Control of Website Usage Via Online Storage of Restricted Authentication Credentials

US 20100017889A1
Filed: 07/17/2008
Published: 01/21/2010
Est. Priority Date: 07/17/2008
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for controlling user access to websites, the method comprising:

receiving from a client a request to access an account associated with a user of a website;

identifying a website usage policy associated with the website and the user;

determining whether access to the account is permitted based at least in part on the website usage policy; and

responsive to determining that access to the account is permitted based at least in part on the website usage policy, providing restricted authentication credentials associated with the user and the website to the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client communicates with a website usage server via a network to gain access to an account on a website. The client requests an indication of whether user access to the account on the website is permitted. The website usage server determines whether website usage is permitted based at least in part on a website usage policy associated with the website and the user. The website usage server provides restricted authentication credentials to the website responsive to determining that access to the account is permitted.

75 Citations

View as Search Results

20 Claims

1. A computer-implemented method for controlling user access to websites, the method comprising:
- receiving from a client a request to access an account associated with a user of a website;
  
  identifying a website usage policy associated with the website and the user;
  
  determining whether access to the account is permitted based at least in part on the website usage policy; and
  
  responsive to determining that access to the account is permitted based at least in part on the website usage policy, providing restricted authentication credentials associated with the user and the website to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein determining whether access to the account is permitted comprises:
    - identifying website usage parameters specified by the website usage policy; and
      
      evaluating the website usage parameters to determine whether access to the account is permitted.
  - 3. The computer-implemented method of claim 2, wherein the website usage parameters specify times when user access to the account is permitted.
  - 4. The computer-implemented method of claim 2, wherein the website usage parameters specify an allotted time for which user access to the account is permitted.
  - 5. The computer-implemented method of claim 2, wherein the website usage parameters specify a number of discrete times that user access to the account is permitted.
  - 6. The computer-implemented method of claim 1, further comprising:
    - responsive to determining that access to the account is denied based at least in part on the website usage policy, providing an error message to the client.
  - 7. The computer-implemented method of claim 1, wherein the restricted authentication credentials comprise a password to the account.
  - 8. The computer-implemented method of claim 1 further comprising:
    - responsive to determining that access to the account is permitted, determining logout mechanisms associated with the website, wherein the logout mechanisms comprise information for logging a user out of the account; and
      
      providing the logout mechanisms to the client.

9. A computer program product having a computer-readable storage medium storing computer-executable code for controlling user access to websites from a client, the code comprising:
- a monitoring module configured to;
  
  detect a user request to access an account on a website;
  
  request from a website usage server an indication of whether a website usage policy permits the user to access the account on the website; and
  
  receive from the website usage server restricted authentication credentials for the account responsive to the website usage server determining that the website usage policy permits access to the account;
  
  andan enforcement module configured to enforce the website usage policy associated with the website, the enforcement module comprising a login module configured to provide the received restricted authentication credentials to the website.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9, wherein the enforcement module further comprises a logout module configured to log the user out of the account on the website responsive to the website usage server determining that the website usage policy denies access to the account.
  - 11. The computer program product of claim 10, wherein the logout module is further configured to log the user out of the account on the website by terminating a browser session or loading a logout webpage associated with the website at a time based at least in part on the website usage policy.
  - 12. The computer program product of claim 10, wherein the logout module is further configured to implement logout mechanisms for the website to prevent the user from determining the restricted authentication credentials.
  - 13. The computer product of claim 9, wherein the enforcement module is further configured to perform data cleanup actions associated with the website responsive to the user ceasing to access the account.
  - 14. The computer program product of claim 9, wherein the monitoring module receives an error message from the website usage server responsive to the website usage server determining that access to the account is denied.
  - 15. The computer program product of claim 9, wherein the monitoring module is further configured to:
    - detect that the user is attempting to access a restricted web page associated with the restricted authentication credentials; and
      
      block access to the restricted web page.
  - 16. The computer program product of claim 9, wherein the login module is further configured to automatically provide the restricted authentication credentials to the website in a manner that prevents the user from determining the authentication credentials.

17. A computer-implemented system for controlling user access to websites, the system comprising:
- a computer processor; and
  
  a computer-readable storage medium storing computer program modules configured to execute on the computer processor, the computer program modules comprising;
  
  a policy definition module configured to define a website usage policy associated with a user of a website;
  
  a policy database configured to store the website usage policy;
  
  a credentials database configured to store restricted authentication credentials for an account associated with the user and the website; and
  
  a determination module configured to;
  
  receive from a client a request to access the account associated with the user of the website;
  
  determine whether access to the account is permitted based at least in part on the website usage policy; and
  
  responsive to determining that access to the account is permitted based at least in part on the website usage policy, provide the restricted authentication credentials for the account to the client.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-implemented system of claim 17, wherein the determination module if further configured to:
    - identify website usage parameters specified by the website usage policy; and
      
      evaluate the website usage parameters to determine whether access to the account is permitted.
  - 19. The computer-implemented system of claim 18, wherein evaluating the website usage parameters comprises comparing times when user access to the account is permitted with a current time.
  - 20. The computer-implemented system of claim 17, wherein the determination module is further configured to:
    - determine logout mechanisms associated with the website, wherein the logout mechanisms comprise information for logging a user out of the account responsive to determining that access to the account is permitted; and
      
      provide the logout mechanisms to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Newstadt, Keith, Cooley, Shaun P.

Application Number

US12/175,322
Publication Number

US 20100017889A1
Time in Patent Office

Days
Field of Search
US Class Current

726/28
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Control of Website Usage Via Online Storage of Restricted Authentication Credentials

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Control of Website Usage Via Online Storage of Restricted Authentication Credentials

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links