Method and apparatus for controlling access to services within a computer network

US 5,835,727 A
Filed: 12/09/1996
Issued: 11/10/1998
Est. Priority Date: 12/09/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing access control to services in a computer network including one or more server systems and one or more client systems, the method comprising the steps of:

providing a filtering profile for each service, each filtering profile including one or more filtering rules,establishing the identity of a network user that is using a host client system,selecting one of more filtering profiles in accordance with the identity of the network user, andestablishing a packet filter in the computer network, the packet filter using the filtering rules included in the selected profiles to selectively forward packets originating at the host client system and directed at one or more of the services included in the network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for controlling access to services within a computer network is provided. More specifically, the present invention includes a services management system, or SMS. The SMS manages network connections between a series of client systems and a router. An access network control server (ANCS) manages the configuration of the router. For each network user, the SMS maintains a profile of filtering rules. When the user accesses the network, the SMS downloads the user'"'"'s filtering profiles to the ANCS. The ANCS then uses the downloaded filtering profiles to reconfigure the router. The router then uses the filtering rules to selectively forward IP packets originating from the user'"'"'s host system and directed at the network services.

Citations

18 Claims

1. A method for providing access control to services in a computer network including one or more server systems and one or more client systems, the method comprising the steps of:
- providing a filtering profile for each service, each filtering profile including one or more filtering rules,establishing the identity of a network user that is using a host client system,selecting one of more filtering profiles in accordance with the identity of the network user, andestablishing a packet filter in the computer network, the packet filter using the filtering rules included in the selected profiles to selectively forward packets originating at the host client system and directed at one or more of the services included in the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 14)
- - 2. A method as recited in claim 1 wherein the computer network includes a router and wherein the step of establishing a packet filter includes the step of reconfiguring the router to selectively forward packets originating at the host client system in accordance with the filtering rules included in the selected profiles.
  - 3. A method as recited in claim 1 wherein the host client system is connected to the network using a cable modem and wherein the step of establishing a packet filter includes the step of reconfiguring the cable modem to selectively forward packets originating at the host client system in accordance with the filtering rules included in the selected profiles.
  - 4. A method as recited in claim 1 wherein the step of providing one or more filtering profiles further comprises the step of selecting the filtering profiles from a database.
  - 5. A method as recited in claim 1 wherein each service includes one or more applications, each application being located on one or more servers systems and wherein the filtering profile for each service includes one or more filtering rules for selectively forwarding packets directed to servers on which the applications of the service are located.
  - 6. A method as recited in claim 1 wherein each filtering rule includes a protocol type, the protocol type corresponding to the protocol used to send messages to one of the services.
  - 7. A method as recited in claim 1 wherein each filtering rule includes a destination address where the destination address corresponds to the IP address of one of the server systems.
  - 8. A method as recited in claim 5 wherein each filtering rule includes a destination mask.
  - 9. A method as recited in claim 5 wherein each filtering rule includes a range of destination port numbers.
  - 10. A method as recited in claim 5 wherein the step of selecting one of more filtering profiles in accordance with the identity of the network user selects filtering profiles corresponding to services to which the user is a subscriber.
  - 14. A computer program product as recited in claim 8 wherein the third computer readable program code devices includes computer readable program code devices configured to cause a computer system to select the filtering profiles from a database.

11. A computer program product comprising:
- a computer usable medium having computer readable code embodied therein for providing access control to services in a computer network including one or more server systems and one or more client systems, the computer program product comprising;
  
  first computer readable program code devices configured to cause a computer system to maintain a filtering profile for each service, each filtering profile including one or more filtering rules,second computer readable program code devices configured to cause a computer system to establishing the identity of a network user that is using a host client system,third computer readable program code devices configured to cause a computer system to select one of more filtering profiles in accordance with the identity of the network user, andfourth computer readable program code devices configured to cause a computer system to establish a packet filter in the computer network, the packet filter using the filtering rules included in the selected profiles to selectively forward packets originating at the host client system and directed at one or more of the services included in the network.
- View Dependent Claims (12, 13)
- - 12. A computer program product as recited in claim 11 wherein the computer network includes a router and wherein the fourth computer readable program code devices includes computer readable program code devices configured to cause a computer system to reconfigure the router to selectively forward packets originating at the host client system in accordance with the filtering rules included in the selected profiles.
  - 13. A computer program product as recited in claim 11 wherein the host client system is connected to the network using a cable modem and wherein the fourth computer readable program code devices includes computer readable program code devices configured to cause a computer system to reconfigure the cable modem to selectively forward packets originating at the host client system in accordance with the filtering rules included in the selected profiles.

15. An apparatus for providing access control to services in a computer network including one or more server systems and one or more client systems, the apparatus comprising:
- a filtering profile for each service, each filtering profile including one or more filtering rules,a first portion configured to cause a computer system to establish the identity of a network user that is using a host client system,a second portion configured to cause a computer system to select one of more filtering profiles in accordance with the identity of the network user, anda third portion configured to cause a computer system to establish a packet filter in the computer network, the packet filter using the filtering rules included in the selected profiles to selectively forward packets originating at the host client system and directed at one or more of the services included in the network.
- View Dependent Claims (16, 17, 18)
- - 16. An apparatus as recited in claim 15 wherein the computer network includes a router and wherein the third portion includes a fourth portion configured to cause a computer system to reconfigure the router to selectively forward packets originating at the host client system in accordance with the filtering rules included in the selected profiles.
  - 17. An apparatus as recited in claim 15 wherein the host client system is connected to the network using a cable modem and wherein the third portion includes a fourth portion configured to cause a computer system to reconfigure the cable modem to selectively forward packets originating at the host client system in accordance with the filtering rules included in the selected profiles.
  - 18. An apparatus as recited in claim 15 wherein the second portion includes a fifth portion configured to cause a computer system to select the filtering profiles from a database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon.com, Inc.
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Wong, Thomas K., Tsirigotis, Panagiotis, Radia, Sanjay R., Lim, Swee Boon, Goedman, Robert J.
Primary Examiner(s)
Lim, Krisna

Application Number

US08/762,393
Time in Patent Office

701 Days
Field of Search

395/200.54, 395/200.68, 395/200.57, 370/85.13, 370/230, 370/241
US Class Current

709/238
CPC Class Codes

H04L 63/0263 Rule management

H04L 63/102 Entity profiles

Method and apparatus for controlling access to services within a computer network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for controlling access to services within a computer network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links