Two-tier authentication system where clients first authenticate with independent service providers and then automatically exchange messages with a client controller to gain network access
First Claim
1. A method using a client controller to control a client'"'"'s access to use a communications network, the client accessing the client controller through a service provider independent of the client controller, comprising the steps of:
- receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller; and
sending to the client a control message to control the client'"'"'s access to use the communications network, the control message being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus to control a client in a communication network accessed by the client through a service provider independent of a client controller. In one embodiment, a hardware capable Internet Service Provider (ISP) functions as the communications network service provider. A virtual ISP operates the client controller, leases Internet access time from the hardware capable ISP, and resells Internet services to users. A client accesses the network through a two stage authentication process. First, the hardware capable ISP authenticates the client using a user-provided ID and password. After successfully logging on to the hardware capable ISP, the client automatically sends a start session message containing user identity information to the client controller. In response, the client controller sends a control message to the client authorizing use of the network for a predetermined time period. When the client stops accessing the network, the client informs the client controller using an end session message. If the client wants to access the network beyond the predetermined time period, the client informs the client controller using a continue session message. If no end session or continue session message is received, the client controller assumes that the client is no longer accessing the network at the end of the predetermined time. The client controller can initiate communication with the client by sending other control messages, such as display and download commands.
-
Citations
55 Claims
-
1. A method using a client controller to control a client'"'"'s access to use a communications network, the client accessing the client controller through a service provider independent of the client controller, comprising the steps of:
-
receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller; and
sending to the client a control message to control the client'"'"'s access to use the communications network, the control message being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
determining if the client is authorized to use the communications network based on the user identity information, and wherein said step of sending a session authorization message is only performed if the client is authorized to use the communications network.
-
-
5. The method of claim 3, further comprising the steps of:
-
receiving from the client a session continuation message containing the user identity information; and
sending to the client a continuation authorization message, based on the user identity information, authorizing the client to use the communications network for an additional predetermined period of time.
-
-
6. The method of claim 5, wherein the continuation authorization message is an additional session authorization message.
-
7. The method of claim 5, further comprising the step of determining if the client is authorized to continue to use the communications network based on the user identity information, and wherein said step of sending a continuation authorization message is only performed if the client is authorized to continue using the communications network.
-
8. The method of claim 2, further comprising the step of:
-
determining if the client is authorized to use the communications network based on the user identity information, and wherein the control message is a deny session message if the client is not authorized to use the communications network.
-
-
9. The method of claim 1, further comprising the step of sending to the client an additional control message that instructs the client to display a message to a user.
-
10. The method of claim 1, further comprising the step of sending to the client an additional control message that instructs the client to receive data.
-
11. The method of claim 1, further comprising the steps of:
recording information about a client session in a communications network usage log.
-
12. The method of claim 11, wherein the recorded information includes information associated with the user identity information and information associated with the time that the client session started.
-
13. The method of claim 11, further comprising the steps of:
-
receiving from the client an end session message containing the user identity information; and
recording information about the end of the client session in the usage log.
-
-
14. The method of claim 11, further comprising the step of:
recording information about an end of the client session in the usage log if no session continuation message has been received from the client during the predetermined period of time.
-
15. The method of claim 11, further comprising the steps of:
-
receiving from the service provider a communications network usage report; and
comparing the communications network usage report with the communications network usage log to determine discrepancies.
-
-
16. The method of claim 1, further comprising the steps of:
-
sending to the client a session termination message instructing the client to end the client session; and
recording information about the end of the client session in a usage log.
-
-
17. The method of claim 1, wherein the communications network is a packet network.
-
18. The method of claim 17, wherein the packet network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.
-
19. The method of claim 1, wherein said step of determining is also based on information stored in a user database.
-
20. A method using a client controller to monitor a client'"'"'s access to use a communications network, the client accessing the client controller through a service provider independent of the client controller, comprising the steps of:
-
receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communication network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller;
recording in a communications network usage log information associated with the user identity information and information associated with the time that the start session message was received; and
sending to the client, in response to the start session message, a control message to control the client'"'"'s access to use the communications network. - View Dependent Claims (21)
-
-
22. A client controller to control a client'"'"'s access to use a communications network the client accessing the client controller through a service provider independent of the client controller, the client controller comprising:
-
a communications port capable of receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller;
a user database containing information associated with the user identity information; and
a client control processor coupled to said communications port and said user database, said client control processor being configured to send a control message to the client to control the client'"'"'s access to use the communications network, the control message being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
-
29. An apparatus to control a client'"'"'s access to use a communications network, the client accessing the client controller through a service provider independent of a client controller, comprising:
-
means for receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller;
means for determining if the client is authorized to access the communications network; and
means for sending to the client a session authorization message, the session authorization message to control the client'"'"'s access to use the communications network being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message. - View Dependent Claims (30, 31, 32)
-
-
33. An article of manufacture comprising a computer-readable medium having stored thereon instructions adapted to be executed by a processor, the intstructions which, when executed, define a series of steps to control a client'"'"'s access to use a communications network, the client accessing the client controller through a service provider independent of a client controller, said steps comprising:
-
receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller; and
sending to the client a control message to control the client'"'"'s access to use the communications network, the control message being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message. - View Dependent Claims (34, 35, 36, 37, 38, 39)
recording information about a client session in a communications network usage log.
-
-
39. The article of manufacture of claim 33, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.
-
40. A method of using a communications network having a client controller, comprising the stops of:
-
accessing the client controller though a service provider independent of the client controller;
sending to the client controller a start session message containing user identity information, the start session message being sent automatically upon being logged on to the service provide; and
receiving from the client controller a control message to control whether the client is authorized or denied access to use the communications network, the control message being received by the client using the communications network in accordance with a client control protocol and in response to the start session message. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47)
sending a session continuation message to the client controller prior to the end of the predetermined period of time.
-
-
46. The method of claim 40, further comprising the step of:
sending an end session message to the client controller.
-
47. The method of claim 40, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.
-
48. An article of manufacture comprising a computer-readable medium having stored thereon instructions adapted to be executed by a processor, the instructions which, when executed, define a series of steps to use a communications network having a client controller, said steps comprising:
-
accessing the client controller through a service provider independent of the client controller;
sending to the client controller a start session message containing user identity information, the start session message being sent automatically upon being logged on to the service provider; and
receiving from the client controller a control message to control whether the client is authorized or denied access to use the communications network, the control message being received by the client using the communications network in accordance with a client control protocol and in response to the start session message. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55)
sending a session continuation message to the client controller prior to the end of the predetermined period of time.
-
-
54. The article of manufacture of claim 48, further comprising the step of:
sending an end session message to the client controller.
-
55. The article of manufacture of claim 48, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.
Specification