Method and system for controlling access to a service provided through a network

US 20060190990A1
Filed: 02/23/2005
Published: 08/24/2006
Est. Priority Date: 02/23/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling access of a user to a service provided through a network, the method comprising the steps of:

upon initiating a connection of said user to said network, authenticating said user and creating or updating a cookie within the workstation of said user, said cookie comprising information related to access permission of said user to said service, said access permission corresponds to the result of said authenticating;

upon requesting to access said service by said user, retrieving said information from said cookie by a gateway to said network, and enforcing said access permission on said user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a method for controlling access of a user to a service provided through a network, and a system thereof. The method comprising the steps of: upon initiating a connection of the user to the network, authenticating the user; upon positively authenticating the user, creating or updating a cookie within the workstation of the user, the cookie comprising information related to access permission of the user to the service; upon requesting to access the service by the user, retrieving the information from the cookie by a gateway to the network, and enforcing the access permission on the user.

Citations

17 Claims

1. A method for controlling access of a user to a service provided through a network, the method comprising the steps of:
- upon initiating a connection of said user to said network, authenticating said user and creating or updating a cookie within the workstation of said user, said cookie comprising information related to access permission of said user to said service, said access permission corresponds to the result of said authenticating;
  
  upon requesting to access said service by said user, retrieving said information from said cookie by a gateway to said network, and enforcing said access permission on said user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, wherein said cookie is stored in an encrypted form.
  - 3. A method according to claim 1, wherein said information is selected from a group comprising:
    - specified access permission of said user to said service;
      
      identity of said user, for associating with an access permission of said user to said service.
  - 4. A method according to claim 1, wherein said access permission is selected from the group comprising:
    - accessing a certain Web site, accessing Web sites of a certain type, accessing Web sites of a certain category, accessing a certain domain, and an access level associated with at least one certain access permission.
  - 5. A method according to claim 1, wherein said service is available through a network selected from the group comprising:
    - Internet, WAN, LAN.
  - 6. A method according to claim 1, wherein said service is selected from the group comprising:
    - accessing a URL, antivirus service, downloading a file, downloading a certain type file, downloading active content, downloading certain type of active content, accessing encrypted content, using a user'"'"'s credentials from a cookie to decrypt the content.

7. A method for controlling access of a user to a service provided through a network, the method comprising the steps of:
- upon initiating a connection of said user to said network, authenticating said user and creating or updating a cookie within the workstation of said user, said cookie comprising information related to access permission of said user to said service, said access permission corresponds to the result of said authenticating;
  
  at a gateway to said network, upon requesting to access said service during a connection session by said user, retrieving by said gateway information stored within said cookie, and adding said information and a current IP address of said user to a logged-in list;
  
  at said gateway, upon requesting by a user to re-access said service, identifying said user by said current IP address, retrieving said information of said user from said list according to said current IP address, and enforcing said access permission on said user.
- View Dependent Claims (8, 9, 10)
- - 8. A method according to claim 7, wherein said access permission is selected from the group comprising:
    - an access level, an allowed or forbidden Web site, an allowed or forbidden type of Web sites, an allowed or forbidden category of Web sites, and an allowed or forbidden domain.
  - 9. A method according to claim 7, wherein said service is available through a network selected from the group comprising:
    - Internet, WAN, LAN.
  - 10. A method according to claim 7, wherein said service is selected from the group comprising:
    - accessing a URL, antivirus service, downloading a file, downloading a certain type file, downloading active content, downloading certain type of active content, accessing encrypted content, using a user'"'"'s credentials from a cookie to decrypt the content.

11. A system for controlling access of a user to a service provided through a network, the system comprising:
- a local server, for authenticating said user and launching a login script for creating a cookie on said workstation, said cookie comprising information related to access permission of said user to said service;
  
  a program executed on a gateway of said network, for checking the permission of said user to access said service according to information stored within said cookie, and enforcing said access permission of said user to said service according to the result of said checking.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. A system according to claim 11, wherein said information is selected from a group comprising:
    - specified access permission of said user to said service, identity of said user that can be associated with an access permission of said user to said service.
  - 13. A system according to claim 11, further comprising a list of logged-in users, each entry of said list comprising an identifier of a logged-in user, and at least one permission of said user to access said service.
  - 14. A system according to claim 13, wherein said identifier is selected from a group comprising:
    - an IP address of said user for the current connection session, a user name.
  - 15. A system according to claim 11, wherein said access permission is selected from the group comprising:
    - an access level, an allowed or forbidden Web site, an allowed or forbidden type of Web sites, an allowed or forbidden category of Web sites, and an allowed or forbidden domain.
  - 16. A system according to claim 11, wherein said service is available through a network selected from the group comprising:
    - Internet, WAN, LAN.
  - 17. A system according to claim 11, wherein said service is selected from the group comprising:
    - accessing a URL, antivirus service, downloading a file, downloading a certain type file, downloading active content, downloading certain type of active content, accessing encrypted content, using a user'"'"'s credentials from a cookie to decrypt the content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aladdin Knowledge Systems Limited (Thales SA)
Original Assignee
Aladdin Knowledge Systems Limited (Thales SA)
Inventors
Gruper, Shimon, Margalit, Yanki, Margalit, Dany

Application Number

US11/062,820
Publication Number

US 20060190990A1
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 67/02   based on web technology, e....

Method and system for controlling access to a service provided through a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for controlling access to a service provided through a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links