Two-tier authentication system where clients first authenticate with independent service providers and then automatically exchange messages with a client controller to gain network access

US 6,205,479 B1
Filed: 04/14/1998
Issued: 03/20/2001
Est. Priority Date: 04/14/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method using a client controller to control a client'"'"'s access to use a communications network, the client accessing the client controller through a service provider independent of the client controller, comprising the steps of:

receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller; and

sending to the client a control message to control the client'"'"'s access to use the communications network, the control message being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus to control a client in a communication network accessed by the client through a service provider independent of a client controller. In one embodiment, a hardware capable Internet Service Provider (ISP) functions as the communications network service provider. A virtual ISP operates the client controller, leases Internet access time from the hardware capable ISP, and resells Internet services to users. A client accesses the network through a two stage authentication process. First, the hardware capable ISP authenticates the client using a user-provided ID and password. After successfully logging on to the hardware capable ISP, the client automatically sends a start session message containing user identity information to the client controller. In response, the client controller sends a control message to the client authorizing use of the network for a predetermined time period. When the client stops accessing the network, the client informs the client controller using an end session message. If the client wants to access the network beyond the predetermined time period, the client informs the client controller using a continue session message. If no end session or continue session message is received, the client controller assumes that the client is no longer accessing the network at the end of the predetermined time. The client controller can initiate communication with the client by sending other control messages, such as display and download commands.

Citations

55 Claims

1. A method using a client controller to control a client'"'"'s access to use a communications network, the client accessing the client controller through a service provider independent of the client controller, comprising the steps of:
- receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller; and
  
  sending to the client a control message to control the client'"'"'s access to use the communications network, the control message being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein said step of sending controls whether the client is authorized or denied access to use the communications network.
  - 3. The method of claim 2, wherein the control message is a session authorization message authorizing the client to use the communications network for a predetermined period of time.
  - 4. The method of claim 3, further comprising the step of:
5. The method of claim 3, further comprising the steps of:
- receiving from the client a session continuation message containing the user identity information; and
  
  sending to the client a continuation authorization message, based on the user identity information, authorizing the client to use the communications network for an additional predetermined period of time.
6. The method of claim 5, wherein the continuation authorization message is an additional session authorization message.
7. The method of claim 5, further comprising the step of determining if the client is authorized to continue to use the communications network based on the user identity information, and wherein said step of sending a continuation authorization message is only performed if the client is authorized to continue using the communications network.
8. The method of claim 2, further comprising the step of:
- determining if the client is authorized to use the communications network based on the user identity information, and wherein the control message is a deny session message if the client is not authorized to use the communications network.
9. The method of claim 1, further comprising the step of sending to the client an additional control message that instructs the client to display a message to a user.
10. The method of claim 1, further comprising the step of sending to the client an additional control message that instructs the client to receive data.
11. The method of claim 1, further comprising the steps of:
- recording information about a client session in a communications network usage log.
12. The method of claim 11, wherein the recorded information includes information associated with the user identity information and information associated with the time that the client session started.
13. The method of claim 11, further comprising the steps of:
- receiving from the client an end session message containing the user identity information; and
  
  recording information about the end of the client session in the usage log.
14. The method of claim 11, further comprising the step of:
- recording information about an end of the client session in the usage log if no session continuation message has been received from the client during the predetermined period of time.
15. The method of claim 11, further comprising the steps of:
- receiving from the service provider a communications network usage report; and
  
  comparing the communications network usage report with the communications network usage log to determine discrepancies.
16. The method of claim 1, further comprising the steps of:
- sending to the client a session termination message instructing the client to end the client session; and
  
  recording information about the end of the client session in a usage log.
17. The method of claim 1, wherein the communications network is a packet network.
18. The method of claim 17, wherein the packet network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.
19. The method of claim 1, wherein said step of determining is also based on information stored in a user database.

20. A method using a client controller to monitor a client'"'"'s access to use a communications network, the client accessing the client controller through a service provider independent of the client controller, comprising the steps of:
- receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communication network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller;
  
  recording in a communications network usage log information associated with the user identity information and information associated with the time that the start session message was received; and
  
  sending to the client, in response to the start session message, a control message to control the client'"'"'s access to use the communications network.
- View Dependent Claims (21)
- - 21. The method of claim 20, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.

22. A client controller to control a client'"'"'s access to use a communications network the client accessing the client controller through a service provider independent of the client controller, the client controller comprising:
- a communications port capable of receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller;
  
  a user database containing information associated with the user identity information; and
  
  a client control processor coupled to said communications port and said user database, said client control processor being configured to send a control message to the client to control the client'"'"'s access to use the communications network, the control message being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The client controller of claim 22, wherein the control message controls whether the client is authorized or denied access to use the communications network.
  - 24. The client controller of claim 23, wherein the control message is a session authorization message authorizing the client to use the communications network for a predetermined period of time.
  - 25. The client controller of claim 22, wherein the control message instructs the client to display a message to a user.
  - 26. The client controller of claim 22, wherein the control message instructs the client to receive data.
  - 27. The client controller of claim 22, said client control processor being further configured to record information about a client session in a communications network usage log.
  - 28. The client controller of claim 22, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.

29. An apparatus to control a client'"'"'s access to use a communications network, the client accessing the client controller through a service provider independent of a client controller, comprising:
- means for receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller;
  
  means for determining if the client is authorized to access the communications network; and
  
  means for sending to the client a session authorization message, the session authorization message to control the client'"'"'s access to use the communications network being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message.
- View Dependent Claims (30, 31, 32)
- - 30. The apparatus of claim 29, wherein the session authorization message controls whether the client is authorized or denied access to use the communications network.
  - 31. The apparatus of claim 29, wherein the session authorization message authorizes the client to use the communications network for a predetermined period of time.
  - 32. The apparatus of claim 29, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.

33. An article of manufacture comprising a computer-readable medium having stored thereon instructions adapted to be executed by a processor, the intstructions which, when executed, define a series of steps to control a client'"'"'s access to use a communications network, the client accessing the client controller through a service provider independent of a client controller, said steps comprising:
- receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller; and
  
  sending to the client a control message to control the client'"'"'s access to use the communications network, the control message being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message.
- View Dependent Claims (34, 35, 36, 37, 38, 39)
- - 34. The article of manufacture of claim 33, wherein said step of sending controls whether the client is authorized or denied access to use the communications network.
  - 35. The article of manufacture of claim 33, wherein the control message is a session authorization message authorizing the client to use the communications network for a predetermined period of time.
  - 36. The article of manufacture of claim 33, further comprising the step of sending to the client an additional control message that instructs the client to display a message to a user.
  - 37. The article of manufacture of claim 33, further comprising the step of sending to the client an additional control message that instructs the client to receive data.
  - 38. The article of manufacture of claim 33, further comprising the steps of:
39. The article of manufacture of claim 33, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.

40. A method of using a communications network having a client controller, comprising the stops of:
- accessing the client controller though a service provider independent of the client controller;
  
  sending to the client controller a start session message containing user identity information, the start session message being sent automatically upon being logged on to the service provide; and
  
  receiving from the client controller a control message to control whether the client is authorized or denied access to use the communications network, the control message being received by the client using the communications network in accordance with a client control protocol and in response to the start session message.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47)
- - 41. The method of claim 40, wherein the control message is a session authorization message authorizing the client to use the communications network for a predetermined period of time.
  - 42. The article of manufacture of claim 40, further comprising the step of sending to the client an additional control message that instructs the client to display a message to a user.
  - 43. The article of manufacture of claim 40, further comprising the step of sending to the client an additional control message that instructs the client to receive data.
  - 44. The method of claim 40, wherein said step of accessing comprises complying with a first authentication procedure performed by the service provider and said step of sending comprises complying with a second authentication procedure performed by the client controller, the second authentication procedure being independent of the first authentication procedure.
  - 45. The method of claim 40, further comprising the step of:
46. The method of claim 40, further comprising the step of:
- sending an end session message to the client controller.
47. The method of claim 40, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.

48. An article of manufacture comprising a computer-readable medium having stored thereon instructions adapted to be executed by a processor, the instructions which, when executed, define a series of steps to use a communications network having a client controller, said steps comprising:
- accessing the client controller through a service provider independent of the client controller;
  
  sending to the client controller a start session message containing user identity information, the start session message being sent automatically upon being logged on to the service provider; and
  
  receiving from the client controller a control message to control whether the client is authorized or denied access to use the communications network, the control message being received by the client using the communications network in accordance with a client control protocol and in response to the start session message.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55)
- - 49. The article of manufacture of claim 48, wherein the control message is a session authorization message authorizing the client to use the communications network for a predetermined period of time.
  - 50. The article of manufacture of claim 48, further comprising the step of sending to the client an additional control message that instructs the client to display a message to a user.
  - 51. The article of manufacture of claim 48, further comprising the step of sending to the client an additional control message that instructs the client to receive data.
  - 52. The article of manufacture of claim 48, wherein said step of accessing comprises complying with a first authentication procedure performed by the service provider and said step of sending comprises complying with a second authentication procedure performed by the client controller, the second authentication procedure being independent of the first authentication procedure.
  - 53. The article of manufacture of claim 48, further comprising the step of:
54. The article of manufacture of claim 48, further comprising the step of:
- sending an end session message to the client controller.
55. The article of manufacture of claim 48, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juno Online Services Incorporated (B. Riley Financial, Inc.)
Original Assignee
Juno Online Services Incorporated (B. Riley Financial, Inc.)
Inventors
Zenel, Bruce A., Dulai, Dharmender S., Marur, Vinod R., Vitale, Benjamin F.
Primary Examiner(s)
Maung, Zarni
Assistant Examiner(s)
CALDWELL, ANDREW T

Application Number

US09/059,468
Time in Patent Office

1,071 Days
Field of Search

709/203, 709/217-219, 709/223-225, 709/229, 707/10, 707/104, 713/200-202, 379/901, 379/903, 379/93.02
US Class Current

709/225
CPC Class Codes

H04L 63/10 for controlling access to d...

H04L 63/108 when the policy decisions a...

Two-tier authentication system where clients first authenticate with independent service providers and then automatically exchange messages with a client controller to gain network access

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

55 Claims

Specification

Solutions

Use Cases

Quick Links

Two-tier authentication system where clients first authenticate with independent service providers and then automatically exchange messages with a client controller to gain network access

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

55 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links