Network access control system and process
First Claim
1. A system for controlling network access, comprising:
- (a) a local access server having a local cache for storage of recently used user filters and sites accessible from a system for which access has been recently requested;
(b) a network access server coupled to said local access server and having storage for user filters and a list of permitted sites, wherein said network access server automatically maintains and compiles said list of permitted sites;
(c) access client software resident in said local access server for using said recently used user filters and sites for which access has been requested in said local cache for making an access determination for a site to which a user requests access and for communicating with said network access server to obtain an access determination from said user filters and said list of permitted sites stored at said network access server if an access determination cannot be made from said recently used user filters and sites stored in said local cache.
6 Assignments
0 Petitions
Accused Products
Abstract
An Internet access system (10) incorporates an access control subsystem (12), implemented with a communications server (14), one or more Remote Authentication Dial In User Service (RADIUS) servers (16), and a remote access server (18) in network 21. Users are connected to the network by dial-up connections (22) through the communications server (14). When user (22) logs in through the communications server (14), RADIUS client software (45) first determines if user (22) is authorized by checking his password utilizing user profiles (46). The user profiles (46) also identify a filter "F(Timmy)". The RADIUS server (16) supplies the filter identification through the RADIUS client (45) for use by client software (44) for controlling access by the user (22) to Internet sites. The client software (44) then checks to see if the filter "F(Timmy)" is stored locally in cache (50). If it is, the client software (44) uses it for controlling access. If not, the client software (44) sends a lookup request to the network access server (18), which stores the centralized permitted site list and the filters to be used as masks for checking access classifications of requested sites, to download the filter "F(Timmy)", which is maintained in the server (14) memory for the rest of the user (22)'"'"'s session. The client (44) also keeps the local cache (50 of recently requested sites and recently used user filters for efficiency. When access to a site is requested, the client first checks the local cache (50) to see if the site is on the list stored there. In practice, the client software (44) and permit-based filtering technology is integrated in the communications operating system software that runs on the server (14) or routers (24), (32) or (34).
403 Citations
23 Claims
-
1. A system for controlling network access, comprising:
-
(a) a local access server having a local cache for storage of recently used user filters and sites accessible from a system for which access has been recently requested; (b) a network access server coupled to said local access server and having storage for user filters and a list of permitted sites, wherein said network access server automatically maintains and compiles said list of permitted sites; (c) access client software resident in said local access server for using said recently used user filters and sites for which access has been requested in said local cache for making an access determination for a site to which a user requests access and for communicating with said network access server to obtain an access determination from said user filters and said list of permitted sites stored at said network access server if an access determination cannot be made from said recently used user filters and sites stored in said local cache. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A process for controlling network access in a system of interconnected networks, which comprises:
-
(a) defining user access filters for determining if a request by a user for access to a desired site in the system should be permitted; (b) storing in a cache local to an access server recently used user access filters and sites accessible from the system for which access has been requested; (c) storing user filters and a list of permitted sites at a network access server coupled to the local access server; (d) automatically maintaining and compiling said list of permitted sites at said network access server; (e) attempting to use said user filters and said sites for which access has been requested in said local cache for making an access determination for a site to which a user requests access; and (f) using at least one of said user filters and said list of permitted sites stored at said network access server to obtain an access determination if an access determination cannot be made from said recently used user filters and said sites stored in said local cache. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A storage medium having stored therein a program, which when executed on a network data processing system, will control user access to sites accessible in a network of networks by:
-
(a) defining user access filters for determining if a request by a user for access to a desired site in the system should be permitted; (b) storing in a cache local to an access server recently used user access filters and sites accessible from the system for which access has been requested; (c) storing user filters and a list of permitted sites at a network access server coupled to the local access server; (d) automatically maintaining and compiling said list of permitted sites at said network access server; (e) attempting to use said user filters and said sites for which access has been requested in said local cache for making an access determination for a site to which a user requests access; and (f) using at least one of said user filters and said list of permitted sites stored at said network access server to obtain an access determination if an access determination cannot be made from said recently used user filters and said sites stored in said local cache. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A system for controlling a user'"'"'s access to a network, comprising:
-
a network access server, coupled to the network, having storage for user filters and a list of permitted sites; network access server software implemented on said network access server that is configured to automatically maintain said list of permitted sites by downloading updated versions of said list over the Internet and to compile said list; a local access server, coupled to said network access server, having a local cache for storage of recently used user filters and sites for which access has been previously requested; and client access server software, resident in said local access server, that is configured to make an access determination for a desired site to which a user requests access by checking in said local cache for said recently used user filters and said sites for which access has been previously requested, and by communicating with said network access server to obtain an access determination from said user filters and said list of permitted sites if an access determination cannot be made from said recently used user filters and said sites stored in said local cache. - View Dependent Claims (20)
-
-
21. In a system of interconnected networks comprising a plurality of potentially accessible sites, a method of controlling a user'"'"'s access to a network, the network comprising a local access server having a local cache and a network access server, comprising the steps of:
-
(a) defining user access filters for determining if a request by the user for access to a desired site in the system should be permitted; (b) storing said user access filters and a list of permitted sites at the network access server, said list of permitted sites being automatically maintained and compiled by said network access server; (c) storing recently used user access filters and previously requested sites in the local cache; (d) making an access determination for said desired site based on said recently used user access filters and said previously requested sites stored in the local cache; and (e) if an access determination cannot be made in step (d), making an access determination for said desired site based on said user filters and said list of permitted sites stored at the network access server. - View Dependent Claims (22, 23)
-
Specification