Forced sequential access to specified domains in a computer network
First Claim
Patent Images
1. A method for providing forced sequential network access to a user in a computer network capable of establishing multiple concurrent service connections, said method comprising:
- receiving user requested service information from a user in a computer network;
authorizing said user to access said requested service;
retrieving from a memory a user service profile associated with the user;
assessing said user service profile to determine if a “
sequential-only”
network access attribute exists within said user service profile for said requested service;
determining whether the user has a current network connection established with another service within the computer network; and
allowing, in response to a user request, the user to connect to the desired service of the computer network specified in the user service request if the computer network service provider determines that the user has no then existing network connections to other services within the computer network.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is a method and apparatus for providing the owners of domain sites on a computer network or the owners of private remotely accessible intra networks the capability to force authorized users to disconnect from any open connections to other public or private domains or networks before a connection with the owners domain or network can be established. This forced sequential access of a specified domain or network is accomplished by inserting a sequential-only attribute into the service profile for a specified user. Upon the user initiating a log-on sequence through an access point, the user'"'"'s service profile is pulled from a memory bank and an assessment is made as to whether or not the sequential-only attribute exists for the desired specified domain or network to be accessed. If the attribute exists and the user has potentially concurrent connections outstanding, the user is alerted of the mandatory requirement to disconnect from these open connections before proceeding further with desired specified domain or network connection.
198 Citations
15 Claims
-
1. A method for providing forced sequential network access to a user in a computer network capable of establishing multiple concurrent service connections, said method comprising:
-
receiving user requested service information from a user in a computer network;
authorizing said user to access said requested service;
retrieving from a memory a user service profile associated with the user;
assessing said user service profile to determine if a “
sequential-only”
network access attribute exists within said user service profile for said requested service;
determining whether the user has a current network connection established with another service within the computer network; and
allowing, in response to a user request, the user to connect to the desired service of the computer network specified in the user service request if the computer network service provider determines that the user has no then existing network connections to other services within the computer network. - View Dependent Claims (2, 3)
sending a prompt to the user if a determination is made that said “
sequential only”
network access attribute exists in said user service profile for said requested service and the computer network service provider determines that said user has a current network connection established with another service of the computer network, said prompt advising the user to disconnect from all then-existing network connections before proceeding with the requested service connection.
-
-
3. The method of claim 2 further comprising:
-
causing the user to disconnect from all then existing network connections to other services of the computer network; and
causing the user to initiate a service logon application upon the user disconnecting from all then existing network connections to other services of the computer network.
-
-
4. A method for providing forced sequential network access to a user in a computer network capable of establishing multiple concurrent service connections, said method comprising:
-
initiating a service logon application at the user level;
providing the service logon application with a requested service name and authorization information;
sending said requested service information to a computer network service provider;
authorizing said user to access said requested service;
causing the computer network service provider to retrieve from a memory a user service profile associated with the user and uniquely identified by user-provided identification information;
assessing said user service profile at the level of the computer network service provider to determine if a “
sequential-only”
network access attribute exists within said user service profile for said requested service;
determining at the level of the computer network service provider whether the user has a current network connection established with another service of the computer network; and
allowing, in response to a user request, the user to connect to the desired service of the computer network specified in the user service request if the computer network service provider determines that the user has no then-existing network connections to other services of the computer network. - View Dependent Claims (5, 6)
sending a prompt to the user if the computer network service provider determines that said “
sequential only”
network access attribute exists in said user service profile for said requested service and the computer network service provider determines that said user has a current network connection established with another service of the computer network, said prompt advising the user to disconnect from all then-existing network connections before proceeding with the requested service connection.
-
-
6. The method of claim 5 further comprising:
-
causing the user to disconnect from all then-existing network connections to other services of the computer network; and
re-initiating said service logon application at said user level upon the user disconnecting from all then-existing network connections to other specific services of the computer network.
-
-
7. A method for preventing unauthorized access to a specified service within a computer network via a user having both IP forwarding capability and authorization to use the specified service, said method comprising:
-
receiving a user request to access the specified service from a user of the computer network;
authorizing said user to access the specified service;
retrieving from a memory a user service profile associated with the user;
assessing said user service profile to determine if a “
sequential-only”
network access attribute exists within said user service profile for the specified service;
determining whether the user has a current network connection established with another service of the computer network; and
allowing, in response to a user request, the user to connect to the specified service of the computer network specified in the user request if the computer network service provider determines that the user has no then-existing network connections to another service of the computer network. - View Dependent Claims (8, 9)
sending a prompt to the user if a determination is made that said “
sequential only”
network access attribute exists in said user service profile for the specified service and the computer network service provider determines that said user has a current network connection established with another service of the computer network, said prompt advising the user to disconnect from all then-existing network connections before proceeding with the user request to access the specified connection.
-
-
9. The method of claim 8 further comprising:
-
causing the user to disconnect from all then-existing network connections to other services within the computer network; and
causing the user to initiate a service logon application upon the user disconnecting from all then existing network connections to other services of the computer network.
-
-
10. An apparatus for providing forced sequential network access to a user in a computer network capable of establishing a plurality of separate connections between the user and domain networks, the apparatus comprising:
-
a means for receiving a user request to access a specified service from a user of the computer network;
a means for retrieving from a memory a user service profile associated with the user and uniquely identified by user-provided identification information;
a means for assessing said user service profile to determine if a “
sequential-only”
network access attribute exists within said user service profile for the specified service;
a means for determining whether the user has a current network connection established with another service of the computer network; and
a means for allowing the user, in response to a user request, to connect to the specified service of the computer network specified in the user request if the computer network service provider determines that the user has no then-existing network connections to other services of the computer network. - View Dependent Claims (11, 12)
a means for sending a prompt to the user if a determination is made that said “
sequential only”
network access attribute exists in said user service profile for the specified service and the computer network service provider determines that said user has a current network connection established with another service of the computer network, said prompt advising the user to disconnect from all then-existing network connections before proceeding with the requested service connection.
-
-
12. The apparatus of claim 11 further comprising:
-
a means for causing the user to disconnect from all then-existing network connections to other services of the computer network; and
a means for causing the user to initiate a service logon application upon the user disconnecting from all then-existing network connections to other services of the computer network.
-
-
13. An apparatus capable of forcing the users of a communication system to access services within the communication system via sequential-only access, said apparatus comprising:
-
a first receiving interface capable of accepting service requests from users;
an authorizer capable of granting service authorization to the users based upon user supplied authorization information;
a service profile request generator capable of generating service profile requests;
a forwarding interface capable of sending said service profile requests to a memory;
a second receiving interface capable of accepting requested service profiles from the memory;
an assessor capable of assessing said requested service profiles for the presence of a “
sequential-only”
access attribute;
a determiner capable of determining whether a user initiating a service access request has a then-existing connection open with another service of the communication system; and
a prompt generator capable of generating a prompt to be sent to a user initiating a service access request if a determination is made that a requested service is protected with a “
sequential only”
access attribute and said user has a then-existing connection open with another service the communication system.
-
-
14. A communication system capable of forcing the users of the system to gain access to specified domain networks via sequential-only access, said system comprising:
-
a plurality of host computers connected to network access points, said network access points including;
authentication servers having;
a memory device capable of storing a plurality of user service profiles, said user service profiles capable of having a “
sequential only”
network access attribute associated with user authorized services;
a gateway device having;
a first receiving interface capable of accepting service requests from users;
an authorizer capable of granting service authorization to the users based upon user-supplied authorization information;
a service profile request generator capable of generating service profile requests;
a forwarding interface capable of sending said service profile requests to a memory;
a second receiving interface capable of accepting requested service profiles from the memory;
an assessor capable of assessing said requested service profiles for the presence of a “
sequential-only”
access attribute; and
a determine capable of determining whether a user initiating a service access request has a then-existing connection open to another service of the communication system. - View Dependent Claims (15)
a prompt generator capable of generating a prompt to be sent to a user initiating a service access request if a determination is made that a requested service is protected with a “
sequential only”
access attribute and said user has a then-existing connection open with another service of the communication system.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsSitaraman, Aravind, Lou, Shuxian, Zhang, Shujin
-
Primary Examiner(s)VU, VIET DUY
-
Application NumberUS09/169,315Time in Patent Office908 DaysField of Search709/217, 709/219, 709/220, 709/223, 709/225, 709/227, 709/229, 709/230, 709/238, 713/200, 713/201US Class Current709/225CPC Class CodesH04L 12/2856 Access arrangements, e.g. I...H04L 12/2872 Termination of subscriber c...
