Dynamic Walled Garden

US 20130111024A1
Filed: 10/26/2011
Published: 05/02/2013
Est. Priority Date: 10/26/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving, at a first network device, an Hypertext Transfer Protocol (HTTP) response from a second network device, wherein the HTTP response comprises one or more web resources;

extracting, by the network device, the web resources from the HTTP response; and

enforcing, by the network device, an access policy based on the extracted web resources.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure discloses a network device and/or method for generating a dynamic walled garden. The disclosed network device a network device receives an Hypertext Transfer Protocol (HTTP) response from a second network device. The HTTP response comprises one or more web resources, which are the only web resources accessible to unauthenticated clients. The network device further extracts the web resources from the HTTP response, and enforces enforcing an access policy based on the extracted web resources.

24 Citations

View as Search Results

21 Claims

1. A method comprising:
- receiving, at a first network device, an Hypertext Transfer Protocol (HTTP) response from a second network device, wherein the HTTP response comprises one or more web resources;
  
  extracting, by the network device, the web resources from the HTTP response; and
  
  enforcing, by the network device, an access policy based on the extracted web resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1,wherein the second network device corresponds to a captive portal;
    - andwherein the one or more web resources are associated with a walled garden configured for the captive portal, where in the walled garden comprises only web resources accessible to unauthenticated clients.
  - 3. The method of claim 2, further comprising:
    - receiving, by the network device, an HTTP request from an unauthenticated client to access a web resource;
      
      determining, by the network device, whether access to the web resource by the unauthenticated client is permitted based on the access policy; and
      
      in response to access to the web resource not being permitted, forwarding, by the network device, the HTTP request to the second network device.
  - 4. The method of claim 2, wherein the access policy comprises a whitelist whose entries correspond to the one or more web resources associated with the wall garden.
  - 5. The method of claim 4,wherein the whitelist is associated with a threshold;
    - andwherein a least recently used entry of the whitelist is substituted by a new entry.
  - 6. The method of claim 1, wherein enforcing the access policy based on the extracted web resources further comprises:
    - storing, by the network device, the extracted web resources in the access policy; and
      
      restricting, by the network device, web resource access from unauthenticated clients to the extracted web resources.
  - 7. The method of claim 1, wherein extracting the web resources from the HTTP response further comprises:
    - scanning, by the network device, source code of the HTTP response to detect a tag comprising a Uniform Resource Locator (URL) link to a web resource;
      
      parsing, by the network device, the URL link to retrieve a domain name associated with the web resource; and
      
      responsive to the domain name not being existed in the access policy, storing, by the network device, the domain name in the access policy to allow future access to the web resource from unauthenticated clients.
  - 8. The method of claim 7, further comprising:
    - removing, by the network device, from the URL link one or more of sub domain names, web file names, and duplicated domain names.
  - 9. The method of claim 8, wherein the tag is associated with one or more of a text, an image, an icon, an object, a control, and a web form.
  - 10. The method of claim 7, further comprising:
    - maintaining, by the network device, a first timestamp corresponding to when a previously received HTTP response had been last modified;
      
      receiving, by the network device, a second timestamp indicating when the HTTP response has been last modified;
      
      comparing, by the network device, the first timestamp with the second timestamp; and
      
      in response to the second timestamp being more recent than the first timestamp, updating the access policy based on the HTTP response.

11. A first network device comprising:
- a processor;
  
  a memory;
  
  a receiving mechanism coupled to the processor, the receiving mechanism to receive an Hypertext Transfer Protocol (HTTP) response from a second network device, wherein the HTTP response comprises one or more web resources;
  
  an extracting mechanism coupled to the process, the extracting mechanism to extract web resources from the HTTP response; and
  
  a policy handling mechanism coupled to the process, the policy handling mechanism to enforce an access policy based on the extracted web resources.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The first network device of claim 11,wherein the second network device corresponds to a captive portal;
    - andwherein the one or more web resources are associated with a walled garden configured for the captive portal, where in the walled garden comprises only web resources accessible to unauthenticated clients.
  - 13. The first network device of claim 12, wherein the policy handling mechanism further to:
    - receive an HTTP request from an unauthenticated client to access a web resource;
      
      determine whether access to the web resource by the unauthenticated client is permitted based on the access policy; and
      
      forward the HTTP request to the second network device in response to access to the web resource not being permitted.
  - 14. The first network device of claim 12, wherein the access policy comprises a whitelist whose entries correspond to the one or more web resources associated with the wall garden.
  - 15. The first network device of claim 14,wherein the whitelist is associated with a threshold;
    - andwherein a least recently used entry of the whitelist is substituted by a new entry.
  - 16. The first network device of claim 11, further comprises:
    - a storing mechanism coupled to the processor, the storing mechanism to store extracted web resources in the access policy; and
      
      wherein the policy handling mechanism further to restrict web resource access from unauthenticated clients to the extracted web resources.
  - 17. The first network device of claim 11, wherein the extracting mechanism further to:
    - scan source code of the HTTP response to detect a tag comprising a Uniform Resource Locator (URL) link to a web resource;
      
      parse the URL link to retrieve a domain name associated with the web resource; and
      
      store the domain name in the access policy to allow future access to the web resource from unauthenticated clients in response to the domain name not being existed in the access policy.
  - 18. The first network device of claim 17, wherein the extracting mechanism further to:
    - remove from the URL link one or more of sub domain names, web file names, and duplicated domain names.
  - 19. The first network device of claim 18, wherein the tag is associated with one or more of a text, an image, an icon, an object, a control, and a web form.
  - 20. The first network device of claim 17,wherein the storing mechanism further to maintain a first timestamp corresponding to when a previously received HTTP response had been last modified;
    - wherein the receiving mechanism further to receive a second timestamp indicating when the HTTP response has been last modified; and
      
      wherein the policy handling mechanism further to;
      
      compare the first timestamp with the second timestamp; and
      
      update the access policy based on the HTTP response in response to the second timestamp being more recent than the first timestamp.

21. A non-transitory computer-readable storage medium storing embedded instructions that are executed by one or more mechanisms implemented within a network device to perform a plurality of operations comprising:
- receiving an Hypertext Transfer Protocol (HTTP) response from a network device, wherein the HTTP response comprises one or more web resources;
  
  extracting the web resources from the HTTP response; and
  
  enforcing an access policy based on the extracted web resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Iyer, Pradeep, Setia, Deepinder Singh

Application Number

US13/282,333
Publication Number

US 20130111024A1
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 67/02   based on web technology, e....

Dynamic Walled Garden

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Dynamic Walled Garden

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others