Systems, Methods and Computer-Readable Media for Regulating Remote Access to a Data Network

US 20080276305A1
Filed: 12/22/2005
Published: 11/06/2008
Est. Priority Date: 12/22/2005
Status: Abandoned Application

First Claim

Patent Images

1. A system comprising:

an authorization controller operable for regulating establishment of user sessions over a data network;

a processing subsystem operable for monitoring the user sessions and applying a walled garden policy, wherein application of the walled garden policy respectively associates each user in a certain subset of users with a respective walled garden selected from a common plurality of walled gardens;

a database for storing, in association with each said user in the certain subset of users, a respective identifier corresponding to the respectively associated walled garden;

the authorization controller being further operable for responding to receipt of an access request identifying a particular user in the certain subset of users and received from a communication endpoint by (I) consulting the database to identify the walled garden respectively associated with said particular user and (II) directing the communication endpoint to said walled garden respectively associated with said particular user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, which comprises an authorization controller operable for regulating establishment of user sessions over a data network; a processing subsystem operable for monitoring the user sessions and applying a walled garden policy, wherein application of the walled garden policy respectively associates each user in a certain subset of users with a respective walled garden selected from a common plurality of walled gardens; and a database for storing, in association with each said user in the certain subset of users, a respective identifier corresponding to the respectively associated walled garden. The authorization controller is further operable for responding to receipt of an access request identifying a particular user in the certain subset of users and received from a communication endpoint by (I) consulting the database to identify the walled garden respectively associated with said particular user and (II) directing the communication endpoint to said walled garden respectively associated with said particular user.

Citations

56 Claims

1. A system comprising:
- an authorization controller operable for regulating establishment of user sessions over a data network;
  
  a processing subsystem operable for monitoring the user sessions and applying a walled garden policy, wherein application of the walled garden policy respectively associates each user in a certain subset of users with a respective walled garden selected from a common plurality of walled gardens;
  
  a database for storing, in association with each said user in the certain subset of users, a respective identifier corresponding to the respectively associated walled garden;
  
  the authorization controller being further operable for responding to receipt of an access request identifying a particular user in the certain subset of users and received from a communication endpoint by (I) consulting the database to identify the walled garden respectively associated with said particular user and (II) directing the communication endpoint to said walled garden respectively associated with said particular user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 2. The system defined in claim 1, wherein the certain subset of users defines those users associated with a conditional access condition.
  - 3. The system defined in claim 1, wherein the processing subsystem is operable for continually applying said walled garden policy.
  - 4. The system defined in claim 3, wherein the processing subsystem is operable for dynamically updating the identifiers stored in the database to reflect continual application of the walled garden policy.
  - 5. The system defined in claim 4, wherein the processing subsystem comprises:
    - a behavior analysis module operable for receiving from the authorization controller information regarding ongoing user sessions, the behavior analysis module being further operable for processing the information regarding the ongoing user sessions to generate session-intrinsic stimuli;
      
      a walled garden selection module operable for applying the walled garden policy based on the session-intrinsic stimuli.
  - 6. The system defined in claim 5, wherein the ongoing user sessions carry data elements, and wherein the behavior analysis module being operable for processing the information regarding the ongoing user sessions to generate the session-intrinsic stimuli comprises the behavior analysis module being operable for characterizing the data elements carried by the ongoing sessions to determine whether at least one user session is characterized as at least one of (a) having at least one of a virus and a worm and (b) being an unsolicited mass communication.
  - 7. The system defined in claim 6, wherein the behavior analysis module comprises an SMTP activity monitoring module for determining whether at least one user session is characterized as being an unsolicited mass communication.
  - 8. The system defined in claim 6, wherein the behavior analysis module comprises a deep packet inspection module for determining whether at least one user session is characterized having as at least one of a worm and a virus.
  - 9. The system defined in claim 6, wherein the plurality of walled gardens includes a management walled garden, wherein application of the walled garden policy associates the management walled garden with a user for whom a user session is characterized as at least one of (a) having at least one of a virus and a worm and (b) being an unsolicited mass communication.
  - 10. The system defined in claim 4, wherein the processing subsystem further comprises:
    - an input for gathering session-extrinsic stimuli regarding the certain subset of users; and
      
      a walled garden selection module operable for applying the walled garden policy based on the session-extrinsic stimuli.
  - 11. The system defined in claim 10, wherein the walled garden selection module is operable for processing the session-extrinsic stimuli to determine whether at least one user in the certain subset of users has a configuration requirement.
  - 12. The system defined in claim 11, wherein the plurality of walled gardens includes a configuration walled garden, wherein application of the walled garden policy associates a user determined to have a configuration requirement with the configuration walled garden.
  - 13. The system defined in claim 12, wherein the session-extrinsic stimuli comprises configuration data regarding the certain subset of users.
  - 14. The system defined in claim 10, wherein the walled garden selection is operable for processing the session-extrinsic stimuli to determine whether at least one user in the certain subset of users has an advisory requirement.
  - 15. The system defined in claim 14, wherein the plurality of walled gardens includes an advisory walled garden, wherein application of the walled garden policy associates a user determined to have an advisory requirement with the advisory walled garden.
  - 16. The system defined in claim 15, wherein the session-extrinsic stimuli comprises advisory parameters regarding the certain subset of users.
  - 17. The system defined in claim 10, wherein the walled garden selection is operable for processing the session-extrinsic stimuli to determine whether at least one user in the certain subset of users has an accounting requirement.
  - 18. The system defined in claim 17, wherein the plurality of walled gardens includes an accounting walled garden, wherein application of the walled garden policy associates a user determined to have an accounting requirement with the accounting walled garden.
  - 19. The system defined in claim 18, wherein the session-extrinsic stimuli comprises accounting data regarding the certain subset of users.
  - 20. The system defined in claim 10, wherein the walled garden selection module is operable for processing the session-extrinsic stimuli to determine whether at least one user in the certain subset of users has a management requirement.
  - 21. The system defined in claim 20, wherein the plurality of walled gardens includes a management walled garden, wherein application of the walled garden policy associates a user determined to have a management requirement with the management walled garden.
  - 22. The system defined in claim 21, wherein the session-extrinsic stimuli comprises management data regarding the certain subset of users.
  - 23. The system defined in claim 5, wherein the processing subsystem further comprises:
    - an input for gathering session-extrinsic stimuli regarding the certain subset of users;
      
      wherein the walled garden selection module is further operable for applying the walled garden policy further based on the session-extrinsic stimuli.
  - 24. The system defined in claim 23, wherein the walled garden selection module is operable for processing the session-extrinsic stimuli to determine whether at least one user in the certain subset of users has at least one of a configuration requirement, an advisory requirement, an accounting requirement and a management requirement.
  - 25. The system defined in claim 5, wherein the walled garden selection module is further operable for:
    - (I) deriving session-extrinsic stimuli regarding the certain subset of users from the session-intrinsic stimuli; and
      
      (II) applying the walled garden policy further based on the session-extrinsic stimuli.
  - 26. The system defined in claim 5, wherein the behavior analysis module is further operable for deriving session-extrinsic stimuli regarding the certain subset of users from the session-intrinsic stimuli, and wherein the walled garden selection module is further operable for applying the walled garden policy further based on the session-extrinsic stimuli.
  - 27. The system defined in claim 26, wherein the processing subsystem further comprises:
    - an input for gathering second session-extrinsic stimuli regarding the certain subset of users;
      
      wherein the walled garden selection module is further operable for applying the walled garden policy further based on the second session-extrinsic stimuli.
  - 28. The system defined in claim 1, wherein said access request is received by the authorization controller in response to termination of a previously ongoing session involving the communication device.
  - 29. The system defined in claim 28, wherein said termination of the previously ongoing session is effected in response to receipt by the authorization controller of a session management command from the processing subsystem.
  - 30. The system defined in claim 29, wherein issuance of the session management command by the processing subsystem results from application of the walled garden policy.
  - 31. The system defined in claim 1, wherein the identifier corresponding to the walled garden respectively associated with a given user is an IP address.
  - 32. The system defined in claim 1, wherein directing the communication endpoint to said walled garden associated with said particular user comprises initiating a session between the communication endpoint and a network server associated with said walled garden associated with said particular user.
  - 33. The system defined in claim 32, wherein said session is a PPPoE session.
  - 34. The system defined in claim 1, wherein the access request received from the communication device associated with said particular user comprises an account identifier and a set of credentials.
  - 35. The system defined in claim 34, wherein said account identifier is a username and wherein said set of credentials is a password.
  - 36. The system defined in claim 1, wherein the access request comprises a data element indicative of how to reach the communication endpoint.
  - 37. The system defined in claim 1, wherein at least one of the plurality of walled gardens is connected to the data network by a gateway.
  - 38. The system defined in claim 1, wherein at least one of the plurality of walled gardens does not allow a session to be established through it with the data network.
  - 39. The system defined in claim 1, wherein the communication endpoint is a modem.
  - 40. The system defined in claim 1, wherein the communication endpoint is a computing device connected via a modem.

41. A method, comprising:
- receiving from a communication endpoint an access request identifying a particular user;
  
  consulting a database to identify a walled garden respectively associated with said particular user, the walled garden being one of a plurality of candidate walled gardens;
  
  directing the communication endpoint to said walled garden respectively associated with said particular user.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 42. The method defined in claim 41, wherein the database is populated by a walled garden selection module with data reflective of the walled garden policy.
  - 43. The method defined in claim 42, wherein the walled garden policy is based on session-intrinsic stimuli.
  - 44. The method defined in claim 43, wherein the walled garden policy is further based on session-extrinsic stimuli for a certain set of users including the particular user.
  - 45. The method defined in claim 42, wherein the walled garden policy is based on session-extrinsic stimuli for a certain set of users including the particular user.
  - 46. The method defined in claim 44, wherein directing the communication endpoint to said walled garden respectively associated with said particular user comprises initiating a walled garden session between the communication endpoint and a network server associated with said walled garden associated with said particular user.
  - 47. The method defined in claim 41, further comprising:
    - maintaining a session record for the particular user, the session record being indicative of ongoing sessions for the particular user.
  - 48. The method defined in claim 47, further comprising:
    - updating the session record for the particular user to reflect the newly initiated walled garden session.
  - 49. The method defined in claim 41, further comprising, prior to receiving the access request:
    - terminating an ongoing session for the particular user; and
      
      triggering issuance of the access request.
  - 50. The method defined in claim 49, wherein said terminating the ongoing session for the particular user is performed responsive to receipt of a session management command from a walled garden selection module.
  - 51. The method defined in claim 50, wherein the session management command is generated by the walled garden selection module as a result of application of a walled garden policy.
  - 52. The method defined in claim 51, wherein the database is populated by the walled garden selection module with data reflective of the walled garden policy.

53. An authorization controller for use in regulating the establishment of user sessions over a data network, comprising:
- means for receiving from a communication endpoint an access request identifying a particular user;
  
  means for consulting a database to identify a walled garden respectively associated with said particular user, the walled garden being one of a plurality of walled gardens;
  
  means for directing the communication endpoint to said walled garden respectively associated with said particular user.

54. A computer-readable medium comprising computer-readable program code which, when interpreted by an authorization controller, causes the authorization controller to execute a method of regulating the establishment of user sessions over a data network, the computer-readable program code comprising:
- first computer-readable program code for causing the authorization controller to receive from a communication endpoint an access request identifying a particular user;
  
  second computer-readable program code for causing the authorization controller to consult a database to identify a walled garden respectively associated with said particular user, the walled garden being one of a plurality of walled gardens;
  
  third computer-readable program code for causing the authorization controller to direct the communication endpoint to said walled garden respectively associated with said particular user.

55. A method, comprising:
- monitoring ongoing user sessions between communication endpoints and a data network to obtain session-intrinsic stimuli;
  
  receiving session-extrinsic stimuli regarding a certain subset of users;
  
  applying a walled garden policy based on the session-intrinsic stimuli and the session-extrinsic stimuli to associate each user in the certain subset of users with a respective walled garden selected from a common plurality of walled gardens;
  
  storing in association with each user in the certain subset of users a respective identifier corresponding to the respectively associated walled garden.

56. A computer-readable medium comprising computer-readable program code which, when interpreted by a walled garden selection module, causes the walled garden selection module to execute a method, the computer-readable program code comprising:
- first computer-readable program code for causing the walled garden selection module to monitor ongoing user sessions between communication endpoints and a data network to obtain session-intrinsic stimuli;
  
  second computer-readable program code for causing the walled garden selection module to receive session-extrinsic stimuli regarding a certain subset of users;
  
  third computer-readable program code for causing the walled garden selection module to apply a walled garden policy based on the session-intrinsic stimuli and the session-extrinsic stimuli to associate each user in the certain subset of users with a respective walled garden selected from a common plurality of walled gardens;
  
  fourth computer-readable program code for causing the walled garden selection module to store in association with each user in the certain subset of users a respective identifier corresponding to the respectively associated walled garden.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BCE Incorporated
Original Assignee
BCE Incorporated
Inventors
Branco, Manuel Lopes, Goller, Darren David, Van Kessel, James Ashley, Curtis, Jonathan Stephen, Chow, Calvin Chun Kit, Allum, Edwin Thomas, Chan, Frank Siu Hong, Regan, Jeffrey Emmott

Application Number

US11/571,027
Publication Number

US 20080276305A1
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/102 Entity profiles

H04L 63/145 the attack involving the pr...

Systems, Methods and Computer-Readable Media for Regulating Remote Access to a Data Network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

56 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, Methods and Computer-Readable Media for Regulating Remote Access to a Data Network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

56 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links