Network access control system and process

US 5,889,958 A
Filed: 12/20/1996
Issued: 03/30/1999
Est. Priority Date: 12/20/1996
Status: Expired due to Term

First Claim

Patent Images

1. A system for controlling network access, comprising:

(a) a local access server having a local cache for storage of recently used user filters and sites accessible from a system for which access has been recently requested;

(b) a network access server coupled to said local access server and having storage for user filters and a list of permitted sites, wherein said network access server automatically maintains and compiles said list of permitted sites;

(c) access client software resident in said local access server for using said recently used user filters and sites for which access has been requested in said local cache for making an access determination for a site to which a user requests access and for communicating with said network access server to obtain an access determination from said user filters and said list of permitted sites stored at said network access server if an access determination cannot be made from said recently used user filters and sites stored in said local cache.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Internet access system (10) incorporates an access control subsystem (12), implemented with a communications server (14), one or more Remote Authentication Dial In User Service (RADIUS) servers (16), and a remote access server (18) in network 21. Users are connected to the network by dial-up connections (22) through the communications server (14). When user (22) logs in through the communications server (14), RADIUS client software (45) first determines if user (22) is authorized by checking his password utilizing user profiles (46). The user profiles (46) also identify a filter "F(Timmy)". The RADIUS server (16) supplies the filter identification through the RADIUS client (45) for use by client software (44) for controlling access by the user (22) to Internet sites. The client software (44) then checks to see if the filter "F(Timmy)" is stored locally in cache (50). If it is, the client software (44) uses it for controlling access. If not, the client software (44) sends a lookup request to the network access server (18), which stores the centralized permitted site list and the filters to be used as masks for checking access classifications of requested sites, to download the filter "F(Timmy)", which is maintained in the server (14) memory for the rest of the user (22)'"'"'s session. The client (44) also keeps the local cache (50 of recently requested sites and recently used user filters for efficiency. When access to a site is requested, the client first checks the local cache (50) to see if the site is on the list stored there. In practice, the client software (44) and permit-based filtering technology is integrated in the communications operating system software that runs on the server (14) or routers (24), (32) or (34).

403 Citations

23 Claims

1. A system for controlling network access, comprising:
- (a) a local access server having a local cache for storage of recently used user filters and sites accessible from a system for which access has been recently requested;
  
  (b) a network access server coupled to said local access server and having storage for user filters and a list of permitted sites, wherein said network access server automatically maintains and compiles said list of permitted sites;
  
  (c) access client software resident in said local access server for using said recently used user filters and sites for which access has been requested in said local cache for making an access determination for a site to which a user requests access and for communicating with said network access server to obtain an access determination from said user filters and said list of permitted sites stored at said network access server if an access determination cannot be made from said recently used user filters and sites stored in said local cache.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1 in which said access client software is configured to identify said sites for which access is requested from addresses in information packets requesting the accesses.
  - 3. The system of claim 1 additionally comprising:
    - (d) a user authentication and authorization server coupled to said local access server and having storage for user profiles including user passwords and identifications of said user filters for determining site access, said local access server additionally including user authentication and authorization client software resident therein, said user authentication and authorization client software being configured to communicate with said user authentication and authorization server when said user logs into said network access server and to supply user filter identifications to said access client software.
  - 4. The system of claim 1 in which user requests for access are transmitted as Internet Protocol packets having headers with addresses and said access client software is configured to use said addresses to find a requested site in said list of permitted sites for determining whether access to said requested site will be granted.
  - 5. The system of claim 1, wherein said network access server further comprises server software that automatically maintains said list of permitted sites by downloading updated versions of said list over the Internet and compiling said list for use by said access client software.
  - 6. The system of claim 1, wherein said list of permitted sites is updated on a periodic basis.
  - 7. The system of claim 1, wherein said recently used user filters and said sites for which access has been requested in said local cache is automatically updated based on said access determination.

8. A process for controlling network access in a system of interconnected networks, which comprises:
- (a) defining user access filters for determining if a request by a user for access to a desired site in the system should be permitted;
  
  (b) storing in a cache local to an access server recently used user access filters and sites accessible from the system for which access has been requested;
  
  (c) storing user filters and a list of permitted sites at a network access server coupled to the local access server;
  
  (d) automatically maintaining and compiling said list of permitted sites at said network access server;
  
  (e) attempting to use said user filters and said sites for which access has been requested in said local cache for making an access determination for a site to which a user requests access; and
  
  (f) using at least one of said user filters and said list of permitted sites stored at said network access server to obtain an access determination if an access determination cannot be made from said recently used user filters and said sites stored in said local cache.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The process of claim 8 wherein sites for which access is requested are identified from addresses in information packets requesting access.
  - 10. The process of claim 8 wherein a user authentication and authorization server supplies user filter identifications to said local access server.
  - 11. The process of claim 8 wherein user requests for access are transmitted as Internet Protocol packets having headers with addresses and said addresses are used to find a requested site in said list of permitted sites for determining whether access to said requested site will be granted.
  - 12. The process of claim 8, wherein step (d) comprises the step of automatically maintaining said list of permitted sites by downloading updated versions of said list over the Internet and compiling said list for use by client software resident in said local access server.
  - 13. The process of claim 8, wherein step (d) further comprises the step of updating said list of permitted sites on a periodic basis.

14. A storage medium having stored therein a program, which when executed on a network data processing system, will control user access to sites accessible in a network of networks by:
- (a) defining user access filters for determining if a request by a user for access to a desired site in the system should be permitted;
  
  (b) storing in a cache local to an access server recently used user access filters and sites accessible from the system for which access has been requested;
  
  (c) storing user filters and a list of permitted sites at a network access server coupled to the local access server;
  
  (d) automatically maintaining and compiling said list of permitted sites at said network access server;
  
  (e) attempting to use said user filters and said sites for which access has been requested in said local cache for making an access determination for a site to which a user requests access; and
  
  (f) using at least one of said user filters and said list of permitted sites stored at said network access server to obtain an access determination if an access determination cannot be made from said recently used user filters and said sites stored in said local cache.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The storage medium of claim 14 in which the program is configured to identify sites for which access is requested from addresses in information packets requesting the accesses.
  - 16. The storage medium of claim 14 in which the program is configured to utilize a user authentication and authorization server to supply user filter identifications to said access server.
  - 17. The storage medium of claim 14 in which the program is configured to receive user requests for access as Internet Protocol packets having headers with addresses and the program is further configured to utilize said addresses to find a requested site in said list of permitted sites for determining whether access to said requested site will be granted.
  - 18. The storage medium of claim 14, wherein the program is further configured to automatically maintain said list of permitted sites by downloading updated versions of said list over the Internet and to compile said list for use by client software resident in said local access server.

19. A system for controlling a user'"'"'s access to a network, comprising:
- a network access server, coupled to the network, having storage for user filters and a list of permitted sites;
  
  network access server software implemented on said network access server that is configured to automatically maintain said list of permitted sites by downloading updated versions of said list over the Internet and to compile said list;
  
  a local access server, coupled to said network access server, having a local cache for storage of recently used user filters and sites for which access has been previously requested; and
  
  client access server software, resident in said local access server, that is configured to make an access determination for a desired site to which a user requests access by checking in said local cache for said recently used user filters and said sites for which access has been previously requested, and by communicating with said network access server to obtain an access determination from said user filters and said list of permitted sites if an access determination cannot be made from said recently used user filters and said sites stored in said local cache.
- View Dependent Claims (20)
- - 20. The system of claim 19, further comprising:
    - a user authentication and authorization server, coupled to said local access server, having storage for user profiles including user passwords and identifications of said user filters for determining site access; and
      
      user authentication and authorization client software, resident in said local access server, that is configured to communicate with said user authentication and authorization server when said user logs into said network access server, and to supply user filter identifications to said client access server software.

21. In a system of interconnected networks comprising a plurality of potentially accessible sites, a method of controlling a user'"'"'s access to a network, the network comprising a local access server having a local cache and a network access server, comprising the steps of:
- (a) defining user access filters for determining if a request by the user for access to a desired site in the system should be permitted;
  
  (b) storing said user access filters and a list of permitted sites at the network access server, said list of permitted sites being automatically maintained and compiled by said network access server;
  
  (c) storing recently used user access filters and previously requested sites in the local cache;
  
  (d) making an access determination for said desired site based on said recently used user access filters and said previously requested sites stored in the local cache; and
  
  (e) if an access determination cannot be made in step (d), making an access determination for said desired site based on said user filters and said list of permitted sites stored at the network access server.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, wherein the network further comprises a user authentication and authorization server, the method further comprising the step of:
    - (f) supplying the local cache with user filters from the user authentication and authorization server.
  - 23. The method of claim 21, wherein step (b) comprises the steps of:
    - storing said user access filters and a list of permitted sites at the network access server, said list of permitted sites being automatically maintained by periodically downloading updated versions of said list over the Internet; and
      
      compiling said list for use by client software resident in the local access server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ascend Communications, Inc. (Nokia Corporation)
Original Assignee
Livingston Enterprises, Inc. (Nokia Corporation)
Inventors
Willens, Steven M.
Primary Examiner(s)
Barry, Lance Leonard

Application Number

US08/771,637
Time in Patent Office

830 Days
Field of Search

395/187.01, 395/200.59
US Class Current

709/229
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

Network access control system and process

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

403 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Network access control system and process

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

403 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others