NETWORK ACCESS CONTROL USING NETWORK ADDRESS TRANSLATION
2 Assignments
0 Petitions
Accused Products
Abstract
An improved network content filtering system and method utilize the network address translation functionality of a shared network connection to redirect outgoing packets from a client intended for a destination web server to an access controlling web server instead. Before a session to the destination web server is established, the access controlling web server either approves or refuses the connection, providing a content filtering mechanism. If the connection is refused, the access controlling web server may substitute other content for a filtered URL. In order to identify the client, the shared connection may additionally embed an identifier token in the redirected traffic, so as to customize the filtering action or to facilitate billing functions.
-
Citations
52 Claims
-
1-32. -32. (canceled)
-
33. A computer-implemented system that controls access to remote resources comprising the following computer-executable components:
-
a client component that transmits a packet comprising connection setup information and a destination address, the destination address is an Internet Protocol (IP) address corresponding to an intended destination server;
a gateway component that receives the packet, rewrites the destination address, and redirects the packet; and
an access control component that receives the redirected packet and determines whether the client component is granted access to the intended destination server. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. In a computer network environment comprising a client, a hosting server, an access controlling server, and a gateway interposed between the client and both the hosting server and the access controlling server, a method for controlling access of the client to a desired resource hosted on the hosting server, comprising:
-
receiving at the gateway a request packet from the client for the desired resource;
redirecting the entire request packet to the access controlling server;
receiving at the gateway a permission notification from the access controlling server in response to the redirected request packet; and
choosing to either grant or deny access of the client machine to the desired resource based at least in part upon the permission notification. - View Dependent Claims (51)
-
-
52. A computer-implemented system for controlling access to remote resources comprising:
-
a computer-implemented means for rewriting a destination address of a packet to a new destination address and redirecting the entirety of the packet to the new destination address;
a computer-implemented means for determining at the new destination address if access to the destination address should be allowed; and
a computer-implemented means for creating a connection to at least one of the destination address and the new destination address based upon the access determination.
-
Specification