the access control server.
  - 12. The access control server as claimed in claim 6, further comprising an access unallowance filtering setting part producing, based on a report from the user authenticating part of the reception server claimed in claim 11, the packet filtering setting information of access unallowance for the service server, and setting the produced information in the network apparatus.

6. An access control server comprising:
- a access information database holding information concerning a processing capability of a service server and a maximum permissible access number calculated based on the processing capability of the service server;
  
  a traffic control part controlling a network apparatus;
  
  a static permissible access number calculating part calculating the maximum permissible access number based on the information concerning the processing capability of the service server; and
  
  a filtering optimizing part reading such an amount of access request information from an access list holding the access request information from user terminals in a reception server, from the top, as that for the maximum permissible access number, producing packet filtering setting information for the users making access requests to be able to access to the service server, and setting the produced information in the network apparatus via said traffic control part.
- View Dependent Claims (7, 8, 9)
- - 7. The access control server as claimed in claim 6, further comprising:
    - a load and traffic monitoring part monitoring a load condition of the service server and a traffic condition of a network apparatus holding the service server; and
      
      a dynamic permissible access number calculating part-periodically performing communication with said load and traffic monitoring part so as to extract therefrom information of the load condition and traffic condition, and calculate the maximum permissible access number therefrom, and, also, registering the calculated maximum permissible access number in the access information database.
  - 8. The access control server as claimed in claim 6, further comprising:
    - a control information database holding control information which is used as a guideline for reading the access request information from the access list; and
      
      a by-user-class access request reading part reading the access request information from the access list for each user class based on the control information extracted from said control information database, when the filtering optimizing part reads such an amount of the access request information from the access list as that for the maximum permissible access number, in a case where the access request information is registered in the access list by user class.
  - 9. The access control server as claimed in claim 6, further comprising:
    - an effective timer setting part setting an effective timer for the access request information when the packet filtering setting information is produced; and
      
      a filtering canceling part canceling the packet filtering control set in the network apparatus, when the effective timer has expired.

10. A service server connected with an IP network via a network apparatus and providing a service to a user, comprising:
- a session finish determining part determining that a session performed with a user terminal has finished; and
  
  a session finish reporting part reporting to an access control server that the session performed with the user terminal has finished.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Sato, Yoshiharu, Nakamura, Katsuichi, Yamamura, Shinya

Granted Patent

US 7,761,542 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06Q 20/20 Point-of-sale [POS] network...

H04L 67/00 Network arrangements or pro...

Network access control method, network system using the method and apparatuses configuring the system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Network access control method, network system using the method and apparatuses configuring the system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others