Method and apparatus for providing network access control using a domain name system

US 6,256,671 B1
Filed: 06/24/1998
Issued: 07/03/2001
Est. Priority Date: 06/24/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method to manage access to external hosts by a gateway within a first network comprising:

receiving from a source within the first network, a request for an address which corresponds to a host having a host name;

checking whether the source is allowed to access the host corresponding to the host name; and

if the source is not allowed to access the host corresponding to the host name, then the gateway concealing such lack of privilege from the source by providing an indication to the source that the address which corresponds to the host name cannot be located.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing network access control by manipulating a domain name system includes receiving, from a source, a request for an address which corresponds to a host name. A check is made as to whether a requestor corresponding to the request is allowed to access a host system corresponding to the host name. If the requestor is not allowed to access the host system corresponding to the host name, then an indication is provided to the source of the request that the address which corresponds to the host name cannot be located.

311 Citations

25 Claims

1. A method to manage access to external hosts by a gateway within a first network comprising:
- receiving from a source within the first network, a request for an address which corresponds to a host having a host name;
  
  checking whether the source is allowed to access the host corresponding to the host name; and
  
  if the source is not allowed to access the host corresponding to the host name, then the gateway concealing such lack of privilege from the source by providing an indication to the source that the address which corresponds to the host name cannot be located.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
3. The method of claim 1, wherein the receiving comprises receiving a request for an internet protocol (IP) address outside the first network which corresponds to the host name.
4. The method of claim 1, wherein the receiving comprises receiving a request for the address which corresponds to a host name embedded in a uniform resource locator (URL).
5. The method of claim 1, wherein the source comprises a user of the source and the checking comprises uniquely identifying the user of the source.
6. The method of claim 1, wherein the checking comprises uniquely identifying the source from a plurality of potential sources.

7. An apparatus within a first network to manage access to external hosts comprising:
- a control logic to receive, from a source within the first network, a request for a host address outside the first network which corresponds to a host having a host name;
  
  an access management logic, coupled to the control logic, to check whether the source is allowed to access the host corresponding to the host name; and
  
  wherein the control logic is to provide an indication to the source that the address which corresponds to the host name cannot be located if the source is not entitled to access the host corresponding to the host name.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The apparatus of claim 7, wherein the control logic is further to provide the address to the source if the source is allowed to access the host corresponding to the host name.
  - 9. The apparatus of claim 7, wherein the apparatus comprises a domain name server (DNS) within the first network.
  - 10. The apparatus of claim 7, wherein the address comprises an internet protocol (IP) address outside the first network.
  - 11. The apparatus of claim 7, wherein the host name is embedded in a uniform resource locator (URL).
  - 12. The apparatus of claim 7, further comprising:
13. The apparatus of claim 12, wherein the access information comprises a plurality of host names which are inaccessible by the source.

14. A machine-readable medium having stored thereon a plurality of instructions for managing access to external hosts by a gateway within a first network, which when executed by a processor, causes the processor to perform operations comprising:
- receiving from a source within the first network a request for a host address outside the first network which corresponds to a host having a host name;
  
  checking whether the source is allowed to access the host corresponding to the host name; and
  
  if the source is not allowed to access the host corresponding to the host name, then concealing such lack of privilege from the source by providing an indication to the source that the address which corresponds to the host name cannot be located.
- View Dependent Claims (15, 16, 17)
- - 15. The machine-readable medium of claim 14, wherein the plurality of instructions further provide the host address to the source, if the source is allowed to access the host.
  - 16. The machine-readable medium of claim 14, wherein the source comprises a user of the source and wherein the checking comprises a plurality of instructions for implementing a function for uniquely identifying the user of the source.
  - 17. The machine-readable medium of claim 14, wherein the checking comprises a plurality of instructions for implementing a function for uniquely identifying the source from a plurality of potential sources.

18. An apparatus within a first network to manage access to external hosts comprising:
- means for receiving from a source within the first network a request for an address outside the first network which corresponds to a host having a host name;
  
  means for checking, coupled to the means for receiving, whether the source is allowed to access the host corresponding to the host name; and
  
  means for providing, coupled to the means for checking, an indication to the source of the request that the address which corresponds to the host name cannot be located if the source is not allowed to access the host corresponding to the host name.
- View Dependent Claims (19, 20, 21)
- - 19. The apparatus of claim 18, further comprising:
20. The apparatus of claim 18, wherein the source comprises a user of the source, and the means for checking comprises means for uniquely identifying the user of the source.
21. The apparatus of claim 18, wherein the means for checking comprises means for uniquely identifying the source from a plurality of potential sources.

22. A method to manage access to external hosts by a gateway within a first network comprising:
- receiving from a source within the first network, a request for a host address which corresponds to a host having a host name;
  
  checking whether the source is allowed to access a host corresponding to the host address; and
  
  if the source is not allowed to access the host corresponding to the host address, then the gateway concealing such lack of privilege from the source by providing an indication to the source that the host address corresponding to the host name cannot be located.
- View Dependent Claims (23)
- - 23. The method of claim 22, further comprising:

24. A machine-readable medium having stored thereon a plurality of instructions for managing access to external hosts by a gateway within a first network, which when executed by a processor, causes the processor to perform operations comprising:
- receiving from a source within the first network, a request for a host address outside the first network which corresponds to a host having a host name;
  
  checking whether the source is allowed to access the host corresponding to the host address; and
  
  if the source is not allowed to access the host corresponding to the host address, then concealing such lack of privilege from the source by providing an indication to the source that the host address corresponding to the host name cannot be located.

25. An apparatus within a first network to manage access to external hosts comprising:
- means for receiving from a source within the first network a request for a host address outside the first network which corresponds to a host having a host name;
  
  means for checking, coupled to the means for receiving, whether the source is allowed to access the host corresponding to the host address; and
  
  means for providing, coupled to the means for checking, an indication to the source of the request that the host address which corresponds to the host name cannot be located if the source is not allowed to access the host corresponding to the host address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Strentzsch, Scott A., Donzis, Lewis T.
Primary Examiner(s)
Harrell, Robert B.
Assistant Examiner(s)
Thompson, Marc D.

Application Number

US09/104,462
Time in Patent Office

1,105 Days
Field of Search

709/225, 709/229, 709/238, 709/249, 709/224, 709/228, 709/227, 707/10, 370/401, 713/201, 713/202
US Class Current

709/227
CPC Class Codes

G06F 21/00   Security arrangements for p...

H04L 61/00   Network arrangements, proto...

H04L 61/45   Network directories; Name-t...

H04L 63/0236   Filtering by address, proto...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

Method and apparatus for providing network access control using a domain name system

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

311 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for providing network access control using a domain name system

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

311 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others